-
again Malware problems :-(
Hi
A month ago I fixed my laptop with your help. http://forums.spybot.info/showthread.php?t=67898 At first things were running quite ok - though a bit slow, especially after rebooting it took more time than before to have my OS ready to use. Now, however I experienced more problems, especially occasional bluescreens and incredibly slow performance (also only occasionally) after booting. After a while it usually gets better and runs quite normal. However I thought this needs fixing...
I hope you can help me!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.17.2
Run by Chris Novak at 10:29:33 on 2013-04-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4061.2438 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Outpost Security Suite *Enabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=29F0915CBB3CB490816551512134D5A4
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: SwissAcademic.Citavi.Picker.IEPicker: {609D670F-B735-4da7-AC6D-F3BD358E325E} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\CHRISN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} -
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
TCP: NameServer = 158.223.1.2 158.223.1.1
TCP: Interfaces\{632DD7E9-34B8-460E-80C0-5646C13BBD4B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C} : DHCPNameServer = 158.223.1.2 158.223.1.1
TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\5416379724F687D2838354835383 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\75C414E4D2030313144364431383640333 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\76F6C64637D696478637F547563747 : DHCPNameServer = 158.223.0.122 158.223.0.123
TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\84E46424640275C414E4 : DHCPNameServer = 192.168.178.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
x64-Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe" /dump:os_startup
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-14 65336]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-17 14456]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-25 55856]
R1 afw;Agnitum Firewall Driver;C:\Windows\System32\drivers\afw.sys [2013-3-23 39528]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-5-30 28504]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-22 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-22 377920]
R1 SandBox;SandBox;C:\Windows\System32\drivers\SandBox64.sys [2013-3-23 1097672]
R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2013-3-23 3501696]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-25 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-22 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-22 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-14 45248]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-21 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-21 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-21 168384]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-25 1692480]
R3 afwcore;afwcore;C:\Windows\System32\drivers\afwcore.sys [2013-3-23 424040]
R3 CryptOSD;Phoenix CryptOSD Device Driver;C:\Windows\System32\drivers\CryptOSD.sys [2009-6-25 431488]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-10-25 172704]
R3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-10-25 5435904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ASWFilt;ASWFilt;C:\Windows\System32\Filt\ASWFilt64.dll [2013-3-23 49168]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-14 178624]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-10-25 35104]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-2-17 38096]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-21 19456]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-21 57856]
S3 VBEngNT;VBEngNT;C:\Windows\System32\drivers\VBEngNT.sys [2013-3-23 293048]
S3 VBFilt;VBFilt;C:\Windows\System32\Filt\VBFilt64.dll [2013-3-23 42976]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-26 1255736]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
.
=============== Created Last 30 ================
.
2013-04-05 14:28:20 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC6527FC-1198-4020-9A2A-CFDED8A396D4}\mpengine.dll
2013-03-23 22:54:11 -------- d-----w- C:\ProgramData\PopCap Games
2013-03-23 22:54:11 -------- d-----w- C:\Program Files (x86)\PopCap Games
2013-03-23 16:25:15 -------- d-----w- C:\Program Files\WinDjView
2013-03-23 09:05:27 293048 ----a-w- C:\Windows\System32\drivers\VBEngNT.sys
2013-03-23 09:05:25 1097672 ----a-w- C:\Windows\System32\drivers\SandBox64.sys
2013-03-23 09:05:17 424040 ----a-w- C:\Windows\System32\drivers\afwcore.sys
2013-03-23 09:04:10 39528 ----a-w- C:\Windows\System32\drivers\afw.sys
2013-03-23 09:03:37 -------- d-----w- C:\Windows\System32\Filt
2013-03-23 09:03:37 -------- d-----w- C:\Users\Chris Novak\AppData\Roaming\Agnitum
2013-03-23 09:03:35 -------- d-----w- C:\Program Files\Agnitum
2013-03-23 09:01:37 -------- d-----w- C:\ProgramData\Agnitum
2013-03-17 18:44:24 -------- d-----w- C:\ProgramData\YTD Video Downloader
2013-03-17 18:44:19 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2013-03-15 17:53:41 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-14 11:41:54 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-14 11:41:54 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-14 10:05:18 249712 ----a-w- C:\Windows\SysWow64\~.tmp
2013-03-13 16:44:32 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2013-03-13 16:44:09 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
.
==================== Find3M ====================
.
2013-03-15 08:50:24 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 08:50:24 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-08 23:41:44 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-08 23:41:40 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-08 23:41:40 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-07 21:53:36 544688 ----a-w- C:\Windows\System32\npdeployJava1.dll
2013-03-07 21:53:36 526256 ----a-w- C:\Windows\System32\deployJava1.dll
2013-03-06 23:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 23:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 23:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 23:32:51 41664 ----a-w- C:\Windows\avastSS.scr
2013-02-17 19:44:20 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
.
============= FINISH: 10:30:44,72 ===============
--------------------------
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-08 10:31:37
-----------------------------
10:31:37.406 OS Version: Windows x64 6.1.7601 Service Pack 1
10:31:37.406 Number of processors: 2 586 0x170A
10:31:37.408 ComputerName: CHRISNOVAK-PC UserName: Chris Novak
10:31:46.585 Initialize success
10:31:46.728 AVAST engine defs: 13040801
10:32:12.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:32:12.571 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 11
10:32:12.622 Disk 0 MBR read successfully
10:32:12.627 Disk 0 MBR scan
10:32:12.633 Disk 0 Windows VISTA default MBR code
10:32:12.638 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:32:12.669 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
10:32:12.685 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30800325
10:32:12.705 Disk 0 scanning C:\Windows\system32\drivers
10:32:23.341 Service scanning
10:32:39.589 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:32:44.891 Modules scanning
10:32:44.905 Disk 0 trace - called modules:
10:32:44.972 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8003ca72c0]<<spyi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:32:44.979 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cdc060]
10:32:44.985 3 CLASSPNP.SYS[fffff880013c143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b23060]
10:32:44.991 \Driver\atapi[0xfffffa8004b08320] -> IRP_MJ_CREATE -> 0xfffffa8003ca72c0
10:32:46.469 AVAST engine scan C:\Windows
10:32:49.504 AVAST engine scan C:\Windows\system32
10:36:39.390 AVAST engine scan C:\Windows\system32\drivers
10:36:53.277 AVAST engine scan C:\Users\Chris Novak
11:35:36.832 AVAST engine scan C:\ProgramData
11:41:14.365 Scan finished successfully
11:44:50.097 Disk 0 MBR has been saved successfully to "C:\Users\Chris Novak\Desktop\MBR.dat"
11:44:50.108 The log file has been saved successfully to "C:\Users\Chris Novak\Desktop\aswMBR.txt"
---------------------
Search results from Spybot - Search & Destroy
08.04.2013 12:34:01
Scan took 00:34:16.
19 items found.
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Chris Novak\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BFRC3K9A\s.ytimg.com\videostats.sol
Properties.size=275
Properties.md5=5D691C72E157C7148B14FF62D63DF717
Properties.filedate=1365258103
Properties.filedatetext=2013-04-06 15:21:43
Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Properties.size=5936
Properties.md5=EB776A3D407E1A5B3C8E100560B3BDE2
Properties.filedate=1365419637
Properties.filedatetext=2013-04-08 12:13:57
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Office\12.0\Word\File MRU
Windows.OpenWith: [SBI $48691F6C] Open with list - .ASD extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASD\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (5) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (33) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
History: [SBI $49804B54] Browser: History (118) (Browser: History, nothing done)
--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---
2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-02-21 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDECon64.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-12-18 Includes\Adware.sbi (*)
2013-03-27 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2013-03-26 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-03-26 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-03-19 Includes\TrojansC-02.sbi (*)
2013-03-26 Includes\TrojansC-03.sbi (*)
2013-03-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2013-03-01 Includes\TrojansC.sbi (*)
Last edited by tashi; 2013-04-08 at 15:30.
Reason: Added link
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
