steve18
2012-11-07, 00:19
Recently my computer has been running very slowly due to 100% cpu usage the majority of the time. Also I have noticed coupled with this a process named ielowutil.exe, which is replicated several times, keeps popping up.
Below are my DDS and aswMBR logs
Thanks in advance for your help.
DDS (Ver_2012-11-05.02) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_31
Run by STEVE at 21:19:11 on 2012-11-06
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3003.811 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\STEVE\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startsear.ch/?aff=1
mStart Page = hxxp://startsear.ch/?aff=1
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: IE5BarLauncherBHO Class: {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO: EndNote Web: {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Virgin Media Security Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} -
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: EndNote Web: {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\STEVE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\Users\STEVE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\STEVE\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\STEVE\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{6CF43E3D-1F03-446F-A01C-BC6C92C2BF9B} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{B7A4F2C4-3B41-49E5-A6FF-DE26F20C73A0} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{B7A4F2C4-3B41-49E5-A6FF-DE26F20C73A0}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\STEVE\AppData\Roaming\Mozilla\Firefox\Profiles\qmbso5rn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\STEVE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\STEVE\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - ExtSQL: !HIDDEN! 2011-01-22 17:36; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-5-13 69376]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2010-12-31 63760]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-4 591192]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-4 304472]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-4-17 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-4-17 61712]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-4 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-4 66904]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-5-13 17152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-17 347680]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-8-17 1093152]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2012-11-06 19:32:27 -------- d-----w- C:\Users\STEVE\AppData\Local\{9DD3E688-8237-4ACF-8956-1CD0A5C57D02}
2012-11-06 07:32:02 -------- d-----w- C:\Users\STEVE\AppData\Local\{8B47AA18-64F1-4740-AE9F-23984EB5520D}
2012-11-05 07:31:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{5001A22F-BFDD-400A-83A8-19EDE8861C35}
2012-11-04 19:30:45 -------- d-----w- C:\Users\STEVE\AppData\Local\{EAC05CFA-F87E-45C0-BC4F-0567018BBA2A}
2012-11-04 07:30:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{7361CCD6-07A5-4692-BCC4-8ECFA9FD0F33}
2012-11-03 19:29:44 -------- d-----w- C:\Users\STEVE\AppData\Local\{27EB3C8E-6DD7-446A-ACCF-E699FA320355}
2012-11-03 07:29:21 -------- d-----w- C:\Users\STEVE\AppData\Local\{D345D098-86CC-4FF4-B208-30F6708AACED}
2012-11-02 19:28:56 -------- d-----w- C:\Users\STEVE\AppData\Local\{17B8C783-A458-44CC-9C84-9B661BFA9581}
2012-11-02 07:28:32 -------- d-----w- C:\Users\STEVE\AppData\Local\{63909B04-0612-4EB4-BED7-32A6572D337D}
2012-11-01 19:26:34 -------- d-----w- C:\Users\STEVE\AppData\Local\{F2231FCB-1A68-4FD0-8A8F-63C9996CADC4}
2012-11-01 07:20:56 -------- d-----w- C:\Users\STEVE\AppData\Local\{5296EEB6-2869-48D5-90C9-0F4F2366031E}
2012-10-31 15:55:22 -------- d-----w- C:\ProgramData\Advanced Chemistry Development
2012-10-31 15:54:25 -------- d-----w- C:\ACDFREE12
2012-10-31 15:53:40 -------- d-----w- C:\Users\STEVE\AppData\Roaming\Advanced Chemistry Development
2012-10-31 07:20:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{1AAAF1E9-AD58-412D-8F5E-6E33F656C596}
2012-10-30 19:19:45 -------- d-----w- C:\Users\STEVE\AppData\Local\{19425FD7-5659-4DCB-9A8F-C0AD60B555A1}
2012-10-30 07:19:22 -------- d-----w- C:\Users\STEVE\AppData\Local\{BCD1B558-D4C6-4ABE-9EDD-D0848A48817B}
2012-10-29 19:18:58 -------- d-----w- C:\Users\STEVE\AppData\Local\{86AF8BAE-ECA2-4E49-BE39-40BCD3A7A60B}
2012-10-29 07:18:35 -------- d-----w- C:\Users\STEVE\AppData\Local\{CB663E70-82CF-4E95-B1B8-4E8D1369D3DF}
2012-10-28 19:18:12 -------- d-----w- C:\Users\STEVE\AppData\Local\{4BB5A9D1-BC93-400A-8FBA-E8C43F1BF19E}
2012-10-28 07:17:31 -------- d-----w- C:\Users\STEVE\AppData\Local\{9507F3FD-4041-4048-88F7-D091271D0A3B}
2012-10-27 19:17:07 -------- d-----w- C:\Users\STEVE\AppData\Local\{BB9ED222-7B94-4DA3-A2CA-42EB69D1A08D}
2012-10-27 11:29:48 -------- d-----w- C:\Users\STEVE\AppData\Local\Geckofx
2012-10-27 11:27:48 -------- d-----w- C:\Users\STEVE\AppData\Roaming\Firefly Studios
2012-10-27 11:19:20 -------- d-----w- C:\ProgramData\Firefly Studios
2012-10-27 11:05:41 -------- d-----w- C:\Program Files (x86)\Firefly Studios
2012-10-27 07:16:40 -------- d-----w- C:\Users\STEVE\AppData\Local\{FB76D38C-0494-4867-B362-84152134D277}
2012-10-26 19:17:40 -------- d-----w- C:\Users\STEVE\AppData\Local\{67C788D0-5A2E-487C-BA27-B31317227240}
2012-10-26 07:17:12 -------- d-----w- C:\Users\STEVE\AppData\Local\{A3DC9D33-2220-4C1E-9789-CBDEC1192476}
2012-10-25 19:17:00 -------- d-----w- C:\Users\STEVE\AppData\Local\{EACC18EF-E07A-4F08-B475-5336CD94A075}
2012-10-25 07:16:36 -------- d-----w- C:\Users\STEVE\AppData\Local\{0D6E909A-DBC4-4A8F-9D18-AB521316FAEB}
2012-10-24 19:15:41 -------- d-----w- C:\Users\STEVE\AppData\Local\{71EA150D-BEB9-416B-B66A-5EC9761494A5}
2012-10-24 07:15:17 -------- d-----w- C:\Users\STEVE\AppData\Local\{A8518AEB-1C1A-44EB-9789-4CB965384289}
2012-10-23 19:14:53 -------- d-----w- C:\Users\STEVE\AppData\Local\{78CE1522-561D-4056-A92E-27816E65FE7E}
2012-10-23 07:14:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{BF838F9E-B1BD-485F-B3CA-518998805754}
2012-10-22 06:55:07 -------- d-----w- C:\Users\STEVE\AppData\Local\{166AC418-F9B2-4E39-84EF-AFE1568E6503}
2012-10-21 08:26:44 -------- d-----w- C:\Users\STEVE\AppData\Local\{21DB345C-1E90-46D6-AD50-6ED0A0C2B150}
2012-10-20 20:26:16 -------- d-----w- C:\Users\STEVE\AppData\Local\{2C5C1EAD-AE0B-4F5E-BBBC-B2BDF210F7F5}
2012-10-20 08:25:47 -------- d-----w- C:\Users\STEVE\AppData\Local\{C58807E4-9352-4377-A4A0-45BB1353CDF3}
2012-10-19 20:25:24 -------- d-----w- C:\Users\STEVE\AppData\Local\{17174FA1-520C-401E-9E26-47F7DE9EF9C4}
2012-10-19 08:25:00 -------- d-----w- C:\Users\STEVE\AppData\Local\{B3882861-0079-4D03-8984-BBADE57BF0EE}
2012-10-18 20:24:36 -------- d-----w- C:\Users\STEVE\AppData\Local\{BBE411A1-3BF7-40DD-AC74-527518FF39DD}
2012-10-18 08:24:13 -------- d-----w- C:\Users\STEVE\AppData\Local\{612666D1-29F7-48A3-9795-9F097FA610FD}
2012-10-17 20:23:49 -------- d-----w- C:\Users\STEVE\AppData\Local\{BB7F702C-0C16-4BB0-89F3-FDEC1E6A278B}
2012-10-17 08:23:26 -------- d-----w- C:\Users\STEVE\AppData\Local\{9CE88A6C-B601-47A3-A978-56145FC54703}
2012-10-16 20:23:02 -------- d-----w- C:\Users\STEVE\AppData\Local\{45E1F823-4FDE-46A9-BE07-F3BFF4AF0BBF}
2012-10-16 08:22:39 -------- d-----w- C:\Users\STEVE\AppData\Local\{726D0FA8-B1B9-4434-95A6-7A26709EBE60}
2012-10-15 20:22:14 -------- d-----w- C:\Users\STEVE\AppData\Local\{240F8919-990F-46A6-9DF4-EC2CC348244B}
2012-10-15 08:21:32 -------- d-----w- C:\Users\STEVE\AppData\Local\{D54ECE3A-8AED-4950-8DCA-EEC4F7382A7E}
2012-10-13 20:18:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{EA4E5729-9DD3-433D-84A4-640EC021EEAB}
2012-10-13 08:18:05 -------- d-----w- C:\Users\STEVE\AppData\Local\{FE16ACD0-0733-4912-A510-77550D769AFE}
2012-10-12 20:17:41 -------- d-----w- C:\Users\STEVE\AppData\Local\{059985F5-247A-41D2-BAE7-9F3DE45D03FE}
2012-10-12 15:28:30 8 ----a-w- C:\Windows\SysWow64\EXPSEE.SYS
2012-10-12 15:28:30 8 ----a-w- C:\Windows\DESPXF.DLL
2012-10-12 15:00:35 -------- d-----w- C:\Users\STEVE\AppData\Roaming\CCDC
2012-10-12 14:52:05 -------- d-----w- C:\Program Files (x86)\CCDC
2012-10-12 14:26:57 -------- d-----w- C:\Program Files (x86)\POV-Ray for Windows v3.6
2012-10-12 14:25:40 -------- d-----w- C:\X-Seed
2012-10-12 08:17:18 -------- d-----w- C:\Users\STEVE\AppData\Local\{F2B9C32E-2C0B-4103-A24D-B947F642054F}
2012-10-11 20:16:54 -------- d-----w- C:\Users\STEVE\AppData\Local\{0D74D7FA-D622-4C24-ACD7-07F3D569FDFF}
2012-10-10 20:16:11 -------- d-----w- C:\Users\STEVE\AppData\Local\{57BBE729-F6BF-4C2B-98D5-BE5C513BB65C}
2012-10-10 14:18:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 14:17:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 14:17:37 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 14:17:14 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 14:17:14 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 14:16:27 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 14:16:25 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 14:16:24 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 14:16:23 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 14:16:22 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 14:16:20 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-10 07:40:58 -------- d-----w- C:\Users\STEVE\AppData\Local\{1F726697-0A63-4B9D-94CA-4F6808B6AD8D}
2012-10-09 19:40:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{CC9270DC-4B90-411C-9D11-A1D330DDFBC8}
2012-10-09 07:39:53 -------- d-----w- C:\Users\STEVE\AppData\Local\{1E70E6CE-4417-4D98-8A31-893362E9E761}
2012-10-08 19:39:25 -------- d-----w- C:\Users\STEVE\AppData\Local\{7AB57F07-6B50-473E-B094-EA8DC5EC229C}
2012-10-08 07:41:14 -------- d-----w- C:\Users\STEVE\AppData\Local\{A8078DF3-0B6B-4097-A7F1-9B14A61BECF8}
.
==================== Find3M ====================
.
2012-10-09 13:49:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 13:49:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:58:10 501248 ----a-w- C:\Users\STEVE\FacebookVideoCallSetup_v1.2.205.0.exe
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 12:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 12:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 12:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-13 18:42:19 2296840 ----a-w- C:\Users\STEVE\AmazonMP3DownloaderInstall.exe
.
============= FINISH: 21:22:55.48 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-06 21:39:45
-----------------------------
21:39:45.522 OS Version: Windows x64 6.1.7600
21:39:45.522 Number of processors: 1 586 0x170A
21:39:45.524 ComputerName: STEVE-HP UserName: STEVE
21:39:48.398 Initialize success
21:39:49.938 AVAST engine defs: 12110601
21:39:56.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:39:56.529 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:39:56.553 Disk 0 MBR read successfully
21:39:56.557 Disk 0 MBR scan
21:39:56.562 Disk 0 unknown MBR code
21:39:56.577 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:39:56.595 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 222511 MB offset 409600
21:39:56.629 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15660 MB offset 456112128
21:39:56.652 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
21:39:56.697 Disk 0 scanning C:\Windows\system32\drivers
21:40:14.305 Service scanning
21:40:54.816 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:41:04.989 Modules scanning
21:41:05.332 Disk 0 trace - called modules:
21:41:05.361 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys
21:41:05.368 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033564b0]
21:41:05.374 3 CLASSPNP.SYS[fffff88001c6f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800320c050]
21:41:06.510 AVAST engine scan C:\Windows
21:41:09.508 AVAST engine scan C:\Windows\system32
21:45:02.203 AVAST engine scan C:\Windows\system32\drivers
21:45:15.460 AVAST engine scan C:\Users\STEVE
21:59:47.913 AVAST engine scan C:\ProgramData
22:15:57.553 Scan finished successfully
22:17:44.913 Disk 0 MBR has been saved successfully to "C:\Users\STEVE\Desktop\MBR.dat"
22:17:44.920 The log file has been saved successfully to "C:\Users\STEVE\Desktop\aswMBR.txt"
Below are my DDS and aswMBR logs
Thanks in advance for your help.
DDS (Ver_2012-11-05.02) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_31
Run by STEVE at 21:19:11 on 2012-11-06
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3003.811 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\STEVE\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startsear.ch/?aff=1
mStart Page = hxxp://startsear.ch/?aff=1
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: IE5BarLauncherBHO Class: {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO: EndNote Web: {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Virgin Media Security Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} -
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: EndNote Web: {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\STEVE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\Users\STEVE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\STEVE\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\STEVE\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{6CF43E3D-1F03-446F-A01C-BC6C92C2BF9B} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{B7A4F2C4-3B41-49E5-A6FF-DE26F20C73A0} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{B7A4F2C4-3B41-49E5-A6FF-DE26F20C73A0}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\STEVE\AppData\Roaming\Mozilla\Firefox\Profiles\qmbso5rn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\STEVE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\STEVE\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - ExtSQL: !HIDDEN! 2011-01-22 17:36; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-5-13 69376]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2010-12-31 63760]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-4 591192]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-4 304472]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-4-17 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-4-17 61712]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-4 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-4 66904]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-5-13 17152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-17 347680]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-8-17 1093152]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2012-11-06 19:32:27 -------- d-----w- C:\Users\STEVE\AppData\Local\{9DD3E688-8237-4ACF-8956-1CD0A5C57D02}
2012-11-06 07:32:02 -------- d-----w- C:\Users\STEVE\AppData\Local\{8B47AA18-64F1-4740-AE9F-23984EB5520D}
2012-11-05 07:31:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{5001A22F-BFDD-400A-83A8-19EDE8861C35}
2012-11-04 19:30:45 -------- d-----w- C:\Users\STEVE\AppData\Local\{EAC05CFA-F87E-45C0-BC4F-0567018BBA2A}
2012-11-04 07:30:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{7361CCD6-07A5-4692-BCC4-8ECFA9FD0F33}
2012-11-03 19:29:44 -------- d-----w- C:\Users\STEVE\AppData\Local\{27EB3C8E-6DD7-446A-ACCF-E699FA320355}
2012-11-03 07:29:21 -------- d-----w- C:\Users\STEVE\AppData\Local\{D345D098-86CC-4FF4-B208-30F6708AACED}
2012-11-02 19:28:56 -------- d-----w- C:\Users\STEVE\AppData\Local\{17B8C783-A458-44CC-9C84-9B661BFA9581}
2012-11-02 07:28:32 -------- d-----w- C:\Users\STEVE\AppData\Local\{63909B04-0612-4EB4-BED7-32A6572D337D}
2012-11-01 19:26:34 -------- d-----w- C:\Users\STEVE\AppData\Local\{F2231FCB-1A68-4FD0-8A8F-63C9996CADC4}
2012-11-01 07:20:56 -------- d-----w- C:\Users\STEVE\AppData\Local\{5296EEB6-2869-48D5-90C9-0F4F2366031E}
2012-10-31 15:55:22 -------- d-----w- C:\ProgramData\Advanced Chemistry Development
2012-10-31 15:54:25 -------- d-----w- C:\ACDFREE12
2012-10-31 15:53:40 -------- d-----w- C:\Users\STEVE\AppData\Roaming\Advanced Chemistry Development
2012-10-31 07:20:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{1AAAF1E9-AD58-412D-8F5E-6E33F656C596}
2012-10-30 19:19:45 -------- d-----w- C:\Users\STEVE\AppData\Local\{19425FD7-5659-4DCB-9A8F-C0AD60B555A1}
2012-10-30 07:19:22 -------- d-----w- C:\Users\STEVE\AppData\Local\{BCD1B558-D4C6-4ABE-9EDD-D0848A48817B}
2012-10-29 19:18:58 -------- d-----w- C:\Users\STEVE\AppData\Local\{86AF8BAE-ECA2-4E49-BE39-40BCD3A7A60B}
2012-10-29 07:18:35 -------- d-----w- C:\Users\STEVE\AppData\Local\{CB663E70-82CF-4E95-B1B8-4E8D1369D3DF}
2012-10-28 19:18:12 -------- d-----w- C:\Users\STEVE\AppData\Local\{4BB5A9D1-BC93-400A-8FBA-E8C43F1BF19E}
2012-10-28 07:17:31 -------- d-----w- C:\Users\STEVE\AppData\Local\{9507F3FD-4041-4048-88F7-D091271D0A3B}
2012-10-27 19:17:07 -------- d-----w- C:\Users\STEVE\AppData\Local\{BB9ED222-7B94-4DA3-A2CA-42EB69D1A08D}
2012-10-27 11:29:48 -------- d-----w- C:\Users\STEVE\AppData\Local\Geckofx
2012-10-27 11:27:48 -------- d-----w- C:\Users\STEVE\AppData\Roaming\Firefly Studios
2012-10-27 11:19:20 -------- d-----w- C:\ProgramData\Firefly Studios
2012-10-27 11:05:41 -------- d-----w- C:\Program Files (x86)\Firefly Studios
2012-10-27 07:16:40 -------- d-----w- C:\Users\STEVE\AppData\Local\{FB76D38C-0494-4867-B362-84152134D277}
2012-10-26 19:17:40 -------- d-----w- C:\Users\STEVE\AppData\Local\{67C788D0-5A2E-487C-BA27-B31317227240}
2012-10-26 07:17:12 -------- d-----w- C:\Users\STEVE\AppData\Local\{A3DC9D33-2220-4C1E-9789-CBDEC1192476}
2012-10-25 19:17:00 -------- d-----w- C:\Users\STEVE\AppData\Local\{EACC18EF-E07A-4F08-B475-5336CD94A075}
2012-10-25 07:16:36 -------- d-----w- C:\Users\STEVE\AppData\Local\{0D6E909A-DBC4-4A8F-9D18-AB521316FAEB}
2012-10-24 19:15:41 -------- d-----w- C:\Users\STEVE\AppData\Local\{71EA150D-BEB9-416B-B66A-5EC9761494A5}
2012-10-24 07:15:17 -------- d-----w- C:\Users\STEVE\AppData\Local\{A8518AEB-1C1A-44EB-9789-4CB965384289}
2012-10-23 19:14:53 -------- d-----w- C:\Users\STEVE\AppData\Local\{78CE1522-561D-4056-A92E-27816E65FE7E}
2012-10-23 07:14:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{BF838F9E-B1BD-485F-B3CA-518998805754}
2012-10-22 06:55:07 -------- d-----w- C:\Users\STEVE\AppData\Local\{166AC418-F9B2-4E39-84EF-AFE1568E6503}
2012-10-21 08:26:44 -------- d-----w- C:\Users\STEVE\AppData\Local\{21DB345C-1E90-46D6-AD50-6ED0A0C2B150}
2012-10-20 20:26:16 -------- d-----w- C:\Users\STEVE\AppData\Local\{2C5C1EAD-AE0B-4F5E-BBBC-B2BDF210F7F5}
2012-10-20 08:25:47 -------- d-----w- C:\Users\STEVE\AppData\Local\{C58807E4-9352-4377-A4A0-45BB1353CDF3}
2012-10-19 20:25:24 -------- d-----w- C:\Users\STEVE\AppData\Local\{17174FA1-520C-401E-9E26-47F7DE9EF9C4}
2012-10-19 08:25:00 -------- d-----w- C:\Users\STEVE\AppData\Local\{B3882861-0079-4D03-8984-BBADE57BF0EE}
2012-10-18 20:24:36 -------- d-----w- C:\Users\STEVE\AppData\Local\{BBE411A1-3BF7-40DD-AC74-527518FF39DD}
2012-10-18 08:24:13 -------- d-----w- C:\Users\STEVE\AppData\Local\{612666D1-29F7-48A3-9795-9F097FA610FD}
2012-10-17 20:23:49 -------- d-----w- C:\Users\STEVE\AppData\Local\{BB7F702C-0C16-4BB0-89F3-FDEC1E6A278B}
2012-10-17 08:23:26 -------- d-----w- C:\Users\STEVE\AppData\Local\{9CE88A6C-B601-47A3-A978-56145FC54703}
2012-10-16 20:23:02 -------- d-----w- C:\Users\STEVE\AppData\Local\{45E1F823-4FDE-46A9-BE07-F3BFF4AF0BBF}
2012-10-16 08:22:39 -------- d-----w- C:\Users\STEVE\AppData\Local\{726D0FA8-B1B9-4434-95A6-7A26709EBE60}
2012-10-15 20:22:14 -------- d-----w- C:\Users\STEVE\AppData\Local\{240F8919-990F-46A6-9DF4-EC2CC348244B}
2012-10-15 08:21:32 -------- d-----w- C:\Users\STEVE\AppData\Local\{D54ECE3A-8AED-4950-8DCA-EEC4F7382A7E}
2012-10-13 20:18:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{EA4E5729-9DD3-433D-84A4-640EC021EEAB}
2012-10-13 08:18:05 -------- d-----w- C:\Users\STEVE\AppData\Local\{FE16ACD0-0733-4912-A510-77550D769AFE}
2012-10-12 20:17:41 -------- d-----w- C:\Users\STEVE\AppData\Local\{059985F5-247A-41D2-BAE7-9F3DE45D03FE}
2012-10-12 15:28:30 8 ----a-w- C:\Windows\SysWow64\EXPSEE.SYS
2012-10-12 15:28:30 8 ----a-w- C:\Windows\DESPXF.DLL
2012-10-12 15:00:35 -------- d-----w- C:\Users\STEVE\AppData\Roaming\CCDC
2012-10-12 14:52:05 -------- d-----w- C:\Program Files (x86)\CCDC
2012-10-12 14:26:57 -------- d-----w- C:\Program Files (x86)\POV-Ray for Windows v3.6
2012-10-12 14:25:40 -------- d-----w- C:\X-Seed
2012-10-12 08:17:18 -------- d-----w- C:\Users\STEVE\AppData\Local\{F2B9C32E-2C0B-4103-A24D-B947F642054F}
2012-10-11 20:16:54 -------- d-----w- C:\Users\STEVE\AppData\Local\{0D74D7FA-D622-4C24-ACD7-07F3D569FDFF}
2012-10-10 20:16:11 -------- d-----w- C:\Users\STEVE\AppData\Local\{57BBE729-F6BF-4C2B-98D5-BE5C513BB65C}
2012-10-10 14:18:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 14:17:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 14:17:37 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 14:17:14 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 14:17:14 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 14:16:27 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 14:16:25 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 14:16:24 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 14:16:23 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 14:16:22 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 14:16:20 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-10 07:40:58 -------- d-----w- C:\Users\STEVE\AppData\Local\{1F726697-0A63-4B9D-94CA-4F6808B6AD8D}
2012-10-09 19:40:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{CC9270DC-4B90-411C-9D11-A1D330DDFBC8}
2012-10-09 07:39:53 -------- d-----w- C:\Users\STEVE\AppData\Local\{1E70E6CE-4417-4D98-8A31-893362E9E761}
2012-10-08 19:39:25 -------- d-----w- C:\Users\STEVE\AppData\Local\{7AB57F07-6B50-473E-B094-EA8DC5EC229C}
2012-10-08 07:41:14 -------- d-----w- C:\Users\STEVE\AppData\Local\{A8078DF3-0B6B-4097-A7F1-9B14A61BECF8}
.
==================== Find3M ====================
.
2012-10-09 13:49:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 13:49:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:58:10 501248 ----a-w- C:\Users\STEVE\FacebookVideoCallSetup_v1.2.205.0.exe
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 12:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 12:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 12:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-13 18:42:19 2296840 ----a-w- C:\Users\STEVE\AmazonMP3DownloaderInstall.exe
.
============= FINISH: 21:22:55.48 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-06 21:39:45
-----------------------------
21:39:45.522 OS Version: Windows x64 6.1.7600
21:39:45.522 Number of processors: 1 586 0x170A
21:39:45.524 ComputerName: STEVE-HP UserName: STEVE
21:39:48.398 Initialize success
21:39:49.938 AVAST engine defs: 12110601
21:39:56.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:39:56.529 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:39:56.553 Disk 0 MBR read successfully
21:39:56.557 Disk 0 MBR scan
21:39:56.562 Disk 0 unknown MBR code
21:39:56.577 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:39:56.595 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 222511 MB offset 409600
21:39:56.629 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15660 MB offset 456112128
21:39:56.652 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
21:39:56.697 Disk 0 scanning C:\Windows\system32\drivers
21:40:14.305 Service scanning
21:40:54.816 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:41:04.989 Modules scanning
21:41:05.332 Disk 0 trace - called modules:
21:41:05.361 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys
21:41:05.368 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033564b0]
21:41:05.374 3 CLASSPNP.SYS[fffff88001c6f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800320c050]
21:41:06.510 AVAST engine scan C:\Windows
21:41:09.508 AVAST engine scan C:\Windows\system32
21:45:02.203 AVAST engine scan C:\Windows\system32\drivers
21:45:15.460 AVAST engine scan C:\Users\STEVE
21:59:47.913 AVAST engine scan C:\ProgramData
22:15:57.553 Scan finished successfully
22:17:44.913 Disk 0 MBR has been saved successfully to "C:\Users\STEVE\Desktop\MBR.dat"
22:17:44.920 The log file has been saved successfully to "C:\Users\STEVE\Desktop\aswMBR.txt"