Styffydawg

Google Redirects after much spyware removal

3 posts in this topic

Merged Post

Hey guys, I've been reading up on other user's posts on this forum with similar issues and have as yet to be able to fix the problems myself.

I've scanned (individually), using three programs, AVG, Webroot, and now Malwarebytes. They've picked up multiple things and quarentined/cleaned items. TDSSKiller picked up some nasty stuff and took care of that but I'm still having google redirect me to some random search engine ad site. None of the programs are picking anything up, however, overnight spysweeper picked up a trojan that had downloaded itself to my machine. So I KNOW there is a dropkit somewhere on my computer.

Here are my dds.txt logs and attach.txt logs.

Thank you for your help this is a great forum and software and I truly appreciate the assistance you guys provide!

*****************

DDS

*****************

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by black dawg at 11:41:25 on 2012-04-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6021 [GMT -5:00]

.

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe

C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe

C:\Windows\AsScrPro.exe

C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [steam] "C:\Games\Steam\steam.exe" -silent

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul

mRun: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

StartupFolder: C:\Users\BLACKD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)

uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)

uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)

uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)

uPolicies-explorer: NoFile = 0 (0x0)

uPolicies-explorer: HideClock = 0 (0x0)

uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

uPolicies-explorer: NoDFSTab = 0 (0x0)

uPolicies-explorer: NoWindowsUpdate = 0 (0x0)

uPolicies-explorer: NoEncryptOnMove = 0 (0x0)

uPolicies-explorer: NoResolveTrack = 0 (0x0)

uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)

uPolicies-system: NoDispAppearancePage = 0 (0x0)

uPolicies-system: NoDispSettingsPage = 0 (0x0)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoViewOnDrive = 0 (0x0)

mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)

mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)

mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)

mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)

mPolicies-explorer: NoFile = 0 (0x0)

mPolicies-explorer: HideClock = 0 (0x0)

mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

mPolicies-explorer: NoDFSTab = 0 (0x0)

mPolicies-explorer: NoWindowsUpdate = 0 (0x0)

mPolicies-explorer: NoEncryptOnMove = 0 (0x0)

mPolicies-explorer: NoResolveTrack = 0 (0x0)

mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: NoDispAppearancePage = 0 (0x0)

mPolicies-system: NoDispSettingsPage = 0 (0x0)

dPolicies-explorer: NoViewOnDrive = 0 (0x0)

dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)

dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)

dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)

dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)

dPolicies-explorer: NoFile = 0 (0x0)

dPolicies-explorer: HideClock = 0 (0x0)

dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

dPolicies-explorer: NoDFSTab = 0 (0x0)

dPolicies-explorer: NoWindowsUpdate = 0 (0x0)

dPolicies-explorer: NoEncryptOnMove = 0 (0x0)

dPolicies-explorer: NoResolveTrack = 0 (0x0)

dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)

dPolicies-system: NoDispAppearancePage = 0 (0x0)

dPolicies-system: NoDispSettingsPage = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{C620029B-87B9-4154-AD97-264D9258978C} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62

TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\15340214962707F6274702455627D696E616C602055726C696360275966496 : DhcpNameServer = 208.67.222.222 208.67.220.220

TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\5487563657479667560294E6E602D4F6277616E6028496C6C6027457563747 : DhcpNameServer = 71.9.127.107 68.190.192.35

TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\83637353330393 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\96E6E666C65787 : DhcpNameServer = 10.59.1.1

TCP: Interfaces\{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}\E4544574541425 : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do-Not-Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\black dawg\AppData\Roaming\Mozilla\Firefox\Profiles\syc5oob3.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\Users\black dawg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\system32\npmproxy.dll

FF - plugin: C:\Windows\system32\npOGPPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\Asus\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMService;MBAMService;C:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-3 652360]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-25 2253120]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-1 2655768]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]

R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-2-14 2316624]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-1 408576]

S2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-4-3 660504]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

S4 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-3-1 267480]

S4 CDScheduler;CyberDefender Scheduling Service;C:\Program Files (x86)\CyberDefender\SchedulerService\SchedulerService.exe [2012-1-20 1002616]

S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-3-1 79360]

S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-3-1 79360]

S4 GoToAssist Express Customer;GoToAssist Express Customer;C:\Program Files (x86)\Citrix\GoToAssist Express Customer\363\g2ax_service.exe [2012-3-4 609144]

S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Games\Global Agenda\HiPatchService.exe [2011-4-21 8704]

S4 SmoothPingProxy;SmoothPingProxy;C:\Program Files (x86)\Smoothping Elite\SmoothPingProxy.exe [2011-4-7 2007040]

S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S4 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-26 241488]

S4 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]

S4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-1 911872]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*

txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-04-04 04:15:42 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-03 22:47:55 -------- d-----w- C:\Users\black dawg\AppData\Roaming\Malwarebytes

2012-04-03 22:47:46 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-03 22:47:44 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-03 22:47:44 -------- d-----w- C:\Malwarebytes' Anti-Malware

2012-04-03 22:40:04 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2012-04-03 22:26:08 98160 ----a-w- C:\Windows\System32\WRusr.dll

2012-04-03 22:26:08 146040 ----a-w- C:\Windows\SysWow64\WRusr.dll

2012-04-03 22:26:08 112104 ----a-w- C:\Windows\System32\drivers\WRkrn.sys

2012-04-03 22:26:05 -------- d-----w- C:\Program Files\Webroot

2012-04-03 22:26:04 -------- d-----w- C:\ProgramData\WRData

2012-04-03 21:00:00 -------- d--h--w- C:\$AVG

2012-04-03 20:59:56 -------- d-----w- C:\Users\black dawg\AppData\Roaming\AVG2012

2012-04-03 20:58:34 -------- d-----w- C:\ProgramData\AVG2012

2012-04-03 17:35:04 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B491.tmp

2012-04-03 17:35:04 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B490.tmp

2012-04-03 16:22:10 -------- d-----w- C:\Users\black dawg\AppData\Local\{7B2CDF99-4A89-4FAC-BA08-CF617FDD50F3}

2012-04-03 03:32:51 -------- d-----w- C:\Users\black dawg\AppData\Local\{B8B232E3-2EE2-4355-BFBC-711AB653FA18}

2012-04-02 13:48:31 -------- d-----w- C:\Users\black dawg\AppData\Local\{716AFDB2-C5E0-496E-BA2D-231E9A2669B6}

2012-03-31 17:21:47 -------- d-----w- C:\Users\black dawg\AppData\Local\{90344A53-9E0F-45DE-B77C-27425098F40D}

2012-03-30 21:14:36 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-03-30 21:14:35 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-03-30 21:14:34 835440 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2012-03-30 19:02:11 -------- d-----w- C:\Users\black dawg\AppData\Local\{52B8F9C3-D0B1-46D6-AD81-008972951181}

2012-03-30 04:21:11 -------- d-----w- C:\Users\black dawg\AppData\Local\{EBA1AFE2-C73E-48BA-9072-E22BADD9D768}

2012-03-29 18:31:19 -------- d-----w- C:\Program Files\iTunes

2012-03-29 18:31:19 -------- d-----w- C:\Program Files\iPod

2012-03-29 18:29:39 -------- d-----w- C:\Program Files\Bonjour

2012-03-29 18:29:39 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-03-29 18:03:10 -------- d-----w- C:\Program Files (x86)\iTunes

2012-03-29 18:01:05 -------- d-----w- C:\MATS

2012-03-27 20:17:17 -------- d-----w- C:\Users\black dawg\AppData\Local\{D8B8467F-D3F1-4EDF-9381-707C7442F0D2}

2012-03-27 20:17:17 -------- d-----w- C:\Users\black dawg\AppData\Local\{591C8156-7448-4F5E-981E-A85C07267700}

2012-03-27 11:57:52 -------- d-----w- C:\ProgramData\xml_param

2012-03-27 09:25:06 -------- d-----w- C:\Users\black dawg\AppData\Local\dxhr

2012-03-27 01:37:06 -------- d-----w- C:\Users\black dawg\AppData\Local\{C1B27AD2-A948-4E25-9D4A-0C4C5A85568A}

2012-03-27 01:37:05 -------- d-----w- C:\Users\black dawg\AppData\Local\{9B57B336-ECA0-48AF-962B-1A359EC319B2}

2012-03-26 12:13:26 -------- d-----w- C:\Users\black dawg\AppData\Local\28050

2012-03-26 03:45:17 -------- d-----w- C:\Users\black dawg\AppData\Local\{7DCFDB93-7B8D-4B21-8674-38D5A34980E2}

2012-03-26 03:45:16 -------- d-----w- C:\Users\black dawg\AppData\Local\{2AB7210C-44ED-4D98-A09F-DD7CA003B9C9}

2012-03-25 02:50:17 -------- d-----w- C:\Users\black dawg\AppData\Local\{FAA67F85-BD76-4963-BAC4-11AE2678B19A}

2012-03-23 03:06:32 -------- d-----w- C:\Users\black dawg\AppData\Local\{219DA980-0829-4AC6-B0DF-11BC92901284}

2012-03-23 03:06:31 -------- d-----w- C:\Users\black dawg\AppData\Local\{EF12C2D8-DA86-4171-87FD-7482192E4E37}

2012-03-21 12:27:55 -------- d-----w- C:\Users\black dawg\AppData\Roaming\Wondershare Video Converter Ultimate

2012-03-21 12:15:28 -------- d-----w- C:\Users\black dawg\AppData\Local\Wondershare

2012-03-21 12:15:27 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare

2012-03-21 12:15:24 892928 ----a-w- C:\Windows\SysWow64\iconv.dll

2012-03-21 12:15:24 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax

2012-03-21 12:15:22 -------- d-----w- C:\Video Converter Ultimate

2012-03-20 01:31:31 -------- d-----w- C:\Users\black dawg\AppData\Local\{53FB9F95-4D71-41BC-8816-3DDE513446D9}

2012-03-20 01:31:30 -------- d-----w- C:\Users\black dawg\AppData\Local\{43C77E3D-E7ED-42F3-A83E-50C31DA48BC1}

2012-03-19 11:37:24 -------- d-----w- C:\Users\black dawg\AppData\Local\{F92E8A7A-8DFA-47D4-94C5-3361E2B550B0}

2012-03-19 11:37:23 -------- d-----w- C:\Users\black dawg\AppData\Local\{4C909D27-066E-4EDC-AB00-25C86443BD97}

2012-03-19 04:27:58 -------- d-----w- C:\Users\black dawg\AppData\Local\Ubisoft Game Launcher

2012-03-18 21:59:30 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2012-03-18 21:55:28 -------- d-----w- C:\Program Files (x86)\Warner Bros

2012-03-18 19:35:06 -------- d-----w- C:\Users\black dawg\AppData\Local\{96903A88-6185-4F68-9D29-5BA302C14E89}

2012-03-18 19:35:06 -------- d-----w- C:\Users\black dawg\AppData\Local\{3696BFA5-3FDA-47AC-BC2F-C73DEC440EFB}

2012-03-18 02:23:56 -------- d-----w- C:\Users\black dawg\AppData\Local\{14AA5D3E-5C81-4226-8544-A7C82C3A4530}

2012-03-18 02:23:55 -------- d-----w- C:\Users\black dawg\AppData\Local\{BC5633C3-E00F-4E14-907A-222DFC1CBDBA}

2012-03-17 01:06:06 -------- d-----w- C:\Users\black dawg\AppData\Local\{4B7C7108-B7C9-4AE8-9E54-69C8FCD9E76C}

2012-03-17 01:06:05 -------- d-----w- C:\Users\black dawg\AppData\Local\{032E0F9C-AD95-4EF9-A33A-31CD4D26EA90}

2012-03-15 22:58:09 -------- d-----w- C:\Users\black dawg\AppData\Local\{90BA45E7-07C3-4ACC-8F33-F965EC17996D}

2012-03-15 08:03:23 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-15 08:03:23 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-15 08:03:23 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-15 03:11:30 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-15 03:11:29 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-15 03:11:29 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-15 03:10:40 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-15 03:10:40 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-15 03:10:40 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-15 03:10:40 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-15 03:10:39 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-15 03:10:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-15 03:10:39 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-15 00:39:42 -------- d-----w- C:\Users\black dawg\AppData\Local\{534AE99D-B9BC-4A13-9D0C-E29B90329B38}

2012-03-15 00:39:20 -------- d-----w- C:\Users\black dawg\AppData\Local\{FF2F1E49-8D54-4C63-9A23-EAB4C2E6E415}

2012-03-14 03:22:59 -------- d-----w- C:\ProgramData\Electronic Arts

2012-03-14 03:22:59 -------- d-----w- C:\ProgramData\EA Core

2012-03-13 16:02:28 -------- d-----w- C:\Users\black dawg\AppData\Local\{B8ACAF5A-33A5-49DC-B905-98C0186C624B}

2012-03-13 16:02:18 -------- d-----w- C:\Users\black dawg\AppData\Local\{EA85C853-DF54-4916-9D54-1C5BF2AE9F5F}

2012-03-12 04:04:38 -------- d-----w- C:\Users\black dawg\AppData\Local\My Games

2012-03-12 03:55:54 -------- d-----w- C:\Users\black dawg\AppData\Local\{60BCAE54-4A38-4676-9E80-55FD0B7F0BDB}

2012-03-12 03:55:44 -------- d-----w- C:\Users\black dawg\AppData\Local\{66AE321B-1B6F-4E08-BBE2-560A5BCDB199}

2012-03-11 15:18:32 -------- d-----w- C:\Users\black dawg\AppData\Local\{547C9C6B-54F0-4CEA-A514-A9B379FFFE0F}

2012-03-11 15:18:22 -------- d-----w- C:\Users\black dawg\AppData\Local\{68D13C0D-82EB-486B-9E5C-471F9F8BDD79}

2012-03-11 00:48:59 -------- d-----w- C:\Program Files (x86)\Cisco Systems

2012-03-11 00:41:22 -------- d-----w- C:\ProgramData\Cisco Systems

2012-03-10 23:46:35 -------- d-----w- C:\Users\black dawg\AppData\Local\{20B081FE-48AE-4816-B439-5B970A065FEA}

2012-03-10 23:46:16 -------- d-----w- C:\Users\black dawg\AppData\Local\{F5180429-BC19-413A-9FC1-AE3D666536B7}

2012-03-09 17:27:08 -------- d-----w- C:\Users\black dawg\AppData\Local\{9CFB98F3-0672-4813-ACCE-4795C0AAC52B}

2012-03-09 17:26:58 -------- d-----w- C:\Users\black dawg\AppData\Local\{3CD82E9B-6548-4958-A6EF-26FA1BB62959}

2012-03-09 02:19:21 -------- d-----w- C:\Users\black dawg\AppData\Local\{6931ED56-B2FB-4843-9C0B-967AB0F99B44}

2012-03-09 02:18:59 -------- d-----w- C:\Users\black dawg\AppData\Local\{FAA45533-0952-4FF3-9803-2087D7E9F88B}

2012-03-08 01:58:16 -------- d-----w- C:\Users\black dawg\AppData\Local\{4069388D-F2AB-427D-A4ED-8718C52BFECD}

2012-03-08 01:57:55 -------- d-----w- C:\Users\black dawg\AppData\Local\{8EA1D0AC-8ED2-4EB9-81F7-2B8D93D3FEDB}

2012-03-07 01:57:26 -------- d-----w- C:\Users\black dawg\AppData\Local\{7ED7011B-6960-4631-8795-67A23CF6C4A7}

.

==================== Find3M ====================

.

2012-04-04 16:13:42 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-03-06 04:45:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-04 23:39:20 110456 ----a-w- C:\Users\black dawg\g2ax_customer_downloadhelper_win32_x86.exe

2012-02-22 10:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-02-22 10:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-01-31 09:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

.

============= FINISH: 11:42:16.14 ===============

*************************

Attach

*************************

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/27/2011 12:23:08 AM

System Uptime: 4/4/2012 11:06:04 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | G73Sw

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 677 GiB total, 51.271 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Intel® Centrino® WiMAX 6250

Device ID: {12110A2A-BBCC-418B-B9F4-76099D720767}\BPMP_8086_0186\1&1869C5E3&0&00

Manufacturer: Intel Corporation

Name: Intel® Centrino® WiMAX 6250

PNP Device ID: {12110A2A-BBCC-418B-B9F4-76099D720767}\BPMP_8086_0186\1&1869C5E3&0&00

Service: bpmp

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Officejet Pro L7700

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Officejet Pro L7700

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro L7700

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet Pro L7700

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Realtek PCIe GBE Family Controller

Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_06\26974808684CE00000

Manufacturer: Realtek

Name: Realtek PCIe GBE Family Controller

PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_06\26974808684CE00000

Service: RTL8167

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

7500_7600_7700_Help1

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.2)

Alice Madness Returns

Alien Hallway

Alpha Protocol

Apple Application Support

Apple Software Update

Assassin's Creed Brotherhood

ASUS AI Recovery

ASUS Live Update

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

Asus_G73_Screensaver

AsusVibe2.0

ATK Package

Batman: Arkham Asylum Game of the Year Edition

Best Buy pc app

Borderlands

bpd_scan_Carrier

BPDSoftware

BPDSoftware_Ini

BufferChm

Camtasia Studio 7

Cisco Connect

Coupon Printer for Windows

Curse Client

CyberDefender Framework

CyberLink LabelPrint

CyberLink Power2Go

D3DX10

Dangerous High School Girls in Trouble!

Darkspore Limited Edition

Darkspore™

Darwinia

Defcon v1.6

Deus Ex

Deus Ex: Human Revolution

Deus Ex: Human Revolution - The Missing Link

DirectX 9 Runtime

Earth Defense Force: Insect Armageddon

EVE Online (remove only)

ExpressGate Cloud

Fallout 3 GotY

Fallout Mod Manager 0.13.21

FinalTorrent 2011

Fraps

Global Agenda Launcher

Global Agenda Live

GoToManage Customer 1.6.0.363

Half-Life 2

Impulse®

Intel® Control Center

Intel® Management Engine Components

IrfanView (remove only)

Java Auto Updater

Java™ 6 Update 29

Junk Mail filter update

L7000_Basic

Mafia II

Majesty 2 Collection

Malwarebytes Anti-Malware version 1.60.1.1000

Mass Effect 2

Mesh Runtime

Messenger Companion

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Mozilla Firefox 8.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser (KB973685)

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OpenAL

Orcs Must Die!

Pando Media Booster

Pdf995

Perimeter

Portal 2

PunkBuster Services

QuickTime

RAGE

realMyst

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Reader Driver

Red Faction

Red Faction II

Rock of Ages

RollerCoaster Tycoon 2 Triple Thrill Pack

Roxio AACS Certificate

Roxio Activation Module

Roxio CinePlayer

Saints Row 2

Saints Row: The Third

Sanitarium

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Sid Meier's Civilization V

Sins of a Solar Empire

Sins of a Solar Empire - Entrenchment

Smoothping Elite

Space Pirates and Zombies

SPORE

Star Ruler

Star Trek Online

Star Wars Empire at War

Star Wars Empire at War Forces of Corruption

Star Wars: The Old Republic

Star Wolves

Steam

Stellar Impact

System Requirements Lab

The Ball

The Settlers 7: Paths to a Kingdom - Gold Edition

THX TruStudio

Toolbox

Tropico 3

Tropico 3 - Absolute Power

Ubisoft Game Launcher

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Uplink

Visual Studio 2008 x64 Redistributables

Warhammer 40,000 Dawn of War: Soulstorm

WebReg

Webroot SecureAnywhere

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinFlash

WinRAR 4.01 (32-bit)

Wireless Console 3

Wondershare Video Converter Ultimate(Build 5.7.5.4)

World of Logs Client (4.2)

World of Warcraft Public Test

Xilisoft iPhone Transfer

Xvid Video Codec

You Don't Know Jack

Zombie Shooter 2

.

==== Event Viewer Messages From Past Week ========

.

4/4/2012 7:34:03 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MASA55 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}. The master browser is stopping or an election is being forced.

4/4/2012 3:26:21 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

4/4/2012 11:41:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service.

4/4/2012 11:14:11 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

4/4/2012 11:05:45 AM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/3/2012 7:49:31 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/3/2012 7:34:06 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/3/2012 6:36:17 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/3/2012 5:50:09 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/3/2012 5:46:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

4/3/2012 5:26:08 PM, Error: Service Control Manager [7000] - The WRkrn service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.

4/3/2012 5:23:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/3/2012 5:23:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/3/2012 5:23:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/3/2012 5:23:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/3/2012 5:23:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO Avgldx64 Avgmfx64 discache spldr tmtdi Wanarpv6

4/3/2012 5:23:09 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

4/3/2012 5:23:07 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/3/2012 2:48:21 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/3/2012 12:36:30 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/3/2012 11:31:56 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/3/2012 11:22:05 AM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.

4/3/2012 11:17:08 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/3/2012 10:53:35 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-USERS-IMAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1D3CA3B-9771-49CC-94B9-6D4A6B5D2351}. The master browser is stopping or an election is being forced.

4/3/2012 10:53:08 AM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/2/2012 10:06:06 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.

3/31/2012 1:03:06 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

3/30/2012 12:05:16 PM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259

3/29/2012 6:17:37 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

3/29/2012 12:31:08 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

3/29/2012 12:04:48 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/29/2012 11:55:57 AM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

3/29/2012 10:04:53 AM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.

3/29/2012 1:34:44 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

3/29/2012 1:22:15 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

3/28/2012 1:53:13 PM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.

.

==== End Of File ===========================

I just did a fullscan using Malewarebytes and it picked up this.

I'm just in a holding pattern right now, I want to remove but I'm not sure it will do anything.

Here's the log:

***************

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.04.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

black dawg :: BLACKDAWG-PC [administrator]

Protection: Enabled

4/4/2012 1:15:48 PM

mbam-log-2012-04-04 (14-53-13).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 490091

Time elapsed: 1 hour(s), 33 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\ProgramData\Microsoft\Windows\DRM\B490.tmp (Rootkit.ZeroAccess) -> No action taken.

C:\ProgramData\Microsoft\Windows\DRM\B491.tmp (Rootkit.ZeroAccess) -> No action taken.

(end)

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.