gdog355
2013-06-18, 21:57
I hav run several spybot scans that indicate the spybot removed it, however after reboot it is always back.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490
Run by George at 10:34:27 on 2013-06-18
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8187.5464 [GMT -7:00]
.
AV: Windows Intune Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Windows Intune Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\System Center Operations Manager 2007\HealthService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\System32\tcpsvcs.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\nfsclnt.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\System Center Operations Manager 2007\MonitoringHost.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\mobsync.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = George
mStart Page = about:blank
uProxyServer = localhost:21320
uProxyOverride =
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [cdloader] "C:\Users\George\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\George\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{79C38F1A-9283-4959-ADB2-84ABFA1385EF} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{79C38F1A-9283-4959-ADB2-84ABFA1385EF}\2375942554139353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{79C38F1A-9283-4959-ADB2-84ABFA1385EF}\76F6563786 : DHCPNameServer = 4.2.2.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0BtCyCtDtB0FyCtBtByD0EtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1524038736
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 189440]
R1 SDHookDriver;Hook Test Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2013-5-23 63776]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/09/09 00:18:44];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-4-17 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-9-9 90600]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-9-9 78312]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-9-9 299496]
R2 HealthService;System Center Management;C:\Program Files\System Center Operations Manager 2007\HealthService.exe [2009-5-8 30592]
R2 NfsClnt;Client for NFS;C:\Windows\System32\nfsclnt.exe [2011-5-28 65536]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-9-9 82928]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-5-23 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-5-23 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-5-23 171928]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-4-27 316992]
R2 SignalingAgent;Windows Intune Notification Service;C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost2.exe [2011-9-20 44304]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-1 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-1 15128]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 NfsRdr;Client for NFS Redirector;C:\Windows\System32\drivers\nfsrdr.sys [2011-5-28 246272]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 84864]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RpcXdr;Server for NFS Open RPC (ONCRPC);C:\Windows\System32\drivers\rpcxdr.sys [2011-5-28 104960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 WLMS;Windows Licensing Monitoring Service;C:\Windows\System32\wlms\wlms.exe [2009-7-14 19456]
S3 ctxva51;Citrix Virtual Adapter;C:\Windows\System32\drivers\ctxva51.sys [2011-12-20 45720]
S3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]
S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-10-27 53864]
S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-10-27 53864]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-20 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-20 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-20 1255736]
S4 AdtAgent;Operations Manager Audit Forwarding Service;C:\Windows\System32\AdtAgent.exe [2009-5-8 343936]
.
=============== Created Last 30 ================
.
2013-06-17 18:38:56 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4A2774F7-CC9B-4984-AA76-DCA41C98D910}\offreg.dll
2013-06-17 18:37:49 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4A2774F7-CC9B-4984-AA76-DCA41C98D910}\mpengine.dll
2013-06-12 19:03:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 19:03:00 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 19:03:00 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-12 19:02:59 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-12 19:02:58 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-12 19:02:57 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-12 19:02:57 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-12 19:02:57 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-12 19:02:57 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-12 19:02:57 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-12 19:02:57 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-12 19:02:57 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-12 19:02:57 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-05 21:17:42 -------- d-----w- C:\Program Files\iPod
2013-06-05 21:17:40 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-05 21:17:40 -------- d-----w- C:\Program Files\iTunes
2013-06-05 21:17:40 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-26 21:02:23 -------- d-----w- C:\SpybotBootCD
2013-05-24 19:07:06 -------- d-----w- C:\Users\George\Prius
2013-05-24 05:53:41 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-05-24 05:53:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-24 04:18:42 -------- d-----w- C:\Users\George\AppData\Local\Programs
2013-05-22 23:48:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-22 23:48:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-22 23:48:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-22 23:48:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-22 23:48:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-05-22 20:47:06 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-21 06:50:35 -------- d-----w- C:\Users\George\admin
2013-05-21 05:02:54 -------- d-----w- C:\ProgramData\OT4DrvInstall
2013-05-21 04:25:41 -------- d-----w- C:\Program Files (x86)\Kofax
2013-05-21 04:24:18 -------- d-----w- C:\ProgramData\Kofax
2013-05-21 04:13:24 -------- d-----w- C:\Users\George\AppData\Local\ElevatedDiagnostics
2013-05-20 20:22:51 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-05-20 20:01:20 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-05-20 19:51:00 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-05-20 19:51:00 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-05-20 19:50:53 209920 ----a-w- C:\Windows\System32\profsvc.dll
2013-05-20 19:42:25 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-05-20 19:42:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-05-20 19:42:25 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-05-20 19:42:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-05-20 19:42:24 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-05-20 19:42:24 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-05-20 19:42:24 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-05-20 19:42:21 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-05-20 19:42:20 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-05-20 19:42:06 67072 ----a-w- C:\Windows\splwow64.exe
2013-05-20 19:42:06 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-05-20 19:33:40 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-05-20 19:33:40 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-05-20 19:33:40 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-05-20 19:33:40 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-05-20 19:33:14 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-05-20 19:33:14 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-05-20 19:33:13 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-05-20 19:33:13 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-05-20 19:33:11 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-05-20 19:33:11 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-05-20 19:33:11 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-05-20 19:20:02 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-05-20 07:35:46 -------- d-----w- C:\Program Files (x86)\Visioneer
.
==================== Find3M ====================
.
2013-06-11 20:21:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 20:21:00 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 10:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 10:38:51.77 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-18 10:46:18
-----------------------------
10:46:18.949 OS Version: Windows x64 6.1.7601 Service Pack 1
10:46:18.949 Number of processors: 2 586 0x1706
10:46:18.949 ComputerName: XPSLAPTOP UserName: George
10:46:20.790 Initialize success
10:56:42.007 AVAST engine defs: 13061800
10:57:09.759 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:57:09.759 Disk 0 Vendor: ST9320421ASG DE16 Size: 305245MB BusType: 11
10:57:09.868 Disk 0 MBR read successfully
10:57:09.868 Disk 0 MBR scan
10:57:09.931 Disk 0 Windows 7 default MBR code
10:57:09.946 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 156 MB offset 63
10:57:09.962 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 321536
10:57:09.978 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31778816
10:57:10.009 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 289627 MB offset 31983616
10:57:10.087 Disk 0 scanning C:\Windows\system32\drivers
10:57:24.439 Service scanning
10:58:30.458 Modules scanning
10:58:30.458 Disk 0 trace - called modules:
10:58:30.474 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:58:30.801 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ccb730]
10:58:30.801 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b121f0]
10:58:34.046 AVAST engine scan C:\Windows
10:58:35.903 AVAST engine scan C:\Windows\system32
11:02:26.447 AVAST engine scan C:\Windows\system32\drivers
11:02:48.100 AVAST engine scan C:\Users\George
11:07:33.471 AVAST engine scan C:\ProgramData
11:09:16.981 Scan finished successfully
11:09:30.772 Disk 0 MBR has been saved successfully to "C:\Users\George\Desktop\MBR.dat"
11:09:30.772 The log file has been saved successfully to "C:\Users\George\Desktop\aswMBR.txt"
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490
Run by George at 10:34:27 on 2013-06-18
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8187.5464 [GMT -7:00]
.
AV: Windows Intune Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Windows Intune Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\System Center Operations Manager 2007\HealthService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\System32\tcpsvcs.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\nfsclnt.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\System Center Operations Manager 2007\MonitoringHost.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\mobsync.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = George
mStart Page = about:blank
uProxyServer = localhost:21320
uProxyOverride =
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [cdloader] "C:\Users\George\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\George\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{79C38F1A-9283-4959-ADB2-84ABFA1385EF} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{79C38F1A-9283-4959-ADB2-84ABFA1385EF}\2375942554139353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{79C38F1A-9283-4959-ADB2-84ABFA1385EF}\76F6563786 : DHCPNameServer = 4.2.2.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0BtCyCtDtB0FyCtBtByD0EtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1524038736
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 189440]
R1 SDHookDriver;Hook Test Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2013-5-23 63776]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/09/09 00:18:44];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-4-17 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-9-9 90600]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-9-9 78312]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-9-9 299496]
R2 HealthService;System Center Management;C:\Program Files\System Center Operations Manager 2007\HealthService.exe [2009-5-8 30592]
R2 NfsClnt;Client for NFS;C:\Windows\System32\nfsclnt.exe [2011-5-28 65536]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-9-9 82928]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-5-23 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-5-23 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-5-23 171928]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-4-27 316992]
R2 SignalingAgent;Windows Intune Notification Service;C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost2.exe [2011-9-20 44304]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-1 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-1 15128]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 NfsRdr;Client for NFS Redirector;C:\Windows\System32\drivers\nfsrdr.sys [2011-5-28 246272]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 84864]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RpcXdr;Server for NFS Open RPC (ONCRPC);C:\Windows\System32\drivers\rpcxdr.sys [2011-5-28 104960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 WLMS;Windows Licensing Monitoring Service;C:\Windows\System32\wlms\wlms.exe [2009-7-14 19456]
S3 ctxva51;Citrix Virtual Adapter;C:\Windows\System32\drivers\ctxva51.sys [2011-12-20 45720]
S3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]
S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-10-27 53864]
S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-10-27 53864]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-20 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-20 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-20 1255736]
S4 AdtAgent;Operations Manager Audit Forwarding Service;C:\Windows\System32\AdtAgent.exe [2009-5-8 343936]
.
=============== Created Last 30 ================
.
2013-06-17 18:38:56 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4A2774F7-CC9B-4984-AA76-DCA41C98D910}\offreg.dll
2013-06-17 18:37:49 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4A2774F7-CC9B-4984-AA76-DCA41C98D910}\mpengine.dll
2013-06-12 19:03:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 19:03:00 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 19:03:00 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-12 19:02:59 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-12 19:02:58 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-12 19:02:57 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-12 19:02:57 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-12 19:02:57 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-12 19:02:57 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-12 19:02:57 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-12 19:02:57 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-12 19:02:57 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-12 19:02:57 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-05 21:17:42 -------- d-----w- C:\Program Files\iPod
2013-06-05 21:17:40 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-05 21:17:40 -------- d-----w- C:\Program Files\iTunes
2013-06-05 21:17:40 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-26 21:02:23 -------- d-----w- C:\SpybotBootCD
2013-05-24 19:07:06 -------- d-----w- C:\Users\George\Prius
2013-05-24 05:53:41 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-05-24 05:53:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-24 04:18:42 -------- d-----w- C:\Users\George\AppData\Local\Programs
2013-05-22 23:48:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-22 23:48:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-22 23:48:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-22 23:48:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-22 23:48:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-05-22 20:47:06 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-21 06:50:35 -------- d-----w- C:\Users\George\admin
2013-05-21 05:02:54 -------- d-----w- C:\ProgramData\OT4DrvInstall
2013-05-21 04:25:41 -------- d-----w- C:\Program Files (x86)\Kofax
2013-05-21 04:24:18 -------- d-----w- C:\ProgramData\Kofax
2013-05-21 04:13:24 -------- d-----w- C:\Users\George\AppData\Local\ElevatedDiagnostics
2013-05-20 20:22:51 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-05-20 20:01:20 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-05-20 19:51:00 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-05-20 19:51:00 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-05-20 19:50:53 209920 ----a-w- C:\Windows\System32\profsvc.dll
2013-05-20 19:42:25 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-05-20 19:42:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-05-20 19:42:25 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-05-20 19:42:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-05-20 19:42:24 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-05-20 19:42:24 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-05-20 19:42:24 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-05-20 19:42:21 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-05-20 19:42:20 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-05-20 19:42:06 67072 ----a-w- C:\Windows\splwow64.exe
2013-05-20 19:42:06 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-05-20 19:33:40 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-05-20 19:33:40 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-05-20 19:33:40 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-05-20 19:33:40 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-05-20 19:33:14 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-05-20 19:33:14 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-05-20 19:33:13 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-05-20 19:33:13 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-05-20 19:33:11 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-05-20 19:33:11 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-05-20 19:33:11 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-05-20 19:20:02 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-05-20 07:35:46 -------- d-----w- C:\Program Files (x86)\Visioneer
.
==================== Find3M ====================
.
2013-06-11 20:21:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 20:21:00 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 10:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 10:38:51.77 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-18 10:46:18
-----------------------------
10:46:18.949 OS Version: Windows x64 6.1.7601 Service Pack 1
10:46:18.949 Number of processors: 2 586 0x1706
10:46:18.949 ComputerName: XPSLAPTOP UserName: George
10:46:20.790 Initialize success
10:56:42.007 AVAST engine defs: 13061800
10:57:09.759 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:57:09.759 Disk 0 Vendor: ST9320421ASG DE16 Size: 305245MB BusType: 11
10:57:09.868 Disk 0 MBR read successfully
10:57:09.868 Disk 0 MBR scan
10:57:09.931 Disk 0 Windows 7 default MBR code
10:57:09.946 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 156 MB offset 63
10:57:09.962 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 321536
10:57:09.978 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31778816
10:57:10.009 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 289627 MB offset 31983616
10:57:10.087 Disk 0 scanning C:\Windows\system32\drivers
10:57:24.439 Service scanning
10:58:30.458 Modules scanning
10:58:30.458 Disk 0 trace - called modules:
10:58:30.474 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:58:30.801 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ccb730]
10:58:30.801 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b121f0]
10:58:34.046 AVAST engine scan C:\Windows
10:58:35.903 AVAST engine scan C:\Windows\system32
11:02:26.447 AVAST engine scan C:\Windows\system32\drivers
11:02:48.100 AVAST engine scan C:\Users\George
11:07:33.471 AVAST engine scan C:\ProgramData
11:09:16.981 Scan finished successfully
11:09:30.772 Disk 0 MBR has been saved successfully to "C:\Users\George\Desktop\MBR.dat"
11:09:30.772 The log file has been saved successfully to "C:\Users\George\Desktop\aswMBR.txt"