roliks
2014-07-08, 02:33
I was recently (although I dont know how) was infected by a browser hijacker. I used my tools (Spybot, Kaspersky, windows security essentials, etc... to remove it) It was preventing me opening malwarebytes. I started looking into it and it appears that there have been a couple threads in places that say the folder in C:\Users\USER\AppData\Local\Temp named is a trojan program. This folder contains some pythoncom.dll, win32api.pyd and other pyd and dll files. Is this a malware/virus/trojan/etc... ? Can anyone help or direct me in this matter it would be greatly appreciated.
Thanks!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.60.2
Run by SMl at 19:40:31 on 2014-07-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16318.11263 [GMT -4:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\AMD\amdacpusrsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
C:\Windows\DAODx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\SMl\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
mRunOnce: [TURBO_BOOST_SETTING] <no file>
StartupFolder: C:\Users\SMl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~2.LNK - C:\Windows\System32\schtasks.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{8519AB2B-84ED-4C29-82D3-476E4573986E} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{BF0DB1FB-0A92-4BB1-8F0A-F25D405C15DF} : DHCPNameServer = 10.0.0.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SMl\AppData\Roaming\Mozilla\Firefox\Profiles\hhza8kzi.default\
FF - prefs.js: browser.search.selectedEngine -
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2012-12-10 293720]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-7-1 84536]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-4-23 56208]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-7-1 66616]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2014-2-1 30752]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2008-10-1 26624]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-11-11 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-11-11 178448]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-5-22 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-5-22 344064]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-12-14 131320]
R2 amdacpksd;ACP Kernel Service Driver;C:\Windows\System32\drivers\amdacpksd.sys [2014-5-22 276192]
R2 amdacpusrsvc;ACP User Service;C:\AMD\amdacpusrsvc.exe [2014-5-22 112640]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2013-3-23 96896]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-11-11 356128]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2013-11-30 21992]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-6-20 82160]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2013-4-7 15672]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-24 5037888]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-4-8 94720]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2014-2-16 90624]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-11-11 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-11-11 29280]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\System32\drivers\lvsels64.sys [2009-10-7 67992]
R3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-6-4 60640]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-3-23 1301504]
R3 VMfilt;VMfilt;C:\Windows\System32\drivers\VMfilt64.sys [2013-3-23 25600]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-3-17 401696]
S2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-12 111616]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-2-29 942080]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2013-3-23 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2013-3-23 41280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-1 19456]
S3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2014-5-31 129472]
S3 rzp1endpt;Razer platform 1 end point;C:\Windows\System32\drivers\rzp1endpt.sys [2014-4-8 39080]
S3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-3-31 126464]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-4-8 154792]
S3 rzvmouse;Razer Virtual Mouse;C:\Windows\System32\drivers\rzvmouse.sys [2014-4-8 31400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-12 56832]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-23 19968]
S3 VBAudioVACMME;VB-Audio Virtual Cable (WDM);C:\Windows\System32\drivers\vbaudio_cable64_win7.sys [2013-7-11 41192]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-23 1255736]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2w7x.sys [2010-4-27 783360]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-9-27 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-3-23 79360]
S4 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 352248]
S4 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-5-4 4492776]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-07-07 20:56:33 76152 ----a-w- C:\Windows\System32\PnkBstrA.exe
2014-07-07 19:42:14 -------- d-----w- C:\AdwCleaner
2014-07-07 19:31:16 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-07-07 19:27:10 -------- d-----w- C:\FRST
2014-07-07 17:50:42 -------- d-----w- C:\Program Files (x86)\ESET
2014-07-07 16:59:16 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-07 06:31:07 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9B49A27-07FB-4D7C-A0FE-B57B08422B0D}\mpengine.dll
2014-07-07 03:38:00 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-07-07 03:38:00 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8FE68A8C-2334-4365-9313-38E7C562558B}\gapaengine.dll
2014-07-07 03:37:43 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-02 10:36:34 -------- d-----w- C:\Users\SMl\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-07-02 03:22:15 64856 ----a-w- C:\Windows\System32\klfphc.dll
2014-07-02 03:21:54 84536 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys
2014-07-02 03:21:54 66616 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
2014-07-02 03:21:29 -------- d-----w- C:\Windows\ELAMBKUP
2014-07-02 03:21:25 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2014-07-02 03:21:22 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-07-02 03:21:14 92768 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-07-01 08:36:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-07-01 08:36:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-07-01 02:10:56 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys
2014-06-30 06:18:12 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-30 06:18:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-30 06:18:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 05:43:46 128728 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-30 05:43:46 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-30 05:43:23 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-30 05:33:50 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-30 01:42:41 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B332F8D3-B194-4542-BE6B-6BDEACDA1705}\mpengine.dll
2014-06-30 01:40:01 -------- d-----w- C:\Users\SMl\AppData\Local\Adobe
2014-06-26 04:52:36 -------- d-----w- C:\Users\SMl\AppData\Roaming\TheBannerSaga
2014-06-20 01:09:16 -------- d-----w- C:\Program Files\Blender Foundation
2014-06-12 19:05:34 46376 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
2014-06-11 01:57:09 -------- d-----w- C:\Users\SMl\AppData\Roaming\CardScan
2014-06-11 01:56:58 -------- d-----w- C:\Users\SMl\AppData\Local\CardScan
.
==================== Find3M ====================
.
2014-07-07 20:56:19 215416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-07-07 20:47:11 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-07-07 20:06:03 65536 ----a-w- C:\Windows\System32\spu_storage.bin
2014-07-02 03:38:50 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-07-02 03:38:50 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
2014-06-26 01:37:20 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-26 01:37:20 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-14 05:10:42 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-04 23:35:16 0 ----a-w- C:\Windows\ativpsrm.bin
2014-05-31 04:29:14 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-29 11:32:14 80384 ----a-w- C:\Windows\System32\RazerCoinstaller.dll
2014-05-23 02:28:16 127872 ----a-w- C:\Windows\System32\amdhcp64.dll
2014-05-23 02:28:16 117560 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2014-05-23 02:28:14 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2014-05-23 02:28:14 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2014-05-23 02:28:12 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2014-05-23 02:28:12 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2014-05-23 02:28:08 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2014-05-23 02:28:06 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2014-05-23 02:28:06 117584 ----a-w- C:\Windows\System32\atiu9p64.dll
2014-05-23 02:28:04 99520 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2014-05-23 02:28:04 1328352 ----a-w- C:\Windows\System32\aticfx64.dll
2014-05-23 02:28:02 1108432 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2014-05-23 02:27:56 10516488 ----a-w- C:\Windows\System32\atidxx64.dll
2014-05-23 02:27:54 9015224 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2014-05-23 02:27:48 7102496 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2014-05-23 02:27:42 6879016 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2014-05-23 02:27:38 7892000 ----a-w- C:\Windows\System32\atiumd6a.dll
2014-05-23 02:27:34 8108312 ----a-w- C:\Windows\System32\atiumd64.dll
2014-05-23 02:24:24 276192 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-05-23 02:22:08 15950336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2014-05-23 01:56:56 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2014-05-23 01:55:58 27529216 ----a-w- C:\Windows\System32\atio6axx.dll
2014-05-23 01:52:44 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2014-05-23 01:47:48 231424 ----a-w- C:\Windows\System32\clinfo.exe
2014-05-23 01:47:38 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2014-05-23 01:47:38 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2014-05-23 01:47:38 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2014-05-23 01:47:38 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2014-05-23 01:47:36 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-05-23 01:47:30 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2014-05-23 01:47:26 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2014-05-23 01:47:22 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2014-05-23 01:47:18 32874496 ----a-w- C:\Windows\System32\amdocl64.dll
2014-05-23 01:46:06 127488 ----a-w- C:\Windows\System32\mantle64.dll
2014-05-23 01:45:54 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-05-23 01:45:38 5224960 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-05-23 01:45:26 27841024 ----a-w- C:\Windows\SysWow64\amdocl.dll
2014-05-23 01:43:48 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2014-05-23 01:43:44 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-05-23 01:43:16 357376 ----a-w- C:\Windows\System32\amdacpusl.dll
2014-05-23 01:43:04 242688 ----a-w- C:\Windows\SysWow64\amdacpusl.dll
2014-05-23 01:40:52 23028224 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2014-05-23 01:38:08 366592 ----a-w- C:\Windows\System32\atiapfxx.exe
2014-05-23 01:38:02 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2014-05-23 01:38:00 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2014-05-23 01:37:52 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2014-05-23 01:37:50 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2014-05-23 01:37:44 4180992 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-05-23 01:37:34 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2014-05-23 01:35:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2014-05-23 01:31:00 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-05-23 01:30:50 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-05-23 01:27:46 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-05-23 01:27:42 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2014-05-23 01:25:46 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2014-05-23 01:25:38 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2014-05-23 01:25:32 588800 ----a-w- C:\Windows\System32\atieclxx.exe
2014-05-23 01:25:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2014-05-23 01:24:34 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2014-05-23 01:18:54 826368 ----a-w- C:\Windows\System32\coinst_14.200.dll
2014-05-23 01:12:34 1207296 ----a-w- C:\Windows\System32\atiadlxx.dll
2014-05-23 01:12:26 898560 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
.
============= FINISH: 19:41:02.40 ===============
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-07 19:47:51
-----------------------------
19:47:51.166 OS Version: Windows x64 6.1.7601 Service Pack 1
19:47:51.166 Number of processors: 6 586 0xA00
19:47:51.167 ComputerName: WILBUR UserName: SMl
19:47:52.521 Initialize success
19:47:52.592 VM: initialized successfully
19:47:52.616 VM: Amd CPU supported
19:48:01.078 VM: supported disk I/O storport.sys
19:48:54.952 AVAST engine defs: 14070701
19:49:02.774 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:49:02.776 Disk 0 Vendor: Samsung_SSD_840_EVO_250GB EXT0BB6Q Size: 238475MB BusType: 3
19:49:02.779 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000075
19:49:02.781 Disk 1 Vendor: AMD_____ 1.10 Size: 1907348MB BusType: 8
19:49:02.990 Disk 1 MBR read successfully
19:49:02.993 Disk 1 MBR scan
19:49:03.025 Disk 1 Windows 7 default MBR code
19:49:03.028 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:49:03.031 Disk 1 default boot code
19:49:03.092 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 1907246 MB offset 206848
19:49:03.211 Disk 1 scanning C:\Windows\system32\drivers
19:49:15.891 Service scanning
19:49:40.861 Modules scanning
19:49:40.865 Disk 1 trace - called modules:
19:49:40.894 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
19:49:40.898 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800dc5e060]
19:49:40.902 3 CLASSPNP.SYS[fffff8800205143f] -> nt!IofCallDriver -> \Device\00000075[0xfffffa800db369c0]
19:49:41.717 AVAST engine scan C:\Windows
19:49:43.865 AVAST engine scan C:\Windows\system32
19:53:23.531 AVAST engine scan C:\Windows\system32\drivers
19:53:38.099 AVAST engine scan C:\Users\SMl
19:59:04.283 AVAST engine scan C:\ProgramData
20:02:43.162 Scan finished successfully
20:04:49.038 Disk 1 MBR has been saved successfully to "C:\Users\SMl\Desktop\Malware Removal\MBR.dat"
20:04:49.070 The log file has been saved successfully to "C:\Users\SMl\Desktop\Malware Removal\aswMBR.txt"
Congratulations!: No immediate threats were found. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2014-06-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-06-11 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2014-03-03 Includes\Malware-000.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-03-03 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-06-11 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-06-11 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-01-28 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-03-14 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-02-19 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-06-11 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-03-14 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2010-03-10 Includes\TrojansC-01.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
11664
my noob thread (http://forums.spybot.info/showthread.php?70787-Need-help-after-browser-hijacker-removed-_MEI31722-folder-possible-trojan)
Thanks!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.60.2
Run by SMl at 19:40:31 on 2014-07-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16318.11263 [GMT -4:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\AMD\amdacpusrsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
C:\Windows\DAODx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\SMl\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
mRunOnce: [TURBO_BOOST_SETTING] <no file>
StartupFolder: C:\Users\SMl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~2.LNK - C:\Windows\System32\schtasks.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{8519AB2B-84ED-4C29-82D3-476E4573986E} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{BF0DB1FB-0A92-4BB1-8F0A-F25D405C15DF} : DHCPNameServer = 10.0.0.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SMl\AppData\Roaming\Mozilla\Firefox\Profiles\hhza8kzi.default\
FF - prefs.js: browser.search.selectedEngine -
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2012-12-10 293720]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-7-1 84536]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-4-23 56208]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-7-1 66616]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2014-2-1 30752]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2008-10-1 26624]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-11-11 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-11-11 178448]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-5-22 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-5-22 344064]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-12-14 131320]
R2 amdacpksd;ACP Kernel Service Driver;C:\Windows\System32\drivers\amdacpksd.sys [2014-5-22 276192]
R2 amdacpusrsvc;ACP User Service;C:\AMD\amdacpusrsvc.exe [2014-5-22 112640]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2013-3-23 96896]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-11-11 356128]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2013-11-30 21992]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-6-20 82160]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2013-4-7 15672]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-24 5037888]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-4-8 94720]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2014-2-16 90624]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-11-11 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-11-11 29280]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\System32\drivers\lvsels64.sys [2009-10-7 67992]
R3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-6-4 60640]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-3-23 1301504]
R3 VMfilt;VMfilt;C:\Windows\System32\drivers\VMfilt64.sys [2013-3-23 25600]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-3-17 401696]
S2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-12 111616]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-2-29 942080]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2013-3-23 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2013-3-23 41280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-1 19456]
S3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2014-5-31 129472]
S3 rzp1endpt;Razer platform 1 end point;C:\Windows\System32\drivers\rzp1endpt.sys [2014-4-8 39080]
S3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-3-31 126464]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-4-8 154792]
S3 rzvmouse;Razer Virtual Mouse;C:\Windows\System32\drivers\rzvmouse.sys [2014-4-8 31400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-12 56832]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-23 19968]
S3 VBAudioVACMME;VB-Audio Virtual Cable (WDM);C:\Windows\System32\drivers\vbaudio_cable64_win7.sys [2013-7-11 41192]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-23 1255736]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2w7x.sys [2010-4-27 783360]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-9-27 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-3-23 79360]
S4 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 352248]
S4 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-5-4 4492776]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-07-07 20:56:33 76152 ----a-w- C:\Windows\System32\PnkBstrA.exe
2014-07-07 19:42:14 -------- d-----w- C:\AdwCleaner
2014-07-07 19:31:16 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-07-07 19:27:10 -------- d-----w- C:\FRST
2014-07-07 17:50:42 -------- d-----w- C:\Program Files (x86)\ESET
2014-07-07 16:59:16 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-07 06:31:07 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9B49A27-07FB-4D7C-A0FE-B57B08422B0D}\mpengine.dll
2014-07-07 03:38:00 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-07-07 03:38:00 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8FE68A8C-2334-4365-9313-38E7C562558B}\gapaengine.dll
2014-07-07 03:37:43 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-02 10:36:34 -------- d-----w- C:\Users\SMl\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-07-02 03:22:15 64856 ----a-w- C:\Windows\System32\klfphc.dll
2014-07-02 03:21:54 84536 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys
2014-07-02 03:21:54 66616 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
2014-07-02 03:21:29 -------- d-----w- C:\Windows\ELAMBKUP
2014-07-02 03:21:25 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2014-07-02 03:21:22 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-07-02 03:21:14 92768 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-07-01 08:36:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-07-01 08:36:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-07-01 02:10:56 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys
2014-06-30 06:18:12 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-30 06:18:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-30 06:18:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 05:43:46 128728 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-30 05:43:46 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-30 05:43:23 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-30 05:33:50 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-30 01:42:41 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B332F8D3-B194-4542-BE6B-6BDEACDA1705}\mpengine.dll
2014-06-30 01:40:01 -------- d-----w- C:\Users\SMl\AppData\Local\Adobe
2014-06-26 04:52:36 -------- d-----w- C:\Users\SMl\AppData\Roaming\TheBannerSaga
2014-06-20 01:09:16 -------- d-----w- C:\Program Files\Blender Foundation
2014-06-12 19:05:34 46376 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
2014-06-11 01:57:09 -------- d-----w- C:\Users\SMl\AppData\Roaming\CardScan
2014-06-11 01:56:58 -------- d-----w- C:\Users\SMl\AppData\Local\CardScan
.
==================== Find3M ====================
.
2014-07-07 20:56:19 215416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-07-07 20:47:11 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-07-07 20:06:03 65536 ----a-w- C:\Windows\System32\spu_storage.bin
2014-07-02 03:38:50 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-07-02 03:38:50 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
2014-06-26 01:37:20 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-26 01:37:20 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-14 05:10:42 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-04 23:35:16 0 ----a-w- C:\Windows\ativpsrm.bin
2014-05-31 04:29:14 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-29 11:32:14 80384 ----a-w- C:\Windows\System32\RazerCoinstaller.dll
2014-05-23 02:28:16 127872 ----a-w- C:\Windows\System32\amdhcp64.dll
2014-05-23 02:28:16 117560 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2014-05-23 02:28:14 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2014-05-23 02:28:14 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2014-05-23 02:28:12 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2014-05-23 02:28:12 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2014-05-23 02:28:08 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2014-05-23 02:28:06 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2014-05-23 02:28:06 117584 ----a-w- C:\Windows\System32\atiu9p64.dll
2014-05-23 02:28:04 99520 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2014-05-23 02:28:04 1328352 ----a-w- C:\Windows\System32\aticfx64.dll
2014-05-23 02:28:02 1108432 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2014-05-23 02:27:56 10516488 ----a-w- C:\Windows\System32\atidxx64.dll
2014-05-23 02:27:54 9015224 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2014-05-23 02:27:48 7102496 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2014-05-23 02:27:42 6879016 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2014-05-23 02:27:38 7892000 ----a-w- C:\Windows\System32\atiumd6a.dll
2014-05-23 02:27:34 8108312 ----a-w- C:\Windows\System32\atiumd64.dll
2014-05-23 02:24:24 276192 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-05-23 02:22:08 15950336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2014-05-23 01:56:56 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2014-05-23 01:55:58 27529216 ----a-w- C:\Windows\System32\atio6axx.dll
2014-05-23 01:52:44 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2014-05-23 01:47:48 231424 ----a-w- C:\Windows\System32\clinfo.exe
2014-05-23 01:47:38 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2014-05-23 01:47:38 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2014-05-23 01:47:38 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2014-05-23 01:47:38 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2014-05-23 01:47:36 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-05-23 01:47:30 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2014-05-23 01:47:26 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2014-05-23 01:47:22 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2014-05-23 01:47:18 32874496 ----a-w- C:\Windows\System32\amdocl64.dll
2014-05-23 01:46:06 127488 ----a-w- C:\Windows\System32\mantle64.dll
2014-05-23 01:45:54 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-05-23 01:45:38 5224960 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-05-23 01:45:26 27841024 ----a-w- C:\Windows\SysWow64\amdocl.dll
2014-05-23 01:43:48 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2014-05-23 01:43:44 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-05-23 01:43:16 357376 ----a-w- C:\Windows\System32\amdacpusl.dll
2014-05-23 01:43:04 242688 ----a-w- C:\Windows\SysWow64\amdacpusl.dll
2014-05-23 01:40:52 23028224 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2014-05-23 01:38:08 366592 ----a-w- C:\Windows\System32\atiapfxx.exe
2014-05-23 01:38:02 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2014-05-23 01:38:00 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2014-05-23 01:37:52 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2014-05-23 01:37:50 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2014-05-23 01:37:44 4180992 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-05-23 01:37:34 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2014-05-23 01:35:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2014-05-23 01:31:00 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-05-23 01:30:50 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-05-23 01:27:46 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-05-23 01:27:42 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2014-05-23 01:25:46 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2014-05-23 01:25:38 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2014-05-23 01:25:32 588800 ----a-w- C:\Windows\System32\atieclxx.exe
2014-05-23 01:25:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2014-05-23 01:24:34 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2014-05-23 01:18:54 826368 ----a-w- C:\Windows\System32\coinst_14.200.dll
2014-05-23 01:12:34 1207296 ----a-w- C:\Windows\System32\atiadlxx.dll
2014-05-23 01:12:26 898560 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
.
============= FINISH: 19:41:02.40 ===============
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-07 19:47:51
-----------------------------
19:47:51.166 OS Version: Windows x64 6.1.7601 Service Pack 1
19:47:51.166 Number of processors: 6 586 0xA00
19:47:51.167 ComputerName: WILBUR UserName: SMl
19:47:52.521 Initialize success
19:47:52.592 VM: initialized successfully
19:47:52.616 VM: Amd CPU supported
19:48:01.078 VM: supported disk I/O storport.sys
19:48:54.952 AVAST engine defs: 14070701
19:49:02.774 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:49:02.776 Disk 0 Vendor: Samsung_SSD_840_EVO_250GB EXT0BB6Q Size: 238475MB BusType: 3
19:49:02.779 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000075
19:49:02.781 Disk 1 Vendor: AMD_____ 1.10 Size: 1907348MB BusType: 8
19:49:02.990 Disk 1 MBR read successfully
19:49:02.993 Disk 1 MBR scan
19:49:03.025 Disk 1 Windows 7 default MBR code
19:49:03.028 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:49:03.031 Disk 1 default boot code
19:49:03.092 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 1907246 MB offset 206848
19:49:03.211 Disk 1 scanning C:\Windows\system32\drivers
19:49:15.891 Service scanning
19:49:40.861 Modules scanning
19:49:40.865 Disk 1 trace - called modules:
19:49:40.894 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
19:49:40.898 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800dc5e060]
19:49:40.902 3 CLASSPNP.SYS[fffff8800205143f] -> nt!IofCallDriver -> \Device\00000075[0xfffffa800db369c0]
19:49:41.717 AVAST engine scan C:\Windows
19:49:43.865 AVAST engine scan C:\Windows\system32
19:53:23.531 AVAST engine scan C:\Windows\system32\drivers
19:53:38.099 AVAST engine scan C:\Users\SMl
19:59:04.283 AVAST engine scan C:\ProgramData
20:02:43.162 Scan finished successfully
20:04:49.038 Disk 1 MBR has been saved successfully to "C:\Users\SMl\Desktop\Malware Removal\MBR.dat"
20:04:49.070 The log file has been saved successfully to "C:\Users\SMl\Desktop\Malware Removal\aswMBR.txt"
Congratulations!: No immediate threats were found. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2014-06-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-06-11 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2014-03-03 Includes\Malware-000.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-03-03 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-06-11 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-06-11 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-01-28 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-03-14 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-02-19 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-06-11 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-03-14 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2010-03-10 Includes\TrojansC-01.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
11664
my noob thread (http://forums.spybot.info/showthread.php?70787-Need-help-after-browser-hijacker-removed-_MEI31722-folder-possible-trojan)