Results 1 to 3 of 3

Thread: yet another win32.downloader.gen thread

  1. #1
    Junior Member
    Join Date
    Jul 2013
    Posts
    2

    Default yet another win32.downloader.gen thread

    Hoping someone can help remove this. Thanks in advance.


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.17267 BrowserJavaVersion: 10.25.2
    Run by mike at 12:47:27 on 2013-07-03
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3893.1702 [GMT 1:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
    C:\Users\mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\RunDll32.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files (x86)\3 Mobile Broadband\3Connect\Wilog.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://samsung.msn.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://samsung.msn.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
    BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
    TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Google Update] "C:\Users\mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [AdobeBridge] <no file>
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
    StartupFolder: C:\Users\mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{01E859F3-08C0-43EC-8747-36B85CD2A9FB} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{01E859F3-08C0-43EC-8747-36B85CD2A9FB}\244584572633D285852335 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{01E859F3-08C0-43EC-8747-36B85CD2A9FB}\35B4951443249303 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{01E859F3-08C0-43EC-8747-36B85CD2A9FB}\4584540265943445F425941402051425B4 : DHCPNameServer = 194.168.4.100 194.168.8.100 192.168.1.1
    TCP: Interfaces\{01E859F3-08C0-43EC-8747-36B85CD2A9FB}\4586560265963647F627961602051627B6 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{E25B6BC4-857D-421F-BCC2-B8A2F627FA61} : NameServer = 217.171.132.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\lzbwj5ja.default\
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\mike\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\lzbwj5ja.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-2-14 55856]
    R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-2-6 289520]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-28 45856]
    R1 Magic Tune;MagicTune;C:\Windows\System32\drivers\MTiCtwl.sys [2012-7-18 23096]
    R1 RapportCerberus_55550;RapportCerberus_55550;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_55550.sys [2013-7-2 588752]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-6-20 265040]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-6-20 377584]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2010-11-6 13824]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
    R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-2-5 1737464]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-6-20 1435928]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-5 1153368]
    R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-11-6 136192]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-6 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-6 271872]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
    S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2011-2-5 11776]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-6 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-07-03 09:44:33 -------- d-----w- C:\Users\mike\AppData\Local\Programs
    2013-06-26 15:49:35 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ==================== Find3M ====================
    .
    2013-06-26 18:21:20 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-06-26 15:49:12 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-06-26 15:49:12 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-06-19 23:40:54 289520 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
    2013-06-14 12:02:52 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-14 12:02:52 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-04-12 14:36:37 1653096 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 12:48:24.42 ===============

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-07-03 13:54:19
    -----------------------------
    13:54:19.307 OS Version: Windows x64 6.1.7600
    13:54:19.307 Number of processors: 4 586 0x2505
    13:54:19.322 ComputerName: MIKE-PC UserName: mike
    13:54:20.305 Initialize success
    13:57:15.052 AVAST engine defs: 13070200
    13:57:22.135 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    13:57:22.135 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
    13:57:22.260 Disk 0 MBR read successfully
    13:57:22.260 Disk 0 MBR scan
    13:57:22.275 Disk 0 unknown MBR code
    13:57:22.275 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
    13:57:22.307 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
    13:57:22.322 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 183296 MB offset 42149888
    13:57:22.338 Disk 0 Partition - 00 0F Extended LBA 273062 MB offset 417540096
    13:57:22.369 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 273061 MB offset 417542144
    13:57:22.525 Disk 0 scanning C:\Windows\system32\drivers
    13:57:35.130 Service scanning
    13:58:12.258 Modules scanning
    13:58:12.273 Disk 0 trace - called modules:
    13:58:12.305 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    13:58:12.305 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800442d060]
    13:58:12.320 3 CLASSPNP.SYS[fffff8800190743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800433c050]
    13:58:13.709 AVAST engine scan C:\Windows
    13:58:16.439 AVAST engine scan C:\Windows\system32
    14:05:44.612 AVAST engine scan C:\Windows\system32\drivers
    14:06:03.519 AVAST engine scan C:\Users\mike
    14:06:29.743 Disk 0 MBR has been saved successfully to "C:\Users\mike\Desktop\MBR.dat"
    14:06:29.758 The log file has been saved successfully to "C:\Users\mike\Desktop\aswMBR.txt"

    Sorry, forgot to attach attach.zip
    Last edited by tashi; 2013-07-03 at 17:18. Reason: Merged posts :-)

  2. #2
    Junior Member
    Join Date
    Jul 2013
    Posts
    2

    Default

    Hi,

    ran spybot again as admin, after downloading latest detections, and it seems to have got rid of it. Thanks guys and gals, donation on its way.

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,528

    Default

    Thank you for letting us know.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •