BBNetwork suggested I open this thread. Please see my thread regarding my problems for most of the pertinent info you'll need: System Scan cannot be viewed, always minimized. The other laptop shows no further indications of infection and uses the same security software. Both use WinPatrol, too. I have run Avast! AV Free 2014, Spybot 2.2, Malwarebytes' Antimalware and SuperANTISpyware to try and deal with this problem.
This is an HP Mini 210-4000, Intel Atom CPU N2800 @1.86GHz, 2GB RAM, W32 7 Starter SP1. Following is the DDS report and "attach" is attached.
aswmbr report follows the DDS report.
I have run ERUNT. Thank you for your help!
Namaste, peace & love,
Glenn
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2
Run by Roligio at 0:00:28 on 2013-11-16
Microsoft Windows 7 Starter 6.1.7601.1.1252.62.1033.18.2036.938 [GMT 7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Windows\DrvUtils.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startpage.com/
uSearch Bar = hxxp://www.bing.com
uProxyServer = localhost:21320
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - c:\program files\avast software\avast! ad blocker ie\Adblocker32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32
mRun: [HotKeysCmds] c:\windows\system32
mRun: [Persistence] c:\windows\system32
mRun: [GfxServiceInstall] c:\windows\system32
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [SetDefault] c:\program files\hewlett-packard\hp launchbox\SetDefault.exe
mRun: [HPOSD] c:\program files\hewlett-packard\hp on screen display\HPOSD.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRunOnce: [NCPluginUpdater] "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{86B1ABA0-7739-4F8B-A0A9-5830396DF100} : DHCPNameServer = 40.23.1.201 40.23.1.202
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}\348455242495F5D45425D4149444F5A454454595 : DHCPNameServer = 8.8.8.8 202.134.0.155
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}\35075656465507023513 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}\46E646F536166656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}\75162757E676020516374716 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}\77162757E6760716374716 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9A7811D1-E765-4034-887F-11DBB4C46590}\D497023507565646970423239343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F662485A-1E48-424D-92AF-2CEB26B9F4FA} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.1.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\roligio\appdata\roaming\mozilla\firefox\profiles\7zvcof2w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.1.2\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\roligio\appdata\local\fancy\npfancygame.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-8 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-8 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-8 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-8 403440]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-9 37664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-8 119024]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-3-1 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-8 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-8 70384]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-10-22 85152]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-12 50344]
R2 CDMA Device Utility and Service;CDMA Device Utility and Service;c:\windows\DrvUtils.exe [2013-5-9 198144]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;c:\program files\hewlett-packard\hp client services\HPClientServices.exe [2010-10-11 246840]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-3-1 13336]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-11-14 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-11-14 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-11-14 171416]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-10-22 158880]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-10-22 35488]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-10-22 290976]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-10-22 97440]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-10-22 25248]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-10-22 147616]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-10-22 60064]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-10-22 263968]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-10-22 445088]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-7-29 27632]
R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2011-12-30 1338368]
R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2011-12-30 418816]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-3-1 197224]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-3-1 394856]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\ToolbarUpdater.exe [2013-11-11 1734680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fcusbser;Wireless Network USB Device for Legacy Serial Communication FC;c:\windows\system32\drivers\fcusbser.sys [2013-5-18 105216]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-11-13 31560]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-5-12 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-5-12 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-5-12 27136]
S3 via_cdc_acm;VIA Telecom USB CDC ACM driver;c:\windows\system32\drivers\VIA_USB_SER.sys [2013-5-9 45056]
S3 VIA_USB_ETS;VIA Telecom ETS Driver;c:\windows\system32\drivers\VIA_USB_ETS.sys [2013-5-9 18560]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
.
=============== Created Last 30 ================
.
2013-11-15 15:58:55 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d6a28983-571d-4a9d-8ec5-233ad7e9fa61}\mpengine.dll
2013-11-14 16:25:00 0 ----a-w- c:\windows\system32\shoE6D8.tmp
2013-11-14 13:10:11 18968 ----a-w- c:\windows\system32\sdnclean.exe
2013-11-14 05:01:09 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 04:56:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-14 04:56:13 247808 ----a-w- c:\windows\system32\schannel.dll
2013-11-14 04:56:12 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2013-11-14 04:56:12 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-11-14 04:56:11 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-11-14 04:56:11 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-11-14 04:56:10 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-11-14 04:56:09 22016 ----a-w- c:\windows\system32\secur32.dll
2013-11-14 04:56:09 22016 ----a-w- c:\windows\system32\lsass.exe
2013-11-14 04:56:08 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-11-13 23:55:34 1796096 ----a-w- c:\windows\system32\authui.dll
2013-11-13 23:55:32 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 23:55:29 168960 ----a-w- c:\windows\system32\credui.dll
2013-11-13 21:26:45 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 21:20:28 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 21:20:27 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 21:20:25 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-13 13:57:45 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-12 10:54:26 -------- d-----w- c:\users\roligio\appdata\roaming\AVAST Software
2013-11-12 10:37:30 -------- d-----w- c:\programdata\Panda Security
2013-11-12 10:37:18 -------- d-----w- c:\program files\Panda USB Vaccine
2013-11-11 13:45:39 -------- d-----w- c:\users\roligio\appdata\local\{A8A2AE4E-B34F-4D57-BA80-9CAFBECEC63E}
2013-11-04 16:32:02 -------- d-----w- c:\users\roligio\appdata\local\{06EDDA9C-6217-4E69-BD3D-163800EEE16D}
2013-10-26 06:59:38 -------- d-----w- c:\users\roligio\appdata\local\{B2FAA972-B7FE-47AD-AC81-B9400DE3D795}
2013-10-23 13:28:21 -------- d-----w- c:\users\roligio\appdata\local\{F46DF804-99AD-4192-A95D-48DCA3DC41F6}
2013-10-21 03:18:08 -------- d-----w- c:\users\roligio\appdata\local\{99D3CDAA-EE65-455D-A0EA-717449CDFE55}
2013-10-19 17:07:13 -------- d-----w- c:\users\roligio\appdata\local\{B99EBC62-EA86-4FE7-B9B8-016D83C65226}
2013-10-19 16:36:11 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-11-14 13:35:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-14 13:35:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-12 10:42:02 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-12 10:42:02 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-12 10:42:02 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-12 10:42:02 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-12 10:42:01 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-12 10:42:01 43152 ----a-w- c:\windows\avastSS.scr
2013-11-10 18:55:28 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-12 07:03:50 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- c:\windows\system32\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-12 06:08:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-12 05:15:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-10 03:56:08 0 ----a-w- c:\windows\system32\sho2327.tmp
2013-09-18 20:08:56 94208 ----a-w- c:\windows\system32\dpl100.dll
2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 01:57:04 0 ----a-w- c:\windows\system32\shoA6AF.tmp
2013-09-03 06:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-08-26 09:13:02 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-08-25 16:36:11 0 ----a-w- c:\windows\system32\sho1168.tmp
2013-08-19 15:11:37 0 ----a-w- c:\windows\system32\sho2811.tmp
2013-08-17 17:40:24 0 ----a-w- c:\windows\system32\shoFAB2.tmp
.
============= FINISH: 0:01:43,98 ===============
attach.zip
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-16 00:36:51
-----------------------------
00:36:51.641 OS Version: Windows 6.1.7601 Service Pack 1
00:36:51.641 Number of processors: 4 586 0x3601
00:36:51.645 ComputerName: ROLIGIO-HP UserName: Roligio
00:36:53.137 Initialize success
00:36:54.628 AVAST engine defs: 13111401
00:37:55.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:37:55.266 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
00:37:55.398 Disk 0 MBR read successfully
00:37:55.406 Disk 0 MBR scan
00:37:55.414 Disk 0 Windows 7 default MBR code
00:37:55.429 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:37:55.447 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 290504 MB offset 409600
00:37:55.489 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14437 MB offset 595361792
00:37:55.530 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
00:37:55.548 Disk 0 scanning sectors +625139712
00:37:55.617 Disk 0 scanning C:\Windows\system32\drivers
00:38:14.469 Service scanning
00:38:36.554 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:38:45.281 Modules scanning
00:39:03.182 Disk 0 trace - called modules:
00:39:03.192 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys halmacpi.dll
00:39:03.195 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862d35a0]
00:39:03.196 3 CLASSPNP.SYS[889cb59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b56028]
00:39:04.299 AVAST engine scan C:\Windows
00:39:07.188 AVAST engine scan C:\Windows\system32
00:42:26.804 AVAST engine scan C:\Windows\system32\drivers
00:42:56.019 AVAST engine scan C:\Users\Roligio
01:00:51.228 AVAST engine scan C:\ProgramData
01:04:30.106 Scan finished successfully
01:06:53.759 Disk 0 MBR has been saved successfully to "C:\Users\Roligio\Desktop\MBR.dat"
01:06:53.781 The log file has been saved successfully to "C:\Users\Roligio\Desktop\aswMBR.txt"