Jump to content


Photo
- - - - -

Google Redirects after much spyware removal


  • This topic is locked This topic is locked
2 replies to this topic

#1 Styffydawg

Styffydawg

    New Member

  • Members
  • Pip
  • 2 posts
  • Gender:Male

Posted 04 April 2012 - 10:53 AM

Merged Post


Hey guys, I've been reading up on other user's posts on this forum with similar issues and have as yet to be able to fix the problems myself.

I've scanned (individually), using three programs, AVG, Webroot, and now Malwarebytes. They've picked up multiple things and quarentined/cleaned items. TDSSKiller picked up some nasty stuff and took care of that but I'm still having google redirect me to some random search engine ad site. None of the programs are picking anything up, however, overnight spysweeper picked up a trojan that had downloaded itself to my machine. So I KNOW there is a dropkit somewhere on my computer.

Here are my dds.txt logs and attach.txt logs.

Thank you for your help this is a great forum and software and I truly appreciate the assistance you guys provide!



*****************
DDS
*****************


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by black dawg at 11:41:25 on 2012-04-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6021 [GMT -5:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe
C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Games\Steam\steam.exe" -silent
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\BLACKD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
uPolicies-explorer: NoFile = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
mPolicies-explorer: NoFile = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDFSTab = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
dPolicies-explorer: NoFile = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C620029B-87B9-4154-AD97-264D9258978C} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\15340214962707F6274702455627D696E616C602055726C696360275966496 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\5487563657479667560294E6E602D4F6277616E6028496C6C6027457563747 : DhcpNameServer = 71.9.127.107 68.190.192.35
TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\83637353330393 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\96E6E666C65787 : DhcpNameServer = 10.59.1.1
TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do-Not-Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\black dawg\AppData\Roaming\Mozilla\Firefox\Profiles\syc5oob3.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\black dawg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\system32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\Asus\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMService;MBAMService;C:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-3 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-25 2253120]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-1 2655768]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-2-14 2316624]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-1 408576]
S2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-4-3 660504]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-3-1 267480]
S4 CDScheduler;CyberDefender Scheduling Service;C:\Program Files (x86)\CyberDefender\SchedulerService\SchedulerService.exe [2012-1-20 1002616]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-3-1 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-3-1 79360]
S4 GoToAssist Express Customer;GoToAssist Express Customer;C:\Program Files (x86)\Citrix\GoToAssist Express Customer\363\g2ax_service.exe [2012-3-4 609144]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Games\Global Agenda\HiPatchService.exe [2011-4-21 8704]
S4 SmoothPingProxy;SmoothPingProxy;C:\Program Files (x86)\Smoothping Elite\SmoothPingProxy.exe [2011-4-7 2007040]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S4 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-26 241488]
S4 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]
S4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-1 911872]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-04-04 04:15:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 22:47:55 -------- d-----w- C:\Users\black dawg\AppData\Roaming\Malwarebytes
2012-04-03 22:47:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-03 22:47:44 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 22:47:44 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-04-03 22:40:04 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-04-03 22:26:08 98160 ----a-w- C:\Windows\System32\WRusr.dll
2012-04-03 22:26:08 146040 ----a-w- C:\Windows\SysWow64\WRusr.dll
2012-04-03 22:26:08 112104 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-04-03 22:26:05 -------- d-----w- C:\Program Files\Webroot
2012-04-03 22:26:04 -------- d-----w- C:\ProgramData\WRData
2012-04-03 21:00:00 -------- d--h--w- C:\$AVG
2012-04-03 20:59:56 -------- d-----w- C:\Users\black dawg\AppData\Roaming\AVG2012
2012-04-03 20:58:34 -------- d-----w- C:\ProgramData\AVG2012
2012-04-03 17:35:04 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B491.tmp
2012-04-03 17:35:04 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B490.tmp
2012-04-03 16:22:10 -------- d-----w- C:\Users\black dawg\AppData\Local\{7B2CDF99-4A89-4FAC-BA08-CF617FDD50F3}
2012-04-03 03:32:51 -------- d-----w- C:\Users\black dawg\AppData\Local\{B8B232E3-2EE2-4355-BFBC-711AB653FA18}
2012-04-02 13:48:31 -------- d-----w- C:\Users\black dawg\AppData\Local\{716AFDB2-C5E0-496E-BA2D-231E9A2669B6}
2012-03-31 17:21:47 -------- d-----w- C:\Users\black dawg\AppData\Local\{90344A53-9E0F-45DE-B77C-27425098F40D}
2012-03-30 21:14:36 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-03-30 21:14:35 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-03-30 21:14:34 835440 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-03-30 19:02:11 -------- d-----w- C:\Users\black dawg\AppData\Local\{52B8F9C3-D0B1-46D6-AD81-008972951181}
2012-03-30 04:21:11 -------- d-----w- C:\Users\black dawg\AppData\Local\{EBA1AFE2-C73E-48BA-9072-E22BADD9D768}
2012-03-29 18:31:19 -------- d-----w- C:\Program Files\iTunes
2012-03-29 18:31:19 -------- d-----w- C:\Program Files\iPod
2012-03-29 18:29:39 -------- d-----w- C:\Program Files\Bonjour
2012-03-29 18:29:39 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-03-29 18:03:10 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-29 18:01:05 -------- d-----w- C:\MATS
2012-03-27 20:17:17 -------- d-----w- C:\Users\black dawg\AppData\Local\{D8B8467F-D3F1-4EDF-9381-707C7442F0D2}
2012-03-27 20:17:17 -------- d-----w- C:\Users\black dawg\AppData\Local\{591C8156-7448-4F5E-981E-A85C07267700}
2012-03-27 11:57:52 -------- d-----w- C:\ProgramData\xml_param
2012-03-27 09:25:06 -------- d-----w- C:\Users\black dawg\AppData\Local\dxhr
2012-03-27 01:37:06 -------- d-----w- C:\Users\black dawg\AppData\Local\{C1B27AD2-A948-4E25-9D4A-0C4C5A85568A}
2012-03-27 01:37:05 -------- d-----w- C:\Users\black dawg\AppData\Local\{9B57B336-ECA0-48AF-962B-1A359EC319B2}
2012-03-26 12:13:26 -------- d-----w- C:\Users\black dawg\AppData\Local\28050
2012-03-26 03:45:17 -------- d-----w- C:\Users\black dawg\AppData\Local\{7DCFDB93-7B8D-4B21-8674-38D5A34980E2}
2012-03-26 03:45:16 -------- d-----w- C:\Users\black dawg\AppData\Local\{2AB7210C-44ED-4D98-A09F-DD7CA003B9C9}
2012-03-25 02:50:17 -------- d-----w- C:\Users\black dawg\AppData\Local\{FAA67F85-BD76-4963-BAC4-11AE2678B19A}
2012-03-23 03:06:32 -------- d-----w- C:\Users\black dawg\AppData\Local\{219DA980-0829-4AC6-B0DF-11BC92901284}
2012-03-23 03:06:31 -------- d-----w- C:\Users\black dawg\AppData\Local\{EF12C2D8-DA86-4171-87FD-7482192E4E37}
2012-03-21 12:27:55 -------- d-----w- C:\Users\black dawg\AppData\Roaming\Wondershare Video Converter Ultimate
2012-03-21 12:15:28 -------- d-----w- C:\Users\black dawg\AppData\Local\Wondershare
2012-03-21 12:15:27 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2012-03-21 12:15:24 892928 ----a-w- C:\Windows\SysWow64\iconv.dll
2012-03-21 12:15:24 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax
2012-03-21 12:15:22 -------- d-----w- C:\Video Converter Ultimate
2012-03-20 01:31:31 -------- d-----w- C:\Users\black dawg\AppData\Local\{53FB9F95-4D71-41BC-8816-3DDE513446D9}
2012-03-20 01:31:30 -------- d-----w- C:\Users\black dawg\AppData\Local\{43C77E3D-E7ED-42F3-A83E-50C31DA48BC1}
2012-03-19 11:37:24 -------- d-----w- C:\Users\black dawg\AppData\Local\{F92E8A7A-8DFA-47D4-94C5-3361E2B550B0}
2012-03-19 11:37:23 -------- d-----w- C:\Users\black dawg\AppData\Local\{4C909D27-066E-4EDC-AB00-25C86443BD97}
2012-03-19 04:27:58 -------- d-----w- C:\Users\black dawg\AppData\Local\Ubisoft Game Launcher
2012-03-18 21:59:30 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-03-18 21:55:28 -------- d-----w- C:\Program Files (x86)\Warner Bros
2012-03-18 19:35:06 -------- d-----w- C:\Users\black dawg\AppData\Local\{96903A88-6185-4F68-9D29-5BA302C14E89}
2012-03-18 19:35:06 -------- d-----w- C:\Users\black dawg\AppData\Local\{3696BFA5-3FDA-47AC-BC2F-C73DEC440EFB}
2012-03-18 02:23:56 -------- d-----w- C:\Users\black dawg\AppData\Local\{14AA5D3E-5C81-4226-8544-A7C82C3A4530}
2012-03-18 02:23:55 -------- d-----w- C:\Users\black dawg\AppData\Local\{BC5633C3-E00F-4E14-907A-222DFC1CBDBA}
2012-03-17 01:06:06 -------- d-----w- C:\Users\black dawg\AppData\Local\{4B7C7108-B7C9-4AE8-9E54-69C8FCD9E76C}
2012-03-17 01:06:05 -------- d-----w- C:\Users\black dawg\AppData\Local\{032E0F9C-AD95-4EF9-A33A-31CD4D26EA90}
2012-03-15 22:58:09 -------- d-----w- C:\Users\black dawg\AppData\Local\{90BA45E7-07C3-4ACC-8F33-F965EC17996D}
2012-03-15 08:03:23 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 08:03:23 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 08:03:23 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-15 03:11:30 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-15 03:11:29 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-15 03:11:29 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-15 03:10:40 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-15 03:10:40 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-15 03:10:40 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-15 03:10:40 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-15 03:10:39 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-15 03:10:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-15 03:10:39 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-15 00:39:42 -------- d-----w- C:\Users\black dawg\AppData\Local\{534AE99D-B9BC-4A13-9D0C-E29B90329B38}
2012-03-15 00:39:20 -------- d-----w- C:\Users\black dawg\AppData\Local\{FF2F1E49-8D54-4C63-9A23-EAB4C2E6E415}
2012-03-14 03:22:59 -------- d-----w- C:\ProgramData\Electronic Arts
2012-03-14 03:22:59 -------- d-----w- C:\ProgramData\EA Core
2012-03-13 16:02:28 -------- d-----w- C:\Users\black dawg\AppData\Local\{B8ACAF5A-33A5-49DC-B905-98C0186C624B}
2012-03-13 16:02:18 -------- d-----w- C:\Users\black dawg\AppData\Local\{EA85C853-DF54-4916-9D54-1C5BF2AE9F5F}
2012-03-12 04:04:38 -------- d-----w- C:\Users\black dawg\AppData\Local\My Games
2012-03-12 03:55:54 -------- d-----w- C:\Users\black dawg\AppData\Local\{60BCAE54-4A38-4676-9E80-55FD0B7F0BDB}
2012-03-12 03:55:44 -------- d-----w- C:\Users\black dawg\AppData\Local\{66AE321B-1B6F-4E08-BBE2-560A5BCDB199}
2012-03-11 15:18:32 -------- d-----w- C:\Users\black dawg\AppData\Local\{547C9C6B-54F0-4CEA-A514-A9B379FFFE0F}
2012-03-11 15:18:22 -------- d-----w- C:\Users\black dawg\AppData\Local\{68D13C0D-82EB-486B-9E5C-471F9F8BDD79}
2012-03-11 00:48:59 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2012-03-11 00:41:22 -------- d-----w- C:\ProgramData\Cisco Systems
2012-03-10 23:46:35 -------- d-----w- C:\Users\black dawg\AppData\Local\{20B081FE-48AE-4816-B439-5B970A065FEA}
2012-03-10 23:46:16 -------- d-----w- C:\Users\black dawg\AppData\Local\{F5180429-BC19-413A-9FC1-AE3D666536B7}
2012-03-09 17:27:08 -------- d-----w- C:\Users\black dawg\AppData\Local\{9CFB98F3-0672-4813-ACCE-4795C0AAC52B}
2012-03-09 17:26:58 -------- d-----w- C:\Users\black dawg\AppData\Local\{3CD82E9B-6548-4958-A6EF-26FA1BB62959}
2012-03-09 02:19:21 -------- d-----w- C:\Users\black dawg\AppData\Local\{6931ED56-B2FB-4843-9C0B-967AB0F99B44}
2012-03-09 02:18:59 -------- d-----w- C:\Users\black dawg\AppData\Local\{FAA45533-0952-4FF3-9803-2087D7E9F88B}
2012-03-08 01:58:16 -------- d-----w- C:\Users\black dawg\AppData\Local\{4069388D-F2AB-427D-A4ED-8718C52BFECD}
2012-03-08 01:57:55 -------- d-----w- C:\Users\black dawg\AppData\Local\{8EA1D0AC-8ED2-4EB9-81F7-2B8D93D3FEDB}
2012-03-07 01:57:26 -------- d-----w- C:\Users\black dawg\AppData\Local\{7ED7011B-6960-4631-8795-67A23CF6C4A7}
.
==================== Find3M ====================
.
2012-04-04 16:13:42 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-03-06 04:45:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-04 23:39:20 110456 ----a-w- C:\Users\black dawg\g2ax_customer_downloadhelper_win32_x86.exe
2012-02-22 10:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-02-22 10:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-01-31 09:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 11:42:16.14 ===============







*************************
Attach
*************************

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/27/2011 12:23:08 AM
System Uptime: 4/4/2012 11:06:04 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | G73Sw
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 677 GiB total, 51.271 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel® Centrino® WiMAX 6250
Device ID: {12110A2A-BBCC-418B-B9F4-76099D720767}\BPMP_8086_0186\1&1869C5E3&0&00
Manufacturer: Intel Corporation
Name: Intel® Centrino® WiMAX 6250
PNP Device ID: {12110A2A-BBCC-418B-B9F4-76099D720767}\BPMP_8086_0186\1&1869C5E3&0&00
Service: bpmp
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet Pro L7700
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet Pro L7700
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro L7700
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro L7700
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_06\26974808684CE00000
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_06\26974808684CE00000
Service: RTL8167
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7500_7600_7700_Help1
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.2)
Alice Madness Returns
Alien Hallway
Alpha Protocol
Apple Application Support
Apple Software Update
Assassin's Creed Brotherhood
ASUS AI Recovery
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
Asus_G73_Screensaver
AsusVibe2.0
ATK Package
Batman: Arkham Asylum Game of the Year Edition
Best Buy pc app
Borderlands
bpd_scan_Carrier
BPDSoftware
BPDSoftware_Ini
BufferChm
Camtasia Studio 7
Cisco Connect
Coupon Printer for Windows
Curse Client
CyberDefender Framework
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Dangerous High School Girls in Trouble!
Darkspore Limited Edition
Darkspore™
Darwinia
Defcon v1.6
Deus Ex
Deus Ex: Human Revolution
Deus Ex: Human Revolution - The Missing Link
DirectX 9 Runtime
Earth Defense Force: Insect Armageddon
EVE Online (remove only)
ExpressGate Cloud
Fallout 3 GotY
Fallout Mod Manager 0.13.21
FinalTorrent 2011
Fraps
Global Agenda Launcher
Global Agenda Live
GoToManage Customer 1.6.0.363
Half-Life 2
Impulse®
Intel® Control Center
Intel® Management Engine Components
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
L7000_Basic
Mafia II
Majesty 2 Collection
Malwarebytes Anti-Malware version 1.60.1.1000
Mass Effect 2
Mesh Runtime
Messenger Companion
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB973685)
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Orcs Must Die!
Pando Media Booster
Pdf995
Perimeter
Portal 2
PunkBuster Services
QuickTime
RAGE
realMyst
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Red Faction
Red Faction II
Rock of Ages
RollerCoaster Tycoon 2 Triple Thrill Pack
Roxio AACS Certificate
Roxio Activation Module
Roxio CinePlayer
Saints Row 2
Saints Row: The Third
Sanitarium
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sid Meier's Civilization V
Sins of a Solar Empire
Sins of a Solar Empire - Entrenchment
Smoothping Elite
Space Pirates and Zombies
SPORE
Star Ruler
Star Trek Online
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Star Wars: The Old Republic
Star Wolves
Steam
Stellar Impact
System Requirements Lab
The Ball
The Settlers 7: Paths to a Kingdom - Gold Edition
THX TruStudio
Toolbox
Tropico 3
Tropico 3 - Absolute Power
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Uplink
Visual Studio 2008 x64 Redistributables
Warhammer 40,000 Dawn of War: Soulstorm
WebReg
Webroot SecureAnywhere
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinFlash
WinRAR 4.01 (32-bit)
Wireless Console 3
Wondershare Video Converter Ultimate(Build 5.7.5.4)
World of Logs Client (4.2)
World of Warcraft Public Test
Xilisoft iPhone Transfer
Xvid Video Codec
You Don't Know Jack
Zombie Shooter 2
.
==== Event Viewer Messages From Past Week ========
.
4/4/2012 7:34:03 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MASA55 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}. The master browser is stopping or an election is being forced.
4/4/2012 3:26:21 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
4/4/2012 11:41:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service.
4/4/2012 11:14:11 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/4/2012 11:05:45 AM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/3/2012 7:49:31 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/3/2012 7:34:06 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/3/2012 6:36:17 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/3/2012 5:50:09 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/3/2012 5:46:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
4/3/2012 5:26:08 PM, Error: Service Control Manager [7000] - The WRkrn service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
4/3/2012 5:23:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/3/2012 5:23:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/3/2012 5:23:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/3/2012 5:23:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/3/2012 5:23:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO Avgldx64 Avgmfx64 discache spldr tmtdi Wanarpv6
4/3/2012 5:23:09 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
4/3/2012 5:23:07 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/3/2012 2:48:21 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/3/2012 12:36:30 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/3/2012 11:31:56 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/3/2012 11:22:05 AM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
4/3/2012 11:17:08 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/3/2012 10:53:35 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-USERS-IMAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}. The master browser is stopping or an election is being forced.
4/3/2012 10:53:08 AM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/2/2012 10:06:06 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
3/31/2012 1:03:06 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/30/2012 12:05:16 PM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259
3/29/2012 6:17:37 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/29/2012 12:31:08 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/29/2012 12:04:48 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/29/2012 11:55:57 AM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/29/2012 10:04:53 AM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.
3/29/2012 1:34:44 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/29/2012 1:22:15 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/28/2012 1:53:13 PM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.
.
==== End Of File ===========================

I just did a fullscan using Malewarebytes and it picked up this.

I'm just in a holding pattern right now, I want to remove but I'm not sure it will do anything.

Here's the log:



***************
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.04.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
black dawg :: BLACKDAWG-PC [administrator]
Protection: Enabled
4/4/2012 1:15:48 PM
mbam-log-2012-04-04 (14-53-13).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 490091
Time elapsed: 1 hour(s), 33 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\Microsoft\Windows\DRM\B490.tmp (Rootkit.ZeroAccess) -> No action taken.
C:\ProgramData\Microsoft\Windows\DRM\B491.tmp (Rootkit.ZeroAccess) -> No action taken.
(end)

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,153 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 April 2012 - 11:32 AM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 13 April 2012 - 08:28 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users