Results 1 to 2 of 2

Thread: Possible AdWare and MalWare, need help removing

  1. 2012-07-22, 04:00 #1
    Devilfire
    Devilfire is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    12

    Default Possible AdWare and MalWare, need help removing

    Hi, I've recently had issues with some malicious software, the software I've noticed is 1ClickDownloader, Babylon Toolbar, SweetIM, and Complitly, below is my DDS log.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Buck at 20:53:40 on 2012-07-21
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3691.1809 [GMT -5:00]
    .
    AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Users\Buck\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Buck\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Buck\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Buck\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Buck\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Buck\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Buck\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=8f1c0bad-ae6f-4c6d-a849-ae5312ad6c35&affid=111583&searchtype=hp&babsrc=lnkry_nt
    uSearch Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=8f1c0bad-ae6f-4c6d-a849-ae5312ad6c35&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
    uSearch Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=8f1c0bad-ae6f-4c6d-a849-ae5312ad6c35&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=8f1c0bad-ae6f-4c6d-a849-ae5312ad6c35&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
    mWinlogon: Userinit=userinit.exe
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    {ae07101b-46d4-4a98-af68-0333ea26e113}
    TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
    uRun: [Google Update] "C:\Users\Buck\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRunOnce: [SpybotDeletingB776] command.com /c del "C:\Program Files (x86)\Complitly\System.Data.SQLite.dll"
    uRunOnce: [SpybotDeletingD9251] cmd.exe /c del "C:\Program Files (x86)\Complitly\System.Data.SQLite.dll"
    uRunOnce: [SpybotDeletingB7135] command.com /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.js"
    uRunOnce: [SpybotDeletingD3927] cmd.exe /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.js"
    uRunOnce: [SpybotDeletingB9694] command.com /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul"
    uRunOnce: [SpybotDeletingD2180] cmd.exe /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul"
    uRunOnce: [SpybotDeletingB4240] command.com /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js"
    uRunOnce: [SpybotDeletingD9549] cmd.exe /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js"
    uRunOnce: [SpybotDeletingB2124] command.com /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js"
    uRunOnce: [SpybotDeletingD574] cmd.exe /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRunOnce: [SpybotDeletingA6158] command.com /c del "C:\Program Files (x86)\Complitly\System.Data.SQLite.dll"
    mRunOnce: [SpybotDeletingC2751] cmd.exe /c del "C:\Program Files (x86)\Complitly\System.Data.SQLite.dll"
    mRunOnce: [SpybotDeletingA635] command.com /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.js"
    mRunOnce: [SpybotDeletingC5387] cmd.exe /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.js"
    mRunOnce: [SpybotDeletingA454] command.com /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul"
    mRunOnce: [SpybotDeletingC67] cmd.exe /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul"
    mRunOnce: [SpybotDeletingA1352] command.com /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js"
    mRunOnce: [SpybotDeletingC8638] cmd.exe /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js"
    mRunOnce: [SpybotDeletingA6789] command.com /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js"
    mRunOnce: [SpybotDeletingC9490] cmd.exe /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js"
    mRunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{A4C7F125-F7AA-4749-8E30-96BEA2B271F9} : DhcpNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    {ae07101b-46d4-4a98-af68-0333ea26e113}
    TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRunOnce-x64: [SpybotDeletingA6158] command.com /c del "C:\Program Files (x86)\Complitly\System.Data.SQLite.dll"
    mRunOnce-x64: [SpybotDeletingC2751] cmd.exe /c del "C:\Program Files (x86)\Complitly\System.Data.SQLite.dll"
    mRunOnce-x64: [SpybotDeletingA635] command.com /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.js"
    mRunOnce-x64: [SpybotDeletingC5387] cmd.exe /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.js"
    mRunOnce-x64: [SpybotDeletingA454] command.com /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul"
    mRunOnce-x64: [SpybotDeletingC67] cmd.exe /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul"
    mRunOnce-x64: [SpybotDeletingA1352] command.com /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js"
    mRunOnce-x64: [SpybotDeletingC8638] cmd.exe /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js"
    mRunOnce-x64: [SpybotDeletingA6789] command.com /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js"
    mRunOnce-x64: [SpybotDeletingC9490] cmd.exe /c del "C:\Program Files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js"
    mRunOnce-x64: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-12 98208]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-12 227896]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-12 1817088]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-8 655944]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-15 935008]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-22 01:19:53 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6526C73A-54BD-4391-8E02-3F489821C57E}\mpengine.dll
    2012-07-22 01:14:30 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-07-22 01:14:30 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-07-21 17:03:57 -------- d-----w- C:\Users\Buck\AppData\Local\Microsoft Game Studios
    2012-07-21 17:03:29 -------- d-----w- C:\ProgramData\Microsoft Games
    2012-07-21 17:02:58 -------- d-----w- C:\Users\Buck\AppData\Roaming\Microsoft Game Studios
    2012-07-21 16:56:20 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-07-21 16:56:04 -------- d-----w- C:\Users\Buck\AppData\Roaming\DAEMON Tools Pro
    2012-07-21 16:54:35 -------- d-----w- C:\Users\Buck\AppData\Roaming\OpenCandy
    2012-07-21 16:54:34 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
    2012-07-21 16:53:30 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
    2012-07-21 04:17:35 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
    2012-07-21 02:21:06 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2012-07-21 02:20:59 -------- d-----w- C:\Program Files (x86)\Steam
    2012-07-20 21:24:24 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-17 09:02:59 -------- d-----w- C:\New folder
    2012-07-16 16:07:41 -------- d-----w- C:\Users\Buck\AppData\Local\AVG Secure Search
    2012-07-16 15:50:05 -------- d-sh--w- C:\found.000
    2012-07-15 05:44:31 -------- d-----w- C:\Users\Buck\AppData\Roaming\AVG
    2012-07-15 02:18:47 -------- d-----w- C:\Users\Buck\AppData\Roaming\AVG2012
    2012-07-15 02:11:33 -------- d-----w- C:\ProgramData\AVG Secure Search
    2012-07-15 02:11:29 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-07-15 02:11:27 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2012-07-15 02:11:11 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2012-07-15 02:09:48 -------- d-----w- C:\Windows\System32\drivers\AVG
    2012-07-15 02:09:48 -------- d-----w- C:\ProgramData\AVG2012
    2012-07-15 02:08:24 -------- d-----w- C:\Program Files (x86)\AVG
    2012-07-15 02:01:33 -------- d--h--w- C:\ProgramData\Common Files
    2012-07-15 02:00:56 -------- d-----w- C:\ProgramData\MFAData
    2012-07-12 08:10:00 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-10 01:12:50 -------- d-----w- C:\Program Files\Moyea
    2012-07-07 20:19:38 -------- d-----w- C:\Program Files (x86)\Conduit
    2012-07-07 20:19:28 -------- d-----w- C:\Users\Buck\AppData\Local\Conduit
    2012-07-07 20:18:59 -------- d-----w- C:\Users\Buck\AppData\Local\FLVService
    2012-07-07 07:08:07 -------- d-----w- C:\ProgramData\Tarma Installer
    2012-07-06 04:22:54 40960 ----a-r- C:\Users\Buck\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2012-07-06 04:22:54 40960 ----a-r- C:\Users\Buck\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2012-07-03 21:54:00 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFB2008B-A3D5-4853-A7C7-46C67DEB0323}\gapaengine.dll
    2012-07-02 00:48:25 -------- d-----w- C:\Program Files (x86)\Doom 3
    2012-06-23 08:01:09 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2012-06-23 07:57:51 -------- d-----w- C:\Program Files (x86)\Oracle
    2012-06-23 07:57:16 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-06-23 07:57:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-06-23 07:55:14 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-06-23 07:55:14 839096 ----a-w- C:\Windows\System32\deployJava1.dll
    .
    ==================== Find3M ====================
    .
    2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    .
    ============= FINISH: 20:55:43.81 ===============
  2. 2012-07-29, 20:28 #2
    shelf life
    shelf life is offline
    Security Expert shelf life's Avatar
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    5,859

    Default

    hi Devilfire,

    Your post is several days old. If you still need help simply reply back.
    How Can I Reduce My Risk?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules