Results 1 to 5 of 5

Thread: re: Hit with Fraud.hotspotshield

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member thumperslw's Avatar
    Join Date
    Aug 2013
    Location
    MI
    Posts
    6

    Default re: Hit with Fraud.hotspotshield

    Sorry I could not zip attach.txt...I am disabled and not familiar with compressed files.

    Edit Original thread in Spybot forum: http://forums.spybot.info/showthread...540#post444540

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16660
    Run by user at 12:54:25 on 2013-08-26
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.259 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton Management\Engine\3.0.0.133\ccSvcHst.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ERUNT\ERUNT.EXE
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    uURLSearchHooks: {2be1e5a2-f105-4bef-a622-88fe50899422} - <orphaned>
    uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
    uURLSearchHooks: FCToolbarURLSearchHook Class: {4d0c8d4a-2a4e-21e4-09ab-d3b4b9633a51} - C:\Program Files (x86)\MyPoints Toolbar\Helper.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: MyPoints Toolbar BHO: {B0E42C7C-F949-2C54-2944-6642CF94AB20} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll
    TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB: MyPoints Toolbar: {0B9F58EF-90CC-2474-09B9-80B8E9DD43CA} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: .doubleclick
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{F42AED73-89E9-40EB-A6BE-B4D1F2EAE325} : DHCPNameServer = 192.168.1.254
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
    R0 SMR311;Symantec SMR Utility Service 3.1.1;C:\Windows\System32\drivers\SMR311.SYS [2012-10-1 95392]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1308000.00E\symds64.sys [2012-8-15 451192]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1308000.00E\symefa64.sys [2012-8-15 1129120]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120817.001\IDSviA64.sys [2012-8-18 509088]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1308000.00E\symnets.sys [2012-8-15 405624]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-6-18 133160]
    R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2012-6-18 620584]
    R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-6-18 89640]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-6-18 39976]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-10 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-10 317440]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-22 25928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [2012-8-9 1161376]
    S1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0300000.085\ccSetx64.sys [2012-8-4 168608]
    S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys [2012-8-15 167072]
    S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1308000.00E\ironx64.sys [2012-8-15 190072]
    S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/18 14:17:13;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-25 241648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-17 19456]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-6-18 335464]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-10 42184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-17 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-17 30208]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    .
    =============== Created Last 30 ================
    .
    2013-08-26 15:57:09 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{305807BD-40E9-465D-A059-D09FA0D2D776}\mpengine.dll
    2013-08-25 14:08:53 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-08-24 22:15:49 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-08-24 22:15:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-08-22 15:12:13 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BE63BA2-D269-4AAD-A707-32EAADC39534}\gapaengine.dll
    2013-08-20 19:22:02 229984 ----a-w- C:\Windows\System32\drivers\06458454.sys
    2013-08-18 19:17:23 -------- d-----w- C:\Program Files\iTunes
    2013-08-18 19:17:23 -------- d-----w- C:\Program Files\iPod
    2013-08-18 19:17:23 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-08-18 19:15:09 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-08-14 11:09:46 1472512 ----a-w- C:\Windows\System32\crypt32.dll
    2013-08-14 11:09:46 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-08-14 11:09:45 224256 ----a-w- C:\Windows\System32\wintrust.dll
    2013-08-14 11:09:45 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-08-14 11:09:45 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-08-14 11:09:45 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-08-14 11:09:45 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-08-14 11:09:45 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-08-14 11:09:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-08-14 11:09:25 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-08-06 16:50:39 -------- d-----w- C:\Windows\pss
    2013-07-28 23:11:07 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-07-28 23:11:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2013-07-28 21:59:29 208216 ----a-w- C:\Windows\System32\drivers\14697374.sys
    .
    ==================== Find3M ====================
    .
    2013-08-21 18:32:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-21 18:32:55 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-22 01:58:48 207968 ----a-w- C:\Windows\System32\drivers\78999920.sys
    2013-07-10 10:26:51 208216 ----a-w- C:\Windows\System32\drivers\36657319.sys
    2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
    2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2013-02-23 23:21:24 178576 ----a-w- C:\Program Files (x86)\4zres.dll
    .
    ============= FINISH: 12:56:25.90 ===============


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16660
    Run by user at 12:54:25 on 2013-08-26
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.259 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton Management\Engine\3.0.0.133\ccSvcHst.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ERUNT\ERUNT.EXE
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    uURLSearchHooks: {2be1e5a2-f105-4bef-a622-88fe50899422} - <orphaned>
    uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
    uURLSearchHooks: FCToolbarURLSearchHook Class: {4d0c8d4a-2a4e-21e4-09ab-d3b4b9633a51} - C:\Program Files (x86)\MyPoints Toolbar\Helper.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: MyPoints Toolbar BHO: {B0E42C7C-F949-2C54-2944-6642CF94AB20} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll
    TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB: MyPoints Toolbar: {0B9F58EF-90CC-2474-09B9-80B8E9DD43CA} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: .doubleclick
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{F42AED73-89E9-40EB-A6BE-B4D1F2EAE325} : DHCPNameServer = 192.168.1.254
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
    R0 SMR311;Symantec SMR Utility Service 3.1.1;C:\Windows\System32\drivers\SMR311.SYS [2012-10-1 95392]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1308000.00E\symds64.sys [2012-8-15 451192]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1308000.00E\symefa64.sys [2012-8-15 1129120]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120817.001\IDSviA64.sys [2012-8-18 509088]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1308000.00E\symnets.sys [2012-8-15 405624]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-6-18 133160]
    R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2012-6-18 620584]
    R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-6-18 89640]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-6-18 39976]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-10 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-10 317440]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-22 25928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [2012-8-9 1161376]
    S1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0300000.085\ccSetx64.sys [2012-8-4 168608]
    S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys [2012-8-15 167072]
    S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1308000.00E\ironx64.sys [2012-8-15 190072]
    S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/18 14:17:13;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-25 241648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-17 19456]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-6-18 335464]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-10 42184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-17 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-17 30208]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    .
    =============== Created Last 30 ================
    .
    2013-08-26 15:57:09 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{305807BD-40E9-465D-A059-D09FA0D2D776}\mpengine.dll
    2013-08-25 14:08:53 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-08-24 22:15:49 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-08-24 22:15:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-08-22 15:12:13 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BE63BA2-D269-4AAD-A707-32EAADC39534}\gapaengine.dll
    2013-08-20 19:22:02 229984 ----a-w- C:\Windows\System32\drivers\06458454.sys
    2013-08-18 19:17:23 -------- d-----w- C:\Program Files\iTunes
    2013-08-18 19:17:23 -------- d-----w- C:\Program Files\iPod
    2013-08-18 19:17:23 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-08-18 19:15:09 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-08-14 11:09:46 1472512 ----a-w- C:\Windows\System32\crypt32.dll
    2013-08-14 11:09:46 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-08-14 11:09:45 224256 ----a-w- C:\Windows\System32\wintrust.dll
    2013-08-14 11:09:45 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-08-14 11:09:45 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-08-14 11:09:45 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-08-14 11:09:45 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-08-14 11:09:45 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-08-14 11:09:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-08-14 11:09:25 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-08-06 16:50:39 -------- d-----w- C:\Windows\pss
    2013-07-28 23:11:07 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-07-28 23:11:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2013-07-28 21:59:29 208216 ----a-w- C:\Windows\System32\drivers\14697374.sys
    .
    ==================== Find3M ====================
    .
    2013-08-21 18:32:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-21 18:32:55 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-22 01:58:48 207968 ----a-w- C:\Windows\System32\drivers\78999920.sys
    2013-07-10 10:26:51 208216 ----a-w- C:\Windows\System32\drivers\36657319.sys
    2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
    2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2013-02-23 23:21:24 178576 ----a-w- C:\Program Files (x86)\4zres.dll
    .
    ============= FINISH: 12:56:25.90 ===============


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-08-26 14:40:19
    -----------------------------
    14:40:19.076 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:40:19.076 Number of processors: 4 586 0x2505
    14:40:19.076 ComputerName: USER-HP UserName: user
    14:40:29.543 Initialize success
    14:42:34.408 AVAST engine defs: 13082600
    14:43:31.270 The log file has been saved successfully to "C:\Users\user\Contacts\Desktop\aswMBR.txt"
    Last edited by tashi; 2013-08-26 at 23:27. Reason: Split off from original thread, link provided

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •