-
Smart Protection 2012/Internet Security 2012
Hello,
I was infected today by this virus and I have been unsuccessful in trying to remove it myself (and I'm pretty savvy and have removed crap from my computer before, this one has me very frustrated). I have run malwarebytes and combofix...neither have worked completely however they have made it so that I can at least browse and post this! When the virus started I wasn't able to open IE, task manager, regedit, ect unless I was in safe mode. Thank you in advance for all that you guys on this website do....this isn't the first (and probably won't be the last) time you have/will save my a$$.
Here are DDS logs:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Lessard at 17:48:25 on 2012-01-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2942.1542 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Lessard\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Users\Lessard\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Cisco Systems\Cisco Connect\CCPrt.exe
C:\Users\Lessard\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://bar.playboost.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Akamai NetSession Interface] "C:\Users\Lessard\AppData\Local\Akamai\netsession_win.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [CCPrt] "C:\Program Files (x86)\Cisco Systems\Cisco Connect\CCPrt.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Lessard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lessard\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Lessard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Lessard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\wkcalrem.LNK - C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
TCP: Interfaces\{79DDB5F8-CB49-4A2C-94BE-129D22D090A6} : DhcpNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{B8873028-63DA-4069-ADC7-2724961B0D7A} : DhcpNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{D5C2BD2E-7662-4A38-B7BA-8EC71A7F9C13} : DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun-x64: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [CCPrt] "C:\Program Files (x86)\Cisco Systems\Cisco Connect\CCPrt.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 265400]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-4-21 23680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-22 652872]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-11-10 520040]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504]
R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-1-21 130048]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-8 136176]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-8 136176]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-22 22:29:30 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-22 22:12:21 98816 ----a-w- C:\Windows\sed.exe
2012-01-22 22:12:21 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-22 22:12:21 256000 ----a-w- C:\Windows\PEV.exe
2012-01-22 22:12:21 208896 ----a-w- C:\Windows\MBR.exe
2012-01-22 20:17:51 -------- d-----w- C:\Users\Lessard\AppData\Roaming\Malwarebytes
2012-01-22 20:17:48 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-22 20:17:47 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-22 20:17:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-22 19:06:29 -------- d-----w- C:\ProgramData\F4D561EA000CDD8200656C6AB4EB2367
2012-01-22 18:15:13 -------- d-----w- C:\Users\Lessard\AppData\Local\{1F8D1C1E-F6F7-4226-AA27-D3CB88C37CB6}
2012-01-22 18:14:59 -------- d-----w- C:\Users\Lessard\AppData\Local\{45D2A68A-D60D-4793-A052-B5B921F2CF44}
2012-01-22 05:04:02 -------- d-----w- C:\Users\Lessard\AppData\Local\{84146D6F-913D-4FB0-921A-3748030B13FF}
2012-01-22 05:03:52 -------- d-----w- C:\Users\Lessard\AppData\Local\{B1B30D2D-3421-4171-80C6-81E92DF8CB67}
2012-01-21 13:32:34 -------- d-----w- C:\Users\Lessard\AppData\Local\{4F1F2BC7-7FBE-4CBC-B541-9214CE7A93DF}
2012-01-21 13:32:24 -------- d-----w- C:\Users\Lessard\AppData\Local\{D91C9E10-86F2-4E1B-8F69-CE817F9D9DEB}
2012-01-20 23:26:19 -------- d-----w- C:\Users\Lessard\AppData\Local\{9ED46218-DF97-4210-A5D2-B5F5F8A3949F}
2012-01-20 23:26:09 -------- d-----w- C:\Users\Lessard\AppData\Local\{A40F670A-2772-454B-BA75-11F44775534B}
2012-01-20 11:25:57 -------- d-----w- C:\Users\Lessard\AppData\Local\{11CB8FDC-0B90-4FF5-8C53-D118C5109795}
2012-01-20 11:25:47 -------- d-----w- C:\Users\Lessard\AppData\Local\{D0016335-9AFD-49A1-BB69-8E859CC6BF94}
2012-01-19 23:25:35 -------- d-----w- C:\Users\Lessard\AppData\Local\{BB1EECC0-C3EA-4776-BA0B-595D1A22A69B}
2012-01-19 23:25:25 -------- d-----w- C:\Users\Lessard\AppData\Local\{F6C6069E-9B38-4761-89A5-0D26F45AC326}
2012-01-19 11:24:55 -------- d-----w- C:\Users\Lessard\AppData\Local\{793263B5-FE95-4007-850F-C1A5DE97AAA7}
2012-01-19 11:24:43 -------- d-----w- C:\Users\Lessard\AppData\Local\{5D11933E-E616-4DCB-80BB-FFF980CAD86A}
2012-01-18 15:32:49 -------- d-----w- C:\Users\Lessard\AppData\Local\{4C176509-E47C-40DD-841A-927335B655E2}
2012-01-18 15:32:36 -------- d-----w- C:\Users\Lessard\AppData\Local\{BEF0DA74-6665-449D-A7FC-237946EBFFFB}
2012-01-18 03:32:23 -------- d-----w- C:\Users\Lessard\AppData\Local\{88CCF794-AE1E-4730-B48C-3444395D9580}
2012-01-18 03:32:13 -------- d-----w- C:\Users\Lessard\AppData\Local\{1107240F-A09B-4A0F-A61B-4469145481C3}
2012-01-17 14:30:55 -------- d-----w- C:\Users\Lessard\AppData\Local\{A38E030B-B9CA-4B7D-80E7-9BF00B067EA5}
2012-01-17 14:30:45 -------- d-----w- C:\Users\Lessard\AppData\Local\{449951FE-57CB-4024-8127-39FF553C004F}
2012-01-17 02:30:33 -------- d-----w- C:\Users\Lessard\AppData\Local\{7DBAC517-FE4B-4708-AC49-E195ABEE644A}
2012-01-17 02:30:22 -------- d-----w- C:\Users\Lessard\AppData\Local\{AB3F4C8E-4479-4669-B186-05145B4B0A95}
2012-01-16 18:35:58 -------- d-----w- C:\Program Files (x86)\Mystery Case Files - Escape from Ravenhearst
2012-01-16 13:53:18 -------- d-----w- C:\Users\Lessard\AppData\Local\{FE708B09-6DB6-4DC7-B2FE-1809AD54C716}
2012-01-16 13:53:08 -------- d-----w- C:\Users\Lessard\AppData\Local\{7C4B357B-6494-44A0-85FA-CBF5DCBB376B}
2012-01-16 12:53:20 -------- d-----w- C:\Users\Lessard\AppData\Roaming\PlayFavoriteGames
2012-01-16 01:52:56 -------- d-----w- C:\Users\Lessard\AppData\Local\{684F1367-963A-4BB6-AB99-490492CD55D7}
2012-01-16 01:52:45 -------- d-----w- C:\Users\Lessard\AppData\Local\{B81BE2B8-28B0-47EE-B83B-2AE6BD3E3E34}
2012-01-15 13:52:33 -------- d-----w- C:\Users\Lessard\AppData\Local\{57899F6C-E21C-49BE-8570-E4E952DDA449}
2012-01-15 13:52:23 -------- d-----w- C:\Users\Lessard\AppData\Local\{C7101507-4F36-4357-A9A8-BADBF1D0ACBF}
2012-01-14 16:27:29 -------- d-----w- C:\Users\Lessard\AppData\Local\{A45726A6-B2C8-43C5-ABBB-20989FA0F3B4}
2012-01-14 16:27:19 -------- d-----w- C:\Users\Lessard\AppData\Local\{EF396690-1233-4776-9A65-D381A5D74133}
2012-01-14 04:27:07 -------- d-----w- C:\Users\Lessard\AppData\Local\{4B3E8C82-E559-495B-BAAA-4A2DAD2A437D}
2012-01-14 04:26:57 -------- d-----w- C:\Users\Lessard\AppData\Local\{D7782A93-0970-4CCD-886D-09810D54E5E6}
2012-01-13 16:26:45 -------- d-----w- C:\Users\Lessard\AppData\Local\{B7E91A86-A6F5-49D6-8EBF-6F3B5AFB315D}
2012-01-13 16:26:35 -------- d-----w- C:\Users\Lessard\AppData\Local\{084067DF-9555-432B-B75A-1DBD324CFE80}
2012-01-13 04:26:23 -------- d-----w- C:\Users\Lessard\AppData\Local\{11DD4D43-979C-4B00-A109-F0F170B955B4}
2012-01-13 04:26:12 -------- d-----w- C:\Users\Lessard\AppData\Local\{7E725F16-60B0-4812-B678-55C413C5A099}
2012-01-12 16:26:00 -------- d-----w- C:\Users\Lessard\AppData\Local\{AFF7BAB4-F20A-4967-8795-1A2D9531D4FB}
2012-01-12 16:25:50 -------- d-----w- C:\Users\Lessard\AppData\Local\{4DBF3038-584A-4583-810C-4A14654EA0CE}
2012-01-12 03:45:28 -------- d-----w- C:\Users\Lessard\AppData\Local\{CC6EE9C6-7CAE-4192-AF4F-2DCBE27A4593}
2012-01-12 03:45:18 -------- d-----w- C:\Users\Lessard\AppData\Local\{076528FA-7D93-49FB-B73E-45C66851553C}
2012-01-11 19:42:49 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 19:42:49 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 19:42:49 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 19:42:49 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 19:42:48 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 19:42:48 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 19:42:47 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 19:42:47 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-11 15:44:54 -------- d-----w- C:\Users\Lessard\AppData\Local\{47278384-60C4-4AFA-A254-BE3A30867332}
2012-01-11 15:44:44 -------- d-----w- C:\Users\Lessard\AppData\Local\{94F5B53A-84CA-43B4-BF65-41F4312AF5B6}
2012-01-11 03:44:32 -------- d-----w- C:\Users\Lessard\AppData\Local\{755E8E14-0244-4F0A-AFF8-5DA9343C2355}
2012-01-11 03:44:22 -------- d-----w- C:\Users\Lessard\AppData\Local\{F556424F-31EC-4DBB-BAF2-C432F858A31C}
2012-01-10 15:44:10 -------- d-----w- C:\Users\Lessard\AppData\Local\{97354DA0-971F-42AB-953B-7BF391996498}
2012-01-10 15:44:00 -------- d-----w- C:\Users\Lessard\AppData\Local\{02D4387B-BAFC-42E2-81BB-612816E95025}
2012-01-10 03:43:49 -------- d-----w- C:\Users\Lessard\AppData\Local\{621E359A-5425-459F-95AD-6E13623DAA81}
2012-01-10 03:43:39 -------- d-----w- C:\Users\Lessard\AppData\Local\{66D137AA-D4B7-465C-B968-57013A3EA4DB}
2012-01-09 15:43:27 -------- d-----w- C:\Users\Lessard\AppData\Local\{BACAD211-24B4-4762-92F9-0974D1DF2A6C}
2012-01-09 15:43:17 -------- d-----w- C:\Users\Lessard\AppData\Local\{896796B0-7416-4E2C-9AD9-E87348C6B058}
2012-01-09 03:43:06 -------- d-----w- C:\Users\Lessard\AppData\Local\{08B33F68-3378-4185-A3BD-F51A66A68A0D}
2012-01-09 03:42:56 -------- d-----w- C:\Users\Lessard\AppData\Local\{0A222990-6F9F-4E47-BC1F-0D012A2C1980}
2012-01-08 15:42:44 -------- d-----w- C:\Users\Lessard\AppData\Local\{90EA4227-04BD-4366-8778-FFAC56A8B2C3}
2012-01-08 15:42:34 -------- d-----w- C:\Users\Lessard\AppData\Local\{0E53E334-4DF1-4486-9A79-23C2F0F26B85}
2012-01-08 03:42:22 -------- d-----w- C:\Users\Lessard\AppData\Local\{B47D4B12-4271-42B6-963F-7318965717B6}
2012-01-08 03:42:12 -------- d-----w- C:\Users\Lessard\AppData\Local\{4F064F61-A09D-4AA3-AE11-25634DD1A30A}
2012-01-07 15:41:58 -------- d-----w- C:\Users\Lessard\AppData\Local\{7506CF20-7D5A-4A62-80FA-28EA3D2991A4}
2012-01-07 15:41:46 -------- d-----w- C:\Users\Lessard\AppData\Local\{1F5DEA57-2547-41E3-9411-BD40436D8424}
2012-01-07 03:41:32 -------- d-----w- C:\Users\Lessard\AppData\Local\{21DFB40A-6F7A-4D3F-A107-EB0D95974CA2}
2012-01-07 03:41:20 -------- d-----w- C:\Users\Lessard\AppData\Local\{45A63870-69EF-4005-B0F6-7C808D1559A9}
2012-01-06 15:41:09 -------- d-----w- C:\Users\Lessard\AppData\Local\{39D06CF4-FD67-466B-8AEE-926344B4D326}
2012-01-06 15:40:58 -------- d-----w- C:\Users\Lessard\AppData\Local\{14C15890-3EB0-416D-BEB4-219EE178361C}
2012-01-06 03:40:47 -------- d-----w- C:\Users\Lessard\AppData\Local\{67AD3918-317A-440C-BD8A-45E7FF7B7397}
2012-01-06 03:40:36 -------- d-----w- C:\Users\Lessard\AppData\Local\{44402BEB-7470-4A91-A528-6E3971EB1533}
2012-01-05 15:40:25 -------- d-----w- C:\Users\Lessard\AppData\Local\{B5507A21-9E10-4999-8470-B7A240F2FAFC}
2012-01-05 15:40:15 -------- d-----w- C:\Users\Lessard\AppData\Local\{ADB7579C-E2A7-4506-964C-455BE72D92D4}
2012-01-05 03:40:03 -------- d-----w- C:\Users\Lessard\AppData\Local\{300C86BC-9C3F-492D-AA48-3AD2359533A5}
2012-01-05 03:39:51 -------- d-----w- C:\Users\Lessard\AppData\Local\{5EA09C41-284C-47B3-8D96-D5FE3E2800AC}
2012-01-04 15:39:40 -------- d-----w- C:\Users\Lessard\AppData\Local\{E8F71465-FADA-4697-97F5-A61FFA6880F4}
2012-01-04 15:39:30 -------- d-----w- C:\Users\Lessard\AppData\Local\{1DFB9C19-7067-41CC-9B1C-E2B15B28FF0E}
2012-01-04 03:39:19 -------- d-----w- C:\Users\Lessard\AppData\Local\{AEC22668-8D58-43D9-B2FE-D9E91EEC2565}
2012-01-04 03:39:08 -------- d-----w- C:\Users\Lessard\AppData\Local\{9CE84462-4427-4AA9-8563-0A537338DF65}
2012-01-04 00:14:19 -------- d-----w- C:\Users\Lessard\AppData\Roaming\MumboJumbo
2012-01-03 15:38:57 -------- d-----w- C:\Users\Lessard\AppData\Local\{9C16D7D5-CE25-40B5-94F2-B9A3707DC385}
2012-01-03 15:38:47 -------- d-----w- C:\Users\Lessard\AppData\Local\{8B9AC1E5-4862-451C-BE55-B42157997AD5}
2012-01-03 03:38:36 -------- d-----w- C:\Users\Lessard\AppData\Local\{3F72DD5A-1BFF-4619-8813-8FB6AA43C093}
2012-01-03 03:38:25 -------- d-----w- C:\Users\Lessard\AppData\Local\{C3A991F6-8A49-4832-80EB-FE7D1F67E56A}
2012-01-02 15:38:14 -------- d-----w- C:\Users\Lessard\AppData\Local\{0B85483A-337F-4563-8BFD-A84A57FBFE37}
2012-01-02 15:38:04 -------- d-----w- C:\Users\Lessard\AppData\Local\{8BF05BC8-B184-40D6-869D-83803A068A63}
2012-01-02 03:37:53 -------- d-----w- C:\Users\Lessard\AppData\Local\{EDAA5CCE-4AE8-42F1-8C57-E21C7545CD26}
2012-01-02 03:37:42 -------- d-----w- C:\Users\Lessard\AppData\Local\{03889D0E-D461-4C39-99AF-CCF54555242D}
2012-01-02 03:31:38 -------- d-----w- C:\Users\Lessard\AppData\Roaming\Artifex Mundi
2012-01-01 15:37:30 -------- d-----w- C:\Users\Lessard\AppData\Local\{6A8051B4-5046-41FC-8C70-8ED1E803CB1A}
2012-01-01 15:37:19 -------- d-----w- C:\Users\Lessard\AppData\Local\{BB5665A5-08CF-434E-AC48-C9A360CD9386}
2012-01-01 00:42:48 -------- d-----w- C:\Program Files (x86)\Maxis
2011-12-31 16:53:30 -------- d-----w- C:\Users\Lessard\AppData\Local\{34EBCA12-E6D4-4197-B3CB-7E3F32196E75}
2011-12-31 16:53:19 -------- d-----w- C:\Users\Lessard\AppData\Local\{9AA2844E-D8B5-4D2D-8290-CB652F1D6713}
2011-12-31 04:01:06 -------- d-----w- C:\Users\Lessard\AppData\Local\{4B56E530-0DFE-4820-872F-CF4B99590CA8}
2011-12-31 04:00:55 -------- d-----w- C:\Users\Lessard\AppData\Local\{FC5BBCD0-DF36-4A1B-836E-92272B37E66F}
2011-12-30 16:00:44 -------- d-----w- C:\Users\Lessard\AppData\Local\{FAE23D45-0C8F-4751-879E-311427E3ABDD}
2011-12-30 16:00:34 -------- d-----w- C:\Users\Lessard\AppData\Local\{A005F615-E1C6-403A-A87F-0E118719748D}
2011-12-30 01:57:20 -------- d-----w- C:\Users\Lessard\AppData\Local\{8547F5E4-659B-40C1-ABC8-00EE38338881}
2011-12-30 01:57:10 -------- d-----w- C:\Users\Lessard\AppData\Local\{C367B83C-9F6E-4939-BA20-93117442A699}
2011-12-29 13:56:59 -------- d-----w- C:\Users\Lessard\AppData\Local\{59E0A290-5E62-499A-BF97-B780F4F2E387}
2011-12-29 13:56:49 -------- d-----w- C:\Users\Lessard\AppData\Local\{7DD254D8-AB6C-446F-A013-E584EA18497F}
2011-12-29 01:47:04 -------- d-----w- C:\Users\Lessard\AppData\Local\{767A5872-2CA6-4B8F-9F19-5CFF169D2416}
2011-12-29 01:46:54 -------- d-----w- C:\Users\Lessard\AppData\Local\{05249C6E-6A1F-4F03-95B6-31C907B886D4}
2011-12-28 13:46:43 -------- d-----w- C:\Users\Lessard\AppData\Local\{DA1B5F96-3160-4ADA-894D-3DE99D8628AF}
2011-12-28 13:46:32 -------- d-----w- C:\Users\Lessard\AppData\Local\{AA4EBC4E-B68B-49B6-9292-7A320CCAB457}
2011-12-28 01:46:21 -------- d-----w- C:\Users\Lessard\AppData\Local\{AFFB53B3-EDE5-4481-855A-F35436E0B398}
2011-12-28 01:46:11 -------- d-----w- C:\Users\Lessard\AppData\Local\{A998513D-AAE3-4C7E-99D3-E624355E91E1}
2011-12-27 13:45:59 -------- d-----w- C:\Users\Lessard\AppData\Local\{30E1524E-6EEC-4045-AB73-F994549A4027}
2011-12-27 13:45:50 -------- d-----w- C:\Users\Lessard\AppData\Local\{3F6686FF-E732-40F0-AC78-31E37885DB0D}
2011-12-27 01:40:36 -------- d-----w- C:\Users\Lessard\AppData\Local\{E856E844-1A3D-4EC0-AC45-71468029EE87}
2011-12-27 01:40:26 -------- d-----w- C:\Users\Lessard\AppData\Local\{5B99EC13-A659-4574-8876-4D0A348656A9}
2011-12-26 13:40:15 -------- d-----w- C:\Users\Lessard\AppData\Local\{496AE4EC-7696-4BD3-A284-AF6DFEC2F05F}
2011-12-26 13:40:04 -------- d-----w- C:\Users\Lessard\AppData\Local\{5E9AC41C-9F84-4425-9066-836382057782}
2011-12-25 18:20:18 -------- d-----w- C:\Users\Lessard\AppData\Local\{1F8C49D9-1CF1-4CC8-BE21-545138775465}
2011-12-25 18:20:12 -------- d-----w- C:\Users\Lessard\AppData\Local\{6527B6B6-3593-485A-BB7E-1519E2B8CEBA}
2011-12-25 03:31:49 -------- d-----w- C:\Users\Lessard\AppData\Local\{4A9690F8-08B7-4237-B107-64B6398B30B4}
2011-12-25 03:31:38 -------- d-----w- C:\Users\Lessard\AppData\Local\{12E4CA30-24F1-4EA2-A30C-EC0A0DA36991}
2011-12-24 15:31:27 -------- d-----w- C:\Users\Lessard\AppData\Local\{59946011-0257-45BF-9603-15962147B4F4}
2011-12-24 15:31:16 -------- d-----w- C:\Users\Lessard\AppData\Local\{15559BA9-D100-42E2-B851-827C32C5C717}
2011-12-24 03:31:04 -------- d-----w- C:\Users\Lessard\AppData\Local\{7BD1CF92-5251-4AA6-A9E4-A9B84806FF98}
2011-12-24 03:30:53 -------- d-----w- C:\Users\Lessard\AppData\Local\{AD05BDA4-57FF-4633-BA95-57A2F72E17AB}
.
==================== Find3M ====================
.
2011-12-09 03:41:53 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-14 22:40:42 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-11-14 22:40:42 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-11-14 22:37:08 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-11-14 22:37:02 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
.
============= FINISH: 17:48:55.53 ===============
-
-
Thank you for responding!
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-30 19:02:18
-----------------------------
19:02:18.318 OS Version: Windows x64 6.1.7601 Service Pack 1
19:02:18.318 Number of processors: 2 586 0x602
19:02:18.318 ComputerName: LESSARD-PC UserName: Lessard
19:02:23.811 Initialize success
19:02:29.301 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
19:02:29.301 Disk 0 Vendor: ST350041 HP34 Size: 476940MB BusType: 3
19:02:29.321 Disk 0 MBR read successfully
19:02:29.321 Disk 0 MBR scan
19:02:29.321 Disk 0 unknown MBR code
19:02:29.331 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:02:29.341 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464857 MB offset 206848
19:02:29.371 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11981 MB offset 952233984
19:02:29.371 Service scanning
19:02:31.344 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:02:32.284 Modules scanning
19:02:32.294 Disk 0 trace - called modules:
19:02:32.324 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80030122c0]<<spqr.sys storport.sys hal.dll nvstor64.sys
19:02:32.334 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80034c3060]
19:02:32.354 3 CLASSPNP.SYS[fffff88001bb543f] -> nt!IofCallDriver -> [0xfffffa80031433b0]
19:02:32.364 5 ACPI.sys[fffff88000f767a1] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa8003245060]
19:02:32.384 \Driver\nvstor64[0xfffffa800312caf0] -> IRP_MJ_CREATE -> 0xfffffa80030122c0
19:02:32.384 Scan finished successfully
19:02:54.360 Disk 0 MBR has been saved successfully to "C:\Users\Lessard\Desktop\MBR.dat"
19:02:54.370 The log file has been saved successfully to "C:\Users\Lessard\Desktop\aswMBR log.txt"
-
Lets check a bit further
Download MBRCheck.exe to your desktop.
- Be sure to disable your security programs
- Double click on the file to run it
- A window will open on your desktop
- if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
- If nothing unusual is found just press Enter
- A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
- Please post the contents of that file.
-
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Compaq-Presario
System Product Name: NY540AA-ABL CQ5210F
Logical Drives Mask: 0x00003ffc
Kernel Drivers (total 161):
0x0301B000 \SystemRoot\system32\ntoskrnl.exe
0x03604000 \SystemRoot\system32\hal.dll
0x00B9B000 \SystemRoot\system32\kdcom.dll
0x00CA9000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CB6000 \SystemRoot\system32\PSHED.dll
0x00CCA000 \SystemRoot\system32\CLFS.SYS
0x00D28000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DE8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E0D000 \SystemRoot\System32\Drivers\spqr.sys
0x00F33000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00F3C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00F6B000 \SystemRoot\system32\drivers\ACPI.sys
0x00FC2000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FCC000 \SystemRoot\system32\drivers\vdrvroot.sys
0x010D0000 \SystemRoot\system32\drivers\pci.sys
0x01103000 \SystemRoot\System32\drivers\partmgr.sys
0x01118000 \SystemRoot\system32\drivers\volmgr.sys
0x0112D000 \SystemRoot\System32\drivers\volmgrx.sys
0x01189000 \SystemRoot\System32\drivers\mountmgr.sys
0x011A3000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x01000000 \SystemRoot\system32\DRIVERS\storport.sys
0x01063000 \SystemRoot\system32\drivers\amdxata.sys
0x0106E000 \SystemRoot\system32\drivers\fltmgr.sys
0x010BA000 \SystemRoot\system32\drivers\fileinfo.sys
0x011E1000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01206000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01453000 \SystemRoot\System32\Drivers\msrpc.sys
0x014B1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014CC000 \SystemRoot\System32\Drivers\cng.sys
0x0153E000 \SystemRoot\System32\drivers\pcw.sys
0x0154F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0160A000 \SystemRoot\system32\drivers\ndis.sys
0x016FD000 \SystemRoot\system32\drivers\NETIO.SYS
0x0175D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0186D000 \SystemRoot\System32\drivers\tcpip.sys
0x01A71000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01ABB000 \SystemRoot\system32\drivers\volsnap.sys
0x01B07000 \SystemRoot\System32\Drivers\spldr.sys
0x01B0F000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B49000 \SystemRoot\System32\Drivers\mup.sys
0x01B5B000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B64000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B9E000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BB4000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01BE4000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01BEE000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x01788000 \SystemRoot\system32\drivers\cdrom.sys
0x017B2000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x017C1000 \SystemRoot\System32\Drivers\Null.SYS
0x01BF8000 \SystemRoot\System32\Drivers\Beep.SYS
0x017CA000 \SystemRoot\System32\drivers\vga.sys
0x017D8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01559000 \SystemRoot\System32\drivers\watchdog.sys
0x01600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01569000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01572000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0157B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01586000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01597000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015B9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03CB4000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x03D15000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03D5A000 \SystemRoot\system32\drivers\afd.sys
0x03DE3000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03DEE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03C00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03C26000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03C35000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03C50000 \SystemRoot\system32\drivers\termdd.sys
0x03C64000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x01400000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C7E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C8A000 \SystemRoot\system32\drivers\mssmbios.sys
0x03C95000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x03CA0000 \SystemRoot\System32\drivers\discache.sys
0x015C6000 \SystemRoot\System32\Drivers\dfsc.sys
0x015E4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x013A9000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x00FD9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03EEA000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03EFF000 \SystemRoot\system32\drivers\usbohci.sys
0x03F0A000 \SystemRoot\system32\drivers\USBPORT.SYS
0x03F60000 \SystemRoot\system32\drivers\usbehci.sys
0x03F71000 \SystemRoot\system32\drivers\HDAudBus.sys
0x03F95000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x03E00000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x03E22000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04011000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x04142000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04144000 \SystemRoot\system32\drivers\modem.sys
0x04A81000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0557F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0441C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04510000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04556000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04566000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0457C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x045A0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x045AC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x045DB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05581000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04400000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x055A2000 \SystemRoot\System32\Drivers\pcouffin.sys
0x055B7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x055C6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0441A000 \SystemRoot\system32\drivers\swenum.sys
0x04A00000 \SystemRoot\system32\drivers\ks.sys
0x04153000 \SystemRoot\system32\DRIVERS\sxuptp.sys
0x04A43000 \SystemRoot\system32\drivers\umbus.sys
0x0419F000 \SystemRoot\system32\drivers\usbhub.sys
0x04A55000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04619000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x03E2F000 \SystemRoot\system32\drivers\portcls.sys
0x047CD000 \SystemRoot\system32\drivers\drmk.sys
0x047EF000 \SystemRoot\system32\drivers\ksthunk.sys
0x055D5000 \SystemRoot\system32\drivers\usbccgp.sys
0x04600000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03E6C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0460E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04A6A000 \SystemRoot\system32\DRIVERS\LEqdUsb.Sys
0x055F2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x047F5000 \SystemRoot\system32\DRIVERS\LHidEqd.Sys
0x04000000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03E85000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x03E98000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x03EAC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x045F6000 \SystemRoot\system32\DRIVERS\wdcsam64.sys
0x03EC7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03ED5000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x01800000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x03FE7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x0183E000 \SystemRoot\System32\drivers\Dxapi.sys
0x0184A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x007B0000 \SystemRoot\System32\cdd.dll
0x00980000 \SystemRoot\System32\ATMFD.DLL
0x028D3000 \SystemRoot\system32\drivers\luafv.sys
0x028F6000 \SystemRoot\system32\drivers\WudfPf.sys
0x02917000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0292C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02800000 \SystemRoot\system32\drivers\HTTP.sys
0x02944000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02975000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02993000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x036D6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03724000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03748000 \SystemRoot\System32\DRIVERS\srv2.sys
0x03600000 \SystemRoot\System32\DRIVERS\srv.sys
0x03698000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x06A79000 \SystemRoot\system32\drivers\peauth.sys
0x06B1F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06B2A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06B3C000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x06B70000 \??\C:\Windows\system32\drivers\mbam.sys
0x06BAA000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x06A42000 \??\C:\Users\Lessard\AppData\Local\Temp\aswMBR.sys
0x77010000 \Windows\System32\ntdll.dll
0x48020000 \Windows\System32\smss.exe
0xFF330000 \Windows\System32\apisetschema.dll
Processes (total 91):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
496 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
688 csrss.exe
744 C:\Windows\System32\wininit.exe
772 csrss.exe
816 C:\Windows\System32\services.exe
852 C:\Windows\System32\winlogon.exe
880 C:\Windows\System32\lsass.exe
888 C:\Windows\System32\lsm.exe
248 C:\Windows\System32\svchost.exe
656 C:\Windows\System32\nvvsvc.exe
704 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\svchost.exe
1604 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1628 C:\Program Files\LSI SoftModem\agr64svc.exe
1648 C:\Windows\SysWOW64\svchost.exe
1668 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1720 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
1752 C:\Program Files\Bonjour\mDNSResponder.exe
1784 C:\Windows\System32\svchost.exe
1832 C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
1536 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
2012 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2020 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
2056 C:\Windows\SysWOW64\PnkBstrA.exe
2084 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2180 C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
2212 C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
2240 C:\Windows\System32\svchost.exe
2272 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
2324 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2400 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2500 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2808 C:\Windows\System32\nvvsvc.exe
2692 C:\Windows\System32\taskhost.exe
3096 C:\Windows\System32\dwm.exe
3120 C:\Windows\explorer.exe
3288 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
3356 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
3380 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
3448 C:\Program Files (x86)\WinZip\WZQKPICK.EXE
3464 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
3496 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
3524 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
3540 C:\Users\Lessard\AppData\Roaming\Dropbox\bin\Dropbox.exe
3580 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
3612 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
3624 C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
3764 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
3780 C:\Program Files (x86)\Cisco Systems\Cisco Connect\CCPrt.exe
3884 C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
3972 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2816 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3168 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3716 C:\Windows\System32\SearchIndexer.exe
3568 C:\Windows\System32\svchost.exe
560 C:\Program Files\iPod\bin\iPodService.exe
4140 C:\Program Files\Windows Media Player\wmpnetwk.exe
2940 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3224 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
4692 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
2744 C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
3788 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
2684 C:\Users\Lessard\AppData\Local\Akamai\netsession_win.exe
4352 C:\Users\Lessard\AppData\Local\Akamai\netsession_win.exe
5516 C:\Windows\System32\svchost.exe
6912 C:\Users\Lessard\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
5816 C:\Windows\System32\wscript.exe
5692 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
5456 C:\Windows\System32\spoolsv.exe
4464 C:\Program Files (x86)\Microsoft Works\wksss.exe
5932 C:\Program Files (x86)\Microsoft Works\WkDStore.exe
6008 C:\Windows\splwow64.exe
6556 C:\Windows\System32\audiodg.exe
1696 C:\Windows\System32\taskhost.exe
4744 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3336 C:\Program Files (x86)\Internet Explorer\iexplore.exe
6096 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5228 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4652 C:\Windows\System32\SearchProtocolHost.exe
4216 C:\Windows\System32\SearchFilterHost.exe
3896 C:\Windows\System32\SearchProtocolHost.exe
6724 C:\Users\Lessard\Desktop\MBRCheck.exe
4808 C:\Windows\System32\conhost.exe
4604 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`83e00000 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: ST3500418AS, Rev: HP34
PhysicalDrive1 Model Number: WDMy Book 1110, Rev: 2003
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: A15FAC16D47AD84178DB83972F3DC176D861B6DD
930 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
-
Good Morning,
Its possible your Master Boot Record is infected, what I need is an offline MBR dump so we can analyse it, you will need a usb thumb drive for this.
- xPUD
We will need a USB stick and access to an uninfected machine.
We need to prepare the USB stick. It is not absolutely essential that it is formatted, but it may help if it is:
- Insert your USB drive ino the uninfected machine.
- Click on Start > My Computer > right click your USB drive > choose Format > Quick format.
Next
- Download both http://sourceforge.net/projects/unet...7.exe/download and http://noahdfear.net/downloads/boota...xpud-0.9.2.iso to the desktop of the uninfected machine.
- Make sure you have the formatted USB stick in the uninfected system.
- Double click on the unetbootin-xpud-windows-387.exe that you just downloaded.
- Press Run and then OK.
- Select the DiskImage option then click the browse button located on the right side of the textbox field.
- Browse to and select the xpud-0.9.2.iso file you downloaded.
- Verify the correct drive letter is selected for your USB device then click OK.
- It will install a little bootable OS on your USB device
- After it has completed do not choose to reboot the clean computer, simply close the installer.
Next
Next
- Take the USB to the infected computer and boot with it.
- The computer must be set to boot from the USB (as soon as BIOS is loaded tap F12 and choose to boot from the USB drive).
- A Welcome to xPUD screen will appear.
- Press File.
- Expand mnt.
- sda1,2...usually corresponds to your HDD.
- sdb1 is likely your USB drive.
- Click on the folder that represents your USB drive (sdb1 ?).
- Confirm that you see dumpit that you downloaded there.
- Double click on dumpit.
- Once completed, a file called mbr.zip will be saved to the USB drive.
- Take the USB drive back to the uninfected system and attach the mbr.zip in your next reply.
If you encounter any diffuculties just let me know.
-
Ok I followed you up until the download for dumpit. The link you gave me just brought up a bunch of characters but no download button. Please advise further. Thank you!!
-
It downloaded for me, make sure to use Firefox as IE kind of messes with the download
-
When I boot from the USB it tells me that it's missing an operating system...but this is what's on the USB...
-
Attach the dumpit log into this thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
