Results 1 to 6 of 6

Thread: Need help against malware that redirects search results

  1. #1
    Junior Member
    Join Date
    Apr 2012
    Posts
    3

    Default Need help against malware that redirects search results

    My computer recently got infected with a malware that redirects search results when using Yahoo search. Here is my dds.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by David at 7:52:36 on 2012-04-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5628 [GMT -7:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
    C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [<NO NAME>]
    uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
    uRun: [PlayNC Launcher]
    uRun: [Update] rundll32.exe "C:\Users\David\AppData\Roaming\Macromedia\Macromedia\sgpeue.dll",DllRegisterServer
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{5A8651EC-45B6-45E3-9135-7E28E805FB0B} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{A94A879F-8C49-4707-A33A-597FE3414E9F} : DhcpNameServer = 192.168.1.254
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do-Not-Track - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [(Default)]
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
    mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-4-2 1160824]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120413.001\IDSviA64.sys [2012-4-13 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-26 13336]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccsvchst.exe [2012-4-3 130008]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-26 1692480]
    R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-4-14 918880]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-3 138360]
    R3 GenericMount;Generic Mount Driver;C:\Windows\system32\DRIVERS\GenericMount.sys --> C:\Windows\system32\DRIVERS\GenericMount.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-2-11 2963960]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-1 136176]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 253088]
    S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-1 136176]
    S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
    S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-3-22 25072]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-13 7168]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-04-15 05:53:56 -------- d-----w- C:\Program Files (x86)\ESET
    2012-04-15 03:11:33 -------- d-----w- C:\Users\David\AppData\Roaming\AVG2012
    2012-04-15 03:10:40 -------- d-----w- C:\ProgramData\AVG Secure Search
    2012-04-15 03:10:36 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-04-15 03:10:36 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2012-04-15 03:10:30 -------- d--h--w- C:\ProgramData\Common Files
    2012-04-15 03:10:27 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2012-04-15 03:10:14 -------- d--h--w- C:\$AVG
    2012-04-15 03:10:14 -------- d-----w- C:\Windows\System32\drivers\AVG
    2012-04-15 03:10:14 -------- d-----w- C:\ProgramData\AVG2012
    2012-04-15 03:09:25 -------- d-----w- C:\Program Files (x86)\AVG
    2012-04-15 03:07:08 -------- d-----w- C:\ProgramData\MFAData
    2012-04-15 02:31:20 -------- d-----w- C:\Program Files (x86)\Ask.com
    2012-04-15 02:31:20 -------- d-----w- C:\Firefox
    2012-04-15 02:21:10 -------- d-----w- C:\ProgramData\Ask
    2012-04-14 16:10:04 -------- d-----w- C:\Users\David\AppData\Local\{12C0CBEA-D6E3-4595-A95A-767E571018C5}
    2012-04-14 16:07:36 -------- d-----w- C:\Users\David\AppData\Local\Windows Live
    2012-04-14 16:07:19 -------- d-----w- C:\Users\David\AppData\Local\{A4F31A6A-26E2-4E87-809E-BA6CCE676A8A}
    2012-04-11 10:00:31 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-11 10:00:30 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-04-11 10:00:30 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-11 10:00:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-11 10:00:29 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-04-11 10:00:29 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-04-11 10:00:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-05 20:03:21 -------- d-----w- C:\Program Files\Dell Support Center
    2012-04-05 09:51:25 -------- d-----w- C:\Program Files (x86)\World of Warcraft Beta
    2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2012-04-03 22:33:35 912504 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\symefa64.sys
    2012-04-03 22:33:35 744568 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
    2012-04-03 22:33:35 450680 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\symds64.sys
    2012-04-03 22:33:35 40568 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
    2012-04-03 22:33:35 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symnets.sys
    2012-04-03 22:33:35 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\ironx64.sys
    2012-04-03 22:33:26 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502010.003
    2012-04-03 06:11:20 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-03 06:01:57 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-01 09:20:23 -------- d-----w- C:\Users\David\AppData\Local\Google
    2012-04-01 09:20:10 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2012-04-01 09:17:28 -------- d-----w- C:\Program Files\iPod
    2012-04-01 09:17:27 -------- d-----w- C:\Program Files\iTunes
    2012-04-01 09:17:27 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-04-01 09:15:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-04-01 09:15:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-04-01 09:15:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-04-01 09:15:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-04-01 09:15:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-04-01 09:15:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-04-01 09:15:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-04-01 09:13:40 -------- d-----w- C:\Users\David\AppData\Local\Apple Computer
    2012-04-01 09:13:15 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2012-04-01 09:12:36 -------- d-----w- C:\Users\David\AppData\Local\Apple
    2012-04-01 09:12:15 -------- d-----w- C:\Program Files\Bonjour
    2012-04-01 09:12:15 -------- d-----w- C:\Program Files (x86)\Bonjour
    2012-04-01 08:27:08 -------- d-----w- C:\ProgramData\AMD
    2012-04-01 08:27:06 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2012-04-01 08:27:05 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-03-30 00:05:41 -------- d-----w- C:\Users\David\AppData\Roaming\Trine2
    2012-03-23 07:01:08 -------- d-----w- C:\Users\David\AppData\Local\Sonic_Solutions
    2012-03-17 03:53:42 -------- d-----w- C:\Users\David\AppData\Local\SWTOR
    2012-03-16 20:46:10 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
    .
    ==================== Find3M ====================
    .
    2012-04-15 02:20:44 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-04-13 21:12:06 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-09 08:26:42 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-03-09 08:26:32 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-03-09 08:26:24 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-03-09 08:26:20 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-03-09 08:26:10 16507392 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-03-09 08:25:16 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-03-09 08:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-03-09 08:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-03-09 06:28:08 10857984 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-03-09 05:16:44 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-03-09 05:16:28 791552 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-03-09 05:14:42 958464 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-03-09 05:11:24 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-03-09 05:11:16 496128 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-03-09 05:10:20 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-03-09 05:08:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-03-09 05:08:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-03-09 05:07:56 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-03-09 05:07:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-03-09 05:04:18 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-03-09 05:03:40 26166784 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-03-09 04:45:00 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-03-09 04:39:20 19739136 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-03-09 04:36:40 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2012-03-09 04:36:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2012-03-09 04:35:54 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-03-09 04:23:44 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-03-09 04:23:16 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-03-09 04:18:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-03-09 04:18:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-03-09 04:18:14 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-03-09 04:18:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-03-09 04:17:54 16069632 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-03-09 04:12:38 13715968 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-03-09 04:11:52 7552000 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-03-09 03:58:54 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-03-09 03:58:44 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-03-09 03:58:30 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-03-09 03:58:26 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-03-09 03:58:26 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-03-09 03:58:20 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-03-09 03:58:10 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-03-09 03:58:02 328704 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-03-09 03:57:04 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-03-09 03:56:56 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-03-09 03:56:48 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-03-09 03:56:38 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-03-09 03:55:58 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-03-09 03:47:22 58880 ----a-w- C:\Windows\System32\coinst.dll
    2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-22 12:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2012-02-22 12:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-31 14:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
    2012-01-31 14:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
    2012-01-31 11:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    .
    ============= FINISH: 7:52:49.57 ===============

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please post attach.txt file contents too.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Apr 2012
    Posts
    3

    Default

    Thank you for the reply. The problem with this issue was fixed. My brother was mistaken google chrome as a virus - another family member installed it, as well as the google toolbar.

    However, I do think I have a problem with this computer. Today, I turned on the computer and PC Optimizer Pro, as well as a bunch of different games booted up. I don't believe any of my brothers installed it, and I checking online, I noticed that PC Optimizer pro is malware. Anyway, I will post the necessary txt files you need to help me clean this computer. Thank you in advance.

  4. #4
    Junior Member
    Join Date
    Apr 2012
    Posts
    3

    Default

    Here is the DDS.txt file, along with the attach.txt attached as a zip file.


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by User1 at 9:40:49 on 2012-04-30
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4241 [GMT -7:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
    C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files (x86)\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Free Ride Games\GPlayer.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
    C:\Program Files\PC Optimizer Pro\PCOptProTrays.exe
    C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,204,0_0,StartPage,20120418,17117,0,18,0
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    mWinlogon: Userinit=userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RivalGaming Games: {26d675ac-d925-4bbf-a720-62c2aa4a81eb} - C:\Users\User1\AppData\Local\RivalGaming\RivalGaming.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.0.9\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.0.9\IPS\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: TheSea.TheSeaPlugin: {c585d593-e7f3-4852-a200-561686ee02e4} - mscoree.dll
    TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.0.9\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    EB: TheSeaApp: {c585d593-e7f4-4852-a200-561686ee02e4} - mscoree.dll
    uRun: [<NO NAME>]
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe"
    StartupFolder: C:\Users\User1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{4B7C2F0C-E22F-4CCE-B59F-F3B3668054FC} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{CD325868-C52D-4721-AFC9-CA5F2C1FFBE8} : DhcpNameServer = 192.168.1.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RivalGaming Games: {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\User1\AppData\Local\RivalGaming\RivalGaming.dll
    BHO-X64: RivalGaming Games - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    BHO-X64: AOL Toolbar Loader - No File
    BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.0.9\coIEPlg.dll
    BHO-X64: Norton Identity Protection - No File
    BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.0.9\IPS\IPSBHO.DLL
    BHO-X64: Norton Vulnerability Protection - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    BHO-X64: Searchqu Toolbar - No File
    BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: TheSea.TheSeaPlugin: {C585D593-E7F3-4852-A200-561686EE02E4} - mscoree.dll
    TB-X64: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.0.9\coIEPlg.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    EB-X64: {c585d593-e7f4-4852-a200-561686ee02e4} - No File
    mRun-x64: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602000.009\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602000.009\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-19 1160824]
    R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602000.009\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602000.009\ccSetx64.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120427.001\IDSviA64.sys [2012-4-27 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602000.009\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602000.009\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602000.009\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602000.009\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.0.9\ccsvchst.exe [2012-4-23 138232]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-26 2214504]
    R2 X5XSEx;X5XSEx;C:\Program Files (x86)\Free Ride Games\X5XSEx.sys [2012-4-30 55400]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-26 138360]
    R3 GenericMount;Generic Mount Driver;C:\Windows\system32\DRIVERS\GenericMount.sys --> C:\Windows\system32\DRIVERS\GenericMount.sys [?]
    R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-2-11 2963960]
    R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-26 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 253088]
    S3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-3-26 79360]
    S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-26 136176]
    S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-13 7168]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-04-30 11:01:46 -------- d-----w- C:\ProgramData\PC Optimizer Pro
    2012-04-30 10:52:26 -------- d-----w- C:\Remote Programs
    2012-04-30 10:52:25 -------- d-----w- C:\ProgramData\Free Ride Games
    2012-04-30 10:52:25 -------- d-----w- C:\Program Files (x86)\MplayerforWindows
    2012-04-30 10:52:22 53314 ------w- C:\Windows\ExentInfo.exe
    2012-04-30 10:52:22 -------- d-----w- C:\Program Files (x86)\Free Ride Games
    2012-04-30 10:52:20 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-04-30 10:52:20 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-04-30 10:52:20 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-04-30 10:52:20 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-04-30 10:52:17 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2012-04-30 10:52:02 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
    2012-04-30 10:51:50 -------- d-----w- C:\Program Files (x86)\The Sea App (Internet Explorer)
    2012-04-30 10:51:45 -------- d-----w- C:\Program Files\PC Optimizer Pro
    2012-04-30 10:51:39 -------- d-----w- C:\Users\User1\AppData\Local\RivalGaming
    2012-04-30 10:51:34 -------- d-----w- C:\Program Files (x86)\Yahoo!
    2012-04-28 22:39:42 -------- d-----w- C:\Users\User1\AppData\Roaming\LucasArts
    2012-04-28 22:39:26 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
    2012-04-28 22:39:26 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
    2012-04-28 22:39:25 5501792 ----a-w- C:\Windows\SysWow64\d3dcsx_42.dll
    2012-04-28 22:39:25 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
    2012-04-28 22:39:25 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
    2012-04-28 22:39:25 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
    2012-04-28 22:39:25 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2012-04-28 22:39:24 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
    2012-04-28 21:59:48 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2012-04-28 21:59:46 -------- d-----w- C:\Program Files (x86)\Steam
    2012-04-28 03:37:06 -------- d-----w- C:\ProgramData\vsosdk
    2012-04-27 04:41:28 468480 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-04-25 07:50:49 -------- d-----w- C:\Users\User1\AppData\Local\{F608E3D2-AEF4-45EC-A10B-5B22683FED0E}
    2012-04-25 07:50:37 -------- d-----w- C:\Users\User1\AppData\Local\{9F4099D9-BC74-4E05-97AA-9916470044C6}
    2012-04-25 07:50:26 -------- d-----w- C:\Users\User1\AppData\Roaming\Windows Live Writer
    2012-04-25 07:50:26 -------- d-----w- C:\Users\User1\AppData\Local\Windows Live Writer
    2012-04-25 07:44:02 -------- d-----w- C:\Users\User1\AppData\Local\Windows Live
    2012-04-25 07:44:00 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2012-04-24 02:37:46 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0602000.009\symds64.sys
    2012-04-24 02:37:46 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0602000.009\symnets.sys
    2012-04-24 02:37:46 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0602000.009\symefa64.sys
    2012-04-24 02:37:45 737912 ----a-w- C:\Windows\System32\drivers\N360x64\0602000.009\srtsp64.sys
    2012-04-24 02:37:45 37496 ----a-w- C:\Windows\System32\drivers\N360x64\0602000.009\srtspx64.sys
    2012-04-24 02:37:45 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0602000.009\ironx64.sys
    2012-04-24 02:37:45 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0602000.009\ccsetx64.sys
    2012-04-24 02:37:10 -------- d-----w- C:\Windows\System32\drivers\N360x64\0602000.009
    2012-04-14 20:25:37 -------- d--h--w- C:\Windows\AxInstSV
    2012-04-14 12:38:09 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-13 23:39:16 1918976 ----a-w- C:\Windows\System32\drivers\athurx.sys
    2012-04-13 23:39:16 1918976 ----a-w- C:\Windows\System32\athurx.sys
    2012-04-13 23:39:16 -------- d-----w- C:\Windows\Options
    2012-04-13 23:37:25 -------- d-----w- C:\ProgramData\TP-LINK
    2012-04-11 10:05:41 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-11 10:05:41 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-11 10:05:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-11 10:00:52 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-04-11 10:00:52 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-11 10:00:52 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-11 10:00:49 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-11 10:00:49 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-04-11 10:00:49 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-04-11 10:00:49 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-06 16:00:25 -------- d-----w- C:\ProgramData\boost_interprocess
    2012-04-06 00:02:01 -------- d-----w- C:\Users\User1\AppData\Local\Ilivid Player
    2012-04-06 00:01:49 -------- d-----w- C:\Program Files (x86)\iLivid
    2012-04-06 00:00:38 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar
    2012-04-05 20:36:17 0 ----a-w- C:\Windows\ativpsrm.bin
    2012-04-05 11:35:16 -------- d-----w- C:\Program Files\iPod
    2012-04-05 11:35:15 -------- d-----w- C:\Program Files\iTunes
    2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2012-04-03 19:32:41 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-01 05:32:35 -------- d-----w- C:\Users\User1\AppData\Local\Real
    2012-04-01 05:32:16 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2012-04-01 05:32:01 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-04-01 05:32:01 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    .
    ==================== Find3M ====================
    .
    2012-04-14 20:30:32 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-01 05:01:38 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-03-26 22:11:06 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-03-26 22:11:06 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-03-26 22:11:06 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-03-26 22:11:06 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-07 18:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 9:41:29.94 ===============

  5. #5
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    It seems this log is from different system than the log you posted above. We don't handle issues of multiple machines in the same topic. You have to create a separate one.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •