Results 1 to 10 of 13

Thread: multiple scans with spybot do not get rid of all malware; some keep coming back

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Member
    Join Date
    Jun 2013
    Posts
    31

    Default multiple scans with spybot do not get rid of all malware; some keep coming back

    Hi there I have done three scans with spybot. I think the first detected 94 malware, the second 22 and the third 24. As you can surmise spyware just keeps coming back; especially one called qtrax. Also, don't seem to be able to get rid of babylon and delta search. Also, mid-scan, the firefox browser initiates by itself and opens up two blank tabs, which I assume (perhaps wrongly) that it is something to do with delta and babylon search as when I start google chrome these are the two tabs that open up. DDS log follows:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16660
    Run by Severin at 15:05:06 on 2013-08-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4010.2140 [GMT 1:00]
    .
    AV: Panda Antivirus Pro 2012 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
    SP: Panda Antivirus Pro 2012 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    FW: Panda Personal Firewall 2012 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\System32\spoolsv.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
    C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
    c:\program files (x86)\panda security\panda antivirus pro 2012\firewall\PSHOST.EXE
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
    C:\windows\system32\taskeng.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\windows\WebCam\S6000\S6000Mnt.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\TPSRVAUX.EXE
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
    uProxyServer = localhost:21320
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
    uRun: [Google Update] "C:\Users\Severin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Speech Recognition] "C:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    uRun: [Facebook Update] "C:\Users\Severin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [UpdateMyDrivers] C:\Program Files (x86)\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    uRun: [QtraxNotification] C:\Users\Severin\Qtrax\Player\Notification.exe
    mRun: [S6000Mnt] C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
    mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
    mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
    mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" /s
    mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{58516981-C74B-4722-B356-6CDD6A1BD643} : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{BC692A9C-C3E5-490B-904E-5ECFAD85981A} : DHCPNameServer = 194.168.4.100 194.168.8.100
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: avldr - avldr64.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\4sbx0wty.default\
    FF - prefs.js: browser.search.selectedEngine - Delta Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=EA00F2DF9AA08F3A
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Severin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Severin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Severin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\Severin\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.webcake.installId - 072f021e-f5a0-4827-afae-4ca59ec818ad
    FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - ea004bb7000000000000f2df9aa08f3a
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15860
    FF - user.js: extensions.delta.vrsn - 1.8.21.5
    FF - user.js: extensions.delta.vrsni - 1.8.21.5
    FF - user.js: extensions.delta.vrsnTs - 1.8.21.512:51:07
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=119357&tt=gc_
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-8-2 39008]
    R0 pavboot;Panda boot driver;C:\windows\System32\drivers\pavboot64.sys [2011-10-31 30792]
    R1 ShldFlt;Panda File Shield Driver;C:\windows\System32\drivers\ShldFlt.sys [2011-10-31 48136]
    R2 AmFSM;AmFSM;C:\windows\System32\drivers\amm6460.sys [2011-10-31 65608]
    R2 APPFLT;App Filter Plugin;C:\windows\System32\drivers\APPFLT64.SYS [2011-10-31 129096]
    R2 DSAFLT;DSA Filter Plugin;C:\windows\System32\drivers\dsaflt64.sys [2011-10-31 82952]
    R2 FNETMON;NetMon Filter Plugin;C:\windows\System32\drivers\fnetm64.sys [2011-10-31 31752]
    R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2010-10-31 35952]
    R2 IDSFLT;Ids Filter Plugin;C:\windows\System32\drivers\idsflt64.sys [2011-10-31 78920]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 376144]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 16056]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2011-10-31 72216]
    R2 NETFLTDI;Panda Net Driver [TDI Layer];C:\windows\System32\drivers\NETTDI64.SYS [2011-10-31 170504]
    R2 Panda Software Controller;Panda Software Controller;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe [2011-10-31 173312]
    R2 PAVFNSVR;Panda Function Service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe [2011-10-31 202016]
    R2 PavPrSrv;Panda Process Protection Service;C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe [2011-10-31 62768]
    R2 PAVSRV;Panda On-Access Anti-Malware Service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe [2011-10-31 314176]
    R2 PskSvcRetail;Panda PSK service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\psksvc.exe [2011-10-31 28992]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-6-14 1817560]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-6-14 1033688]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-6-14 171928]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-2 2656280]
    R2 WNMFLT;Wifi Monitor Filter Plugin;C:\windows\System32\drivers\wnmflt64.sys [2011-10-31 74760]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-15 317440]
    R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;C:\windows\System32\drivers\n64i1644.sys [2011-10-31 216648]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-8-2 307304]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-8-2 333928]
    R3 S6000KNT;S6000KNT_WebCam Driver;C:\windows\System32\drivers\S6000KNT.sys [2011-8-2 3293272]
    R3 voxaldriver;Voxal Filter Driver 2.10.00;C:\windows\System32\drivers\voxaldriverx64.sys [2013-3-14 33488]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 Olympus DVR Service;Olympus DVR Service;C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2010-4-21 176128]
    S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-2-27 155320]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-11 1255736]
    S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
    S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    SUnknown BrowserDefendert;BrowserDefendert; [x]
    .
    =============== File Associations ===============
    .
    FileExt: .vbe: VBEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    FileExt: .vbs: VBSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    FileExt: .js: JSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    FileExt: .jse: JSEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    FileExt: .wsf: WSFFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
    ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
    .
    =============== Created Last 30 ================
    .
    2013-08-18 12:53:30 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4E15C5FA-CD93-45E4-BD56-90793E4AE410}\offreg.dll
    2013-08-16 18:53:51 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4E15C5FA-CD93-45E4-BD56-90793E4AE410}\mpengine.dll
    2013-08-15 15:20:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-08-15 15:20:59 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-08-15 15:20:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
    2013-08-15 15:20:58 2241024 ----a-w- C:\windows\System32\wininet.dll
    2013-08-15 15:20:58 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
    2013-08-15 15:14:39 -------- d-----w- C:\windows\System32\MRT
    2013-08-15 15:08:04 1472512 ----a-w- C:\windows\System32\crypt32.dll
    2013-08-15 15:08:03 224256 ----a-w- C:\windows\System32\wintrust.dll
    2013-08-15 15:08:03 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
    2013-08-15 15:08:03 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
    2013-08-15 15:08:02 184320 ----a-w- C:\windows\System32\cryptsvc.dll
    2013-08-15 15:08:02 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
    2013-08-15 15:08:02 139776 ----a-w- C:\windows\System32\cryptnet.dll
    2013-08-15 15:08:02 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
    2013-07-20 10:17:40 35 ----a-w- C:\windows\SysWow64\RTELM.dll
    .
    ==================== Find3M ====================
    .
    2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll
    2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
    2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
    2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb
    2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
    2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
    2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
    2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
    2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll
    2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
    2013-07-09 05:54:22 1732032 ----a-w- C:\windows\System32\ntdll.dll
    2013-07-09 05:53:12 243712 ----a-w- C:\windows\System32\wow64.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
    2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll
    2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe
    2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2013-06-15 04:32:16 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
    2013-06-12 02:13:19 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-12 02:13:19 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2013-06-09 11:56:38 107368 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
    2013-06-09 11:56:36 35656 ----a-w- C:\windows\System32\LMIport.dll
    2013-06-09 11:56:36 100680 ----a-w- C:\windows\System32\LMIinit.dll
    2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys
    2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll
    2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll
    2013-05-27 19:46:20 107368 ----a-w- C:\windows\System32\LMIRfsClientNP.dll.000.bak
    .
    ============= FINISH: 15:05:54.37 ===============
    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-08-18 16:26:23
    -----------------------------
    16:26:23.323 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:26:23.323 Number of processors: 4 586 0x2A07
    16:26:23.324 ComputerName: SDOUBLE-LAP UserName: Severin
    16:26:24.140 Initialize success
    16:27:58.472 AVAST engine defs: 13081800
    16:28:09.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    16:28:09.410 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
    16:28:09.542 Disk 0 MBR read successfully
    16:28:09.548 Disk 0 MBR scan
    16:28:09.558 Disk 0 Windows VISTA default MBR code
    16:28:09.565 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
    16:28:09.580 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648
    16:28:09.591 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672
    16:28:09.627 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888
    16:28:09.656 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720
    16:28:09.715 Disk 0 scanning C:\windows\system32\drivers
    16:28:20.797 Service scanning
    16:28:48.778 Modules scanning
    16:28:48.795 Disk 0 trace - called modules:
    16:28:48.818 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    16:28:48.824 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006627060]
    16:28:48.829 3 CLASSPNP.SYS[fffff880011c743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004752050]
    16:28:50.218 AVAST engine scan C:\windows
    16:28:53.729 AVAST engine scan C:\windows\system32
    16:32:36.781 AVAST engine scan C:\windows\system32\drivers
    16:32:49.981 AVAST engine scan C:\Users\Severin
    16:48:34.726 AVAST engine scan C:\ProgramData
    16:50:18.688 Scan finished successfully
    16:50:47.945 Disk 0 MBR has been saved successfully to "C:\Users\Severin\Documents\MBR.dat"
    16:50:47.961 The log file has been saved successfully to "C:\Users\Severin\Documents\aswMBR.txt"

    Note: I've noticed it hasn't scanned all the user directories. Will I have to do this same process logged into the other users?
    Attached Files Attached Files

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •