Results 1 to 10 of 21

Thread: Mothers computer infected with snapdo, internet is slow

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2014-03-14, 03:06 #1
    thebecker1998
    thebecker1998 is offline
    Junior Member
    Join Date
    Feb 2014
    Posts
    10

    Default Mothers computer infected with snapdo, internet is slow

    Edit http://forums.spybot.info/showthread...Chrome-is-down
    ------------------------------------
    My mother's computer has been infected with something called snapdo. it has gotten very slow and chrome is practically unuseable.

    It is a new computer. It had windows 8 first, but they hated W8, and it got the viruses on it too. They reformatted and instlaled windows 7 (should be a fresh copy of windows), and the viruses got there soon after.


    The symptoms are as follows:
    • -- booting up is very slow.
    • -- Exiting sleep mode takes a long time, and when it exits I get the error message Photo Screensaver stopped working



    MalwareBhytes keeps blocking stuff, seems to be associated with snapdo showing up in new tabs. Looking through the malwarebyte logs, it keeps on picking up on a few things, the IP addres
    It keeps on seen srptm.exe (associated with chome)
    IP address swithces between IP - block 162.210.192.22 and 192.26
    with port 63096, 63097, 63163, 63164, 63257, 63258
    and also logged sndappv2.exe with ip, with similar ports and ip addresses. I can retrieve the logs for you.

    For Chrome, Chrome runs as slow as the century bulb when picking up a new page or starting a new tab.
    The new tab and search engine defaults to search.snapdo.com
    It has some exentions that can't be killed: Highlightly and Tube Dimmer
    the startup pages have been canged to search.conduit.com and feed.snapdo.com

    Internet explorer is as slow as the grand pitch drop experiment when starting a new tab and now because of the virus it has popups too.
    It now has the snapdo bar, which reloads on every page. the home page and new tab page default to snapdo.

    IE also reports a few IE extensions:
    • tubeDimmer
    • highlightly
    • findwide
    • mywordtool
    • helpAPI
    • tidynetwork
    • snap.do
    • smartbarInternetExplorerBHOEngine
    • Yahoo! Toolbar (maybe not a virus, but can we remove it anyway?)
    • Yahoo tollbarhelper
    • singleInstanceClass by YHahoo! Inc




    I went looking through the Add/remove programs in control panel, and picked out some that look bad (i haven't done anythign yet)
    • albrechto
    • findewide.com
    • helperapps
    • highlightly
    • microsoftsecurityessentials (it doesn't look like the official i think)
    • mywordtool
    • snap.do
    • snap.do.engine
    • tubedimmer
    • tubedimmer updater
    • yahoo toolbar


    snapdo also put popups into IE that play sound. they take over the window and run very slow. It blocks access to the settings menu while it is loading. once the popup loads fully, control is returned and you can close the popup.

    I had to reboot during this process, it got hit with a waiting for "" programs to close (its an empty string) error message
    took a long time to wake up after that.

    As it started, I got a message from the UserAccount Control
    • the usual a program is trying to access your computer type of message
    • setup.exe
    • publisher: unknown
    • origine: harddrive
    • location: "c:\users\becker\appdata\local\temp\s3mk\setup.exe" /s

    I told it not to do anything

    The Microsoft Security Client User Interface popped up from the notification center. I don't recognize it as a real microsoft product, but i haven't used them in a while.
    before I rebooted it had mentioned that I was in need of protection. now it said I was protected. but nothing was changed by me. it seems fishy.





    SPYBOT LOGS
    spybotlogs.zip
    I ran SPybot, and hit a paradox. Spybot first said it was out of date. then when I tried to update it, it said it was already up to date. Look at the jpg picture attached in the zip to see what it looks like. I poked around in the update log, and it seems like it couldn't reach the spybot website to get the download. I then ran a scan, but I was having trouble editing the logfile like you guys like, so I ahve the whole thing in the zip.



    DDS LOGS
    attach.zip

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
    Run by Becker at 18:54:57 on 2014-03-13
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3968.2409 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
    C:\ProgramData\Updater\updater.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Highlightly\Service\hlsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\LPT\srpts.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Users\Becker\AppData\Local\Smartbar\Application\SnapDo.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Users\Becker\AppData\Local\LPT\srptm.exe
    C:\Program Files (x86)\Sendori\sndappv2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Program Files (x86)\albrechto\updatealbrechto.exe
    C:\Users\Becker\AppData\Local\Smartbar\Application\Lrcnta.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\albrechto\bin\utilalbrechto.exe
    C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Sendori\Sendori.Service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Sendori\SendoriSvc.exe
    C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
    C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
    C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\svchost.exe -k HPService
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH47wqF9LzMF7h-ut22GnIEZWP3gGGjbBLyGwL2-xlD2-e0vOs73owtEVWLW7LqEsA,,
    uSearch Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}
    uSearch Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}
    uDefault_Page_URL = hxxp://search.findwide.com/?guid={E4A8993E-209C-4F1D-9819-F5C172BAE9DB}&serpv=22
    uProxyServer =
    uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}
    mWinlogon: Userinit = userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: SmartbarInternetExplorerBHOEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
    BHO: Tube Dimmer: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\TubeDimmer\IE\common.dll
    BHO: MyWordTool: {45470599-8237-486D-87B5-E89CD6AED154} - C:\Users\Becker\AppData\Roaming\MyWordTool\temp.dat
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll
    BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HelperApps: {F36C4DA0-8FBA-3F8B-C92B-A66ED4B7B0EA} - C:\Program Files (x86)\HelperApps\petn.dll
    BHO: TidyNetwork: {FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} - C:\Program Files (x86)\TidyNetwork\petn.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: FindWide Toolbar: {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} -
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: FindWide Toolbar: {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} -
    TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [HP Photosmart 6520 series (NET)] "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BD352RK05XP:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
    uRun: [Updater] C:\ProgramData\Updater\updater.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    uRun: [Browser Infrastructure Helper] C:\Users\Becker\AppData\Local\Smartbar\Application\SnapDo.exe startup
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [Updater] C:\ProgramData\Updater\Updater.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: C:\Windows\System32\Sendori.dll
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
    TCP: Interfaces\{522A3844-5AD8-44BA-A5A4-41A0E32E5438} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{D9048890-0845-4039-B7C2-DCDC2B6D48AF} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: SmartbarInternetExplorerBHOEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll
    x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: HelperApps: {F36C4DA0-8FBA-3F8B-C92B-A66ED4B7B0EA} - C:\Program Files (x86)\HelperApps\petn64.dll
    x64-BHO: TidyNetwork: {FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} - C:\Program Files (x86)\TidyNetwork\petn64.dll
    x64-TB: FindWide Toolbar: {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} -
    x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-12-30 55024]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-12-31 28600]
    R1 hlnfd;hlnfd;C:\Windows\System32\drivers\hlnfd.sys [2013-12-4 58256]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-12-31 440400]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-12-31 440400]
    R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-10-7 120096]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-12-31 108440]
    R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-2-6 2360608]
    R2 hlsvc;Highlightly Client Service;C:\Program Files (x86)\Highlightly\Service\hlsvc.exe [2013-12-4 273000]
    R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-12-26 128280]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-12-26 161560]
    R2 LPTSystemUpdater;LPT System Updater Service;C:\Program Files (x86)\LPT\srpts.exe [2014-2-6 32288]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-26 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-26 701512]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
    R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-8-1 246488]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-1-20 3921880]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-1-20 1042272]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-1-20 171416]
    R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-10-7 22304]
    R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-10-7 3623200]
    R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-26 5341536]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-12-26 363800]
    R2 Update albrechto;Update albrechto;C:\Program Files (x86)\albrechto\updatealbrechto.exe [2013-12-6 111904]
    R2 Util albrechto;Util albrechto;C:\Program Files (x86)\albrechto\bin\utilalbrechto.exe [2014-1-1 111904]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-26 25928]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-21 805088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-26 19456]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-26 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-12-26 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-26 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-03-04 12:17:21 -------- d-----w- C:\Windows\Hewlett-Packard
    2014-03-04 08:45:19 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87ECD907-A281-4DEF-A01E-669B386D9E7A}\mpengine.dll
    2014-03-03 08:45:54 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-02-28 19:27:51 -------- d-----w- C:\Program Files (x86)\LPT
    2014-02-28 19:26:39 -------- d-----w- C:\Users\Becker\AppData\Local\LPT
    2014-02-28 19:26:38 -------- d-----w- C:\Users\Becker\AppData\Local\Smartbar
    2014-02-28 19:25:49 -------- d-----w- C:\Program Files (x86)\HiDefMedia
    2014-02-28 15:28:01 -------- d-----w- C:\Windows\pss
    2014-02-28 08:45:24 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F1524E68-8676-4223-B215-5C0CC13FEBD9}\gapaengine.dll
    2014-02-20 22:41:08 8835464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2014-02-13 08:03:23 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2014-02-13 08:03:23 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-02-12 11:45:16 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-02-12 11:45:15 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2014-02-12 11:45:15 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-02-12 11:45:15 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-02-12 11:43:59 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2014-02-12 11:43:59 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    .
    ==================== Find3M ====================
    .
    2014-03-13 22:38:17 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2014-02-20 22:41:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-20 22:41:28 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-01-22 13:52:10 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
    2014-01-22 13:52:10 108800 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
    2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-01-01 01:11:52 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2014-01-01 01:11:52 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2014-01-01 01:11:52 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-12-19 02:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ============= FINISH: 18:55:40.65 ===============




    aswMBR.txt

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-03-13 18:56:04
    -----------------------------
    18:56:04.912 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:56:04.912 Number of processors: 2 586 0x3A09
    18:56:04.912 ComputerName: BECKER-PC UserName: Becker
    18:56:06.425 Initialize success
    18:58:59.601 AVAST engine defs: 14031301
    19:01:48.331 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    19:01:48.331 Disk 0 Vendor: ST500DM002-1BD142 HP73 Size: 476940MB BusType: 11
    19:01:48.502 Disk 0 MBR read successfully
    19:01:48.502 Disk 0 MBR scan
    19:01:48.534 Disk 0 Windows 7 default MBR code
    19:01:48.565 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    19:01:48.612 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
    19:01:48.814 Disk 0 scanning C:\Windows\system32\drivers
    19:02:01.965 Service scanning
    19:02:39.920 Modules scanning
    19:02:39.920 Disk 0 trace - called modules:
    19:02:39.936 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    19:02:39.936 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046c1410]
    19:02:39.936 3 CLASSPNP.SYS[fffff8800196843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800425d430]
    19:02:41.464 AVAST engine scan C:\Windows
    19:02:43.898 AVAST engine scan C:\Windows\system32
    19:11:15.985 AVAST engine scan C:\Windows\system32\drivers
    19:11:42.754 AVAST engine scan C:\Users\Becker
    19:26:07.885 AVAST engine scan C:\ProgramData
    19:29:41.075 Scan finished successfully
    20:07:27.556 Disk 0 MBR has been saved successfully to "C:\Users\Becker\Desktop\MBR.dat"
    20:07:27.587 The log file has been saved successfully to "C:\Users\Becker\Desktop\aswMBR.txt"
    Last edited by tashi; 2014-03-14 at 05:26. Reason: Added link to previous topic
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules