Hi,
My laptop seems to be infected by malware. My parents were using the laptop for some time and unknowingly clicked few advertisements. The computer became very slow and the browser was too slow. Ad-aware detected some malicious program and started scanning and found few infected files. It offered to quarantine the files but ad-aware hangs. I ran avast but it found nothing. I downloaded Spybot S&D 2 and it found few adwares and PUPs and removed them. Still browser was too slow and ad-aware was still reporting that there was a suspicious program. Then I scanned with Ad-Aware in safe mode and ad-aware quarantined the files. Still the browser was very slow (chrome and firefox) I then found a service called browserdefendert in services list and disabled it. I was then not able to load any webpages even though i was connected to the internet. Error was related to proxy setting and I found a proxy setting (with some port number) enabled in IE. I disabled it and started working fine. However the service is still present (but in disabled mode) and not sure how to remove them.
DDS LOG:
----------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.21.2
Run by Owner at 0:31:30 on 2013-06-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4057.1224 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uWindow Title = Internet Explorer by Shankar
uSearch Bar = hxxp://www.bing.com
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4090115
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4090115
uProxyServer = localhost:21320
uURLSearchHooks: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: MRI_DISABLED - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -update plugin
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://uklonm01.tcs.com/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{7048C7E9-9A2F-4825-B151-15CA3894F710} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8A00907A-4E1C-411B-B75F-A19814F9BAEE} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: igfxcui - <no file>
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4090115
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncek8pao.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\System32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-18 21:54; wrc@avast.com; C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF - ExtSQL: 2013-06-11 18:58; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncek8pao.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-13 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-13 189936]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-9-11 69152]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2011-11-19 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2011-11-19 15920]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-1-15 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-4-5 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-10-29 378432]
R1 Ext2fs;Ext2fs;C:\Windows\System32\drivers\ext2fs.sys [2010-1-5 270272]
R1 IfsMount;IfsMount;C:\Windows\System32\drivers\ifsmount.sys [2010-1-5 80320]
R1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-3-28 586072]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-4-30 229040]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe [2009-1-15 86016]
R2 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-1-28 20549]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-10-29 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-10-29 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-29 46808]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-24 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-8-12 1737728]
R2 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2010-6-25 35344]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-4-30 1124632]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-6-7 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-6-7 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-6-7 171928]
R2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe [2011-9-15 206120]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-10 2886528]
R2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe [2011-9-15 185640]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-3 48488]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-12 17152]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:\Windows\System32\drivers\OA009Ufd.sys [2009-3-6 159840]
R3 OA009Vid;Creative Camera OA009 Function Driver;C:\Windows\System32\drivers\OA009Vid.sys [2009-3-19 311296]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-1-15 392192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-4-28 236688]
S3 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-4-30 357712]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-7-9 48640]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 BrowserDefendert;BrowserDefendert;C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe --> C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-5 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-29 366936]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-06-11 07:28:36 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 07:28:22 263584 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-06-11 07:28:22 174496 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-06-11 07:28:20 174496 ----a-w- C:\Windows\SysWow64\java.exe
2013-06-11 07:28:17 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-11 07:28:17 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-15 00:58:12 75016696 ----a-w- C:\Windows\System32\mrt.exe
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 64288 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2013-05-09 08:59:07 59144 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2013-05-09 08:59:07 378432 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:59:06 33400 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-09 08:58:11 287840 ----a-w- C:\Windows\System32\aswBoot.exe
2013-05-05 21:36:54 17818624 ----a-w- C:\Windows\System32\mshtml.dll
2013-05-05 21:16:13 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-05 19:25:43 12324864 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-05-05 19:12:55 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-02 01:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-30 00:28:50 236688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2013-04-15 14:17:12 901496 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 03:34:30 47104 ----a-w- C:\Windows\System32\cdd.dll
2013-04-09 01:55:57 2774016 ----a-w- C:\Windows\System32\win32k.sys
2013-04-05 01:19:09 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:01:06 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:58:59 237056 ----a-w- C:\Windows\System32\url.dll
2013-04-05 00:57:27 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:57 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-05 00:54:50 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-04-05 00:54:25 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-04-05 00:51:52 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-04-05 00:46:50 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:09:30 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:58 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 22:01:35 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-04-04 21:59:49 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:58:24 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-04-04 21:56:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-04-04 21:55:19 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-04-04 21:54:42 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-04-04 21:50:34 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 0:32:42.84 ===============
aswMBR LOG:
------------------
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-12 00:34:50
-----------------------------
00:34:50.030 OS Version: Windows x64 6.0.6002 Service Pack 2
00:34:50.030 Number of processors: 2 586 0x170A
00:34:50.032 ComputerName: OWNER-PC UserName: Owner
00:34:53.343 Initialize success
00:34:58.192 AVAST engine defs: 13061101
00:36:41.152 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:36:41.155 Disk 0 Vendor: ST932032 DE05 Size: 305245MB BusType: 3
00:36:41.313 Disk 0 MBR read successfully
00:36:41.316 Disk 0 MBR scan
00:36:41.320 Disk 0 Windows VISTA default MBR code
00:36:41.323 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
00:36:41.340 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
00:36:41.357 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 295204 MB offset 20561920
00:36:41.703 Disk 0 scanning C:\Windows\system32\drivers
00:36:59.536 Service scanning
00:37:31.004 Modules scanning
00:37:31.014 Disk 0 trace - called modules:
00:37:31.034 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
00:37:31.039 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047f6790]
00:37:31.046 3 CLASSPNP.SYS[fffffa60011d2c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004592050]
00:37:32.507 AVAST engine scan C:\Windows
00:37:54.167 AVAST engine scan C:\Windows\system32
00:43:39.474 AVAST engine scan C:\Windows\system32\drivers
00:43:59.321 AVAST engine scan C:\Users\Owner
01:20:30.282 AVAST engine scan C:\ProgramData
01:34:15.759 Scan finished successfully
07:57:29.970 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\malware removal process\MBR.dat"
07:57:29.978 The log file has been saved successfully to "C:\Users\Owner\Desktop\malware removal process\aswMBR.txt"