Hi everyone
I've been having some serious problems with my PC recently, and over the last months its been a lot slower to start up and has been running sluggishly. More worryingly 200GB has disappeared from the "C" hard drive, and I've been finding a number of PUP infections and hidden zero-byte folders have been appearing. Something has also attempted on several occasions to alter my web browser home page (i.e. to porn sites etc).
I have been using Avast as my main anti-virus program and this never picked up any infections of a serious nature. I've since deleted Avast and have tried using a number of other free anti-virus programs but have not had any luck, and I cannot download programs such as ad-aware and AVG due to errors in the installation processes (and I'm wondering whether a possible infection might be responsible for this).
I've most recently downloaded Stopzilla on a 15-day free trail, and this has discovered the following infections:
a) trojan.win32.mouse,gen (nkim/software/microsoft/windowsNT/currentversion/winlogon/taskman)
b) trojan.win32.generi.pak!colorac (c/users/stephen/desktop/easyjuice/easyjuice.exe)
c) two instances of Isearch toolbar
d) twelve instances of conduit toolbar
e) open candy
f) Hosts file A (non-restorable) = 18 hijackers
g) Host file D (non-restorable) = 4 hijackers
h) Host file B (non-restorable) = 14 trojans
I) Adware JS conduit (3 instances)
j) Isearch toolbar
k) Smartbar (this last one has been quarantined by Stopzilla)
I have an expansion drive which is powered by Memio and 6this automatically backs up my files - so it is likely that this drive has also been infected (and I've disconnected it to be on the safe side).
I'm worried that these problems are potentially quite serious and I'm reluctant to use my computer for internet banking or for making any online orders. I'd really appreciate it if anyone can make any sense of this and give me some advice about what to do next.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.51.2
Run by Stephen at 23:53:59 on 2014-03-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.850 [GMT 0:00]
.
AV: STOPzilla *Disabled/Updated* {17032AB1-6644-0721-EEB5-A39B8B646009}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla *Enabled/Updated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4}
FW: Privatefirewall *Enabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\atiesrxx.exe
C:\Program Files\STOPzilla!\SZServer.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - LocalServer32 - <no file>
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NEROMEDIAHOME.EXE" /AUTORUN
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN
dRun: [Advanced SystemCare 7] "c:\program files\iobit\advanced systemcare 7\ASCTray.exe" /Auto
StartupFolder: c:\users\stephen\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Search - <no file>
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1FA48FB6-FE93-4FB7-96F9-D591B098DBAE} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: linkscanner - <Clsid value has no data>
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stephen\appdata\roaming\mozilla\firefox\profiles\op65iw1g.default-1359464117396\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\iobit\surfing protection\browerprotect\np_Asc_plugin.dll
FF - plugin: c:\program files\iobit\surfing protection\browerprotect\NPASCSafariPluginProtect.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2014-1-23 18624]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2014-2-13 61328]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2014-2-22 130568]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2013-11-19 881440]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-1-1 217088]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-12 21504]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-7-8 25824]
R2 PFNet;Privacyware network service;c:\program files\privacyware\privatefirewall 7.0\pfsvc.exe [2013-12-17 374600]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2014-2-13 66344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-30 1153368]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2014-1-9 770432]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2014-2-13 61328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2013-11-19 2151200]
S2 SessionLauncher;SessionLauncher; [x]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2014-1-7 15384]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-9-12 21504]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-3-8 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-3-8 19008]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-10-7 38976]
S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2010-10-7 53312]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool; [x]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-9-27 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 IObitBarService;IObit Toolbar Service;c:\progra~1\iobitbar\toolbar\1.bin\i0barsvc.exe --> c:\progra~1\iobitbar\toolbar\1.bin\i0barsvc.exe [?]
S4 RoxLiveShare10;LiveShare P2P Server 10; [x]
.
=============== Created Last 30 ================
.
2014-03-05 21:29:58 -------- d-----w- c:\users\stephen\appdata\roaming\DriverCure
2014-03-05 21:29:55 -------- d-----w- c:\users\stephen\appdata\roaming\ParetoLogic
2014-03-05 21:28:52 -------- d-----w- c:\programdata\ParetoLogic
2014-03-05 03:41:02 -------- d-----w- c:\windows\A16BBEABAAEF434ABFDD297708709FCC.TMP
2014-03-05 00:16:47 9216 ----a-w- c:\windows\system32\ffnd.exe
2014-03-04 22:49:42 -------- d-----w- c:\users\stephen\appdata\roaming\FreeFixer
2014-03-04 22:49:42 -------- d-----w- c:\users\stephen\appdata\local\FreeFixer
2014-03-04 22:49:18 -------- d-----w- c:\program files\FreeFixer
2014-03-04 19:07:32 44424 ----a-r- c:\windows\system32\SBBD.EXE
2014-03-04 19:07:32 22064 ----a-r- c:\windows\system32\drivers\sbaphd.sys
2014-03-04 19:07:09 -------- d-----w- c:\programdata\STOPzilla!
2014-03-04 19:07:09 -------- d-----w- c:\program files\STOPzilla!
2014-03-01 19:58:53 -------- d-----w- c:\programdata\Kaspersky Lab
2014-03-01 19:58:53 -------- d-----w- c:\program files\Kaspersky Lab
2014-03-01 19:22:12 -------- d-----w- C:\rei
2014-03-01 19:09:21 81920 ----a-w- c:\windows\eSellerateControl350.dll
2014-03-01 19:09:21 356352 ----a-w- c:\windows\eSellerateEngine.dll
2014-03-01 19:09:21 274432 ----a-w- c:\windows\system32\ssleay32.dll
2014-03-01 19:09:21 1122304 ----a-w- c:\windows\system32\libeay32.dll
2014-02-28 18:49:23 -------- d-----w- c:\users\stephen\appdata\roaming\LavasoftStatistics
2014-02-27 18:13:28 -------- d-----w- c:\users\stephen\Coop
2014-02-25 18:15:55 -------- d-----w- c:\users\stephen\AbiSuite
2014-02-25 18:14:34 -------- d-----w- c:\program files\AbiWord
2014-02-25 16:23:28 -------- d-----w- c:\users\stephen\appdata\roaming\1H1Q
2014-02-25 09:40:41 -------- d-----w- c:\users\stephen\appdata\local\CrashDumps
2014-02-24 17:30:27 -------- d-----w- c:\program files\AVG
2014-02-24 16:34:18 -------- d-----w- c:\programdata\HitmanPro
2014-02-24 03:13:18 -------- d-----w- C:\AdwCleaner
2014-02-24 01:40:49 3749640 ----a-w- c:\users\stephen\privatefirewall.exe24 02 2014.exe
2014-02-23 15:34:27 14232 ----a-w- c:\windows\system32\sh4native.exe
2014-02-22 06:43:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-22 06:43:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-22 06:34:31 3749640 ----a-w- c:\users\stephen\privatefirewall.exe
2014-02-22 06:08:24 -------- d-----w- c:\users\stephen\appdata\local\Privatefirewall
2014-02-22 06:04:42 -------- d-----w- c:\users\stephen\appdata\local\MFAData
2014-02-22 06:04:42 -------- d-----w- c:\users\stephen\appdata\local\Avg2014
2014-02-22 04:44:28 130568 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2014-02-22 04:43:53 -------- d-----w- c:\programdata\Privacyware
2014-02-22 04:43:52 -------- d-----w- c:\program files\Privacyware
2014-02-22 03:49:31 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d6f44954-d839-4401-a1d9-9517f6a307dd}\mpengine.dll
2014-02-22 01:45:00 -------- d-----w- c:\users\stephen\appdata\roaming\SecureSearch
2014-02-18 23:26:15 110080 ----a-r- c:\users\stephen\appdata\roaming\microsoft\installer\{af549236-6258-4ac6-a043-5b5b89c6eb61}\IconF7A21AF7.exe
2014-02-18 23:26:15 110080 ----a-r- c:\users\stephen\appdata\roaming\microsoft\installer\{af549236-6258-4ac6-a043-5b5b89c6eb61}\IconD7F16134.exe
2014-02-18 23:26:15 110080 ----a-r- c:\users\stephen\appdata\roaming\microsoft\installer\{af549236-6258-4ac6-a043-5b5b89c6eb61}\IconCF33A0CE.exe
2014-02-18 23:26:07 -------- d-----w- C:\sh4ldr
2014-02-18 23:26:07 -------- d-----w- c:\program files\Enigma Software Group
2014-02-18 23:24:40 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2014-02-16 17:45:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-13 10:32:40 66344 ----a-r- c:\windows\system32\drivers\sbapifs.sys
2014-02-13 10:32:34 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2014-02-13 10:32:34 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2014-02-12 07:52:30 -------- d-----w- c:\users\stephen\Blank Cd's
.
==================== Find3M ====================
.
2014-02-21 09:42:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 09:42:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-17 03:14:35 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-08 15:54:22 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-01-03 10:00:12 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-01-01 16:49:47 317240 ----a-w- c:\windows\system32\Prounstl.exe
2014-01-01 16:49:46 83808 ----a-w- c:\windows\system32\NicInE6.dll
2014-01-01 16:49:46 28272 ----a-w- c:\windows\system32\NicCo26.dll
2014-01-01 16:49:45 232296 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2014-01-01 16:49:44 121440 ----a-w- c:\windows\system32\e1000msg.dll
2014-01-01 16:45:20 0 ----a-w- c:\windows\ativpsrm.bin
2014-01-01 16:12:02 319456 ----a-w- c:\windows\system32\Difxapi.dll
2014-01-01 16:12:01 58368 ----a-w- c:\windows\system32\coinst_8.97.100.11.dll
2014-01-01 16:12:01 48544 ----a-w- c:\windows\system32\atiuxpag.dll
2014-01-01 16:12:01 4782960 ----a-w- c:\windows\system32\atiumdva.dll
2013-12-24 10:40:32 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-18 06:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 15:26:43 204496 ----a-w- c:\program files\startuplite-setup-1.07.exe
.
============= FINISH: 23:54:37.95 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-06 01:05:19
-----------------------------
01:05:19.720 OS Version: Windows 6.0.6002 Service Pack 2
01:05:19.721 Number of processors: 4 586 0xF0B
01:05:19.721 ComputerName: RODLEY UserName:
01:05:24.198 Initialize success
01:07:06.495 AVAST engine defs: 14030500
01:07:14.266 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
01:07:14.268 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
01:07:14.416 Disk 0 MBR read successfully
01:07:14.419 Disk 0 MBR scan
01:07:14.423 Disk 0 Windows VISTA default MBR code
01:07:14.426 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
01:07:14.492 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
01:07:14.511 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
01:07:14.518 Disk 0 scanning sectors +976771072
01:07:14.685 Disk 0 scanning C:\Windows\system32\drivers
01:07:30.821 Service scanning
01:07:44.238 Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED** 32
01:07:52.723 Modules scanning
01:07:57.647 Disk 0 trace - called modules:
01:07:57.680 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
01:07:57.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854031e8]
01:07:57.690 3 CLASSPNP.SYS[87baf8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x83b36028]
01:08:01.133 AVAST engine scan C:\Windows
01:08:05.058 AVAST engine scan C:\Windows\system32
01:11:48.927 AVAST engine scan C:\Windows\system32\drivers
01:12:23.094 AVAST engine scan C:\Users\Stephen
01:13:16.075 Disk 0 MBR has been saved successfully to "C:\Users\Stephen\Desktop\MBR.dat"
01:13:16.083 The log file has been saved successfully to "C:\Users\Stephen\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-06 01:05:19
-----------------------------
01:05:19.720 OS Version: Windows 6.0.6002 Service Pack 2
01:05:19.721 Number of processors: 4 586 0xF0B
01:05:19.721 ComputerName: RODLEY UserName:
01:05:24.198 Initialize success
01:07:06.495 AVAST engine defs: 14030500
01:07:14.266 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
01:07:14.268 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
01:07:14.416 Disk 0 MBR read successfully
01:07:14.419 Disk 0 MBR scan
01:07:14.423 Disk 0 Windows VISTA default MBR code
01:07:14.426 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
01:07:14.492 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
01:07:14.511 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
01:07:14.518 Disk 0 scanning sectors +976771072
01:07:14.685 Disk 0 scanning C:\Windows\system32\drivers
01:07:30.821 Service scanning
01:07:44.238 Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED** 32
01:07:52.723 Modules scanning
01:07:57.647 Disk 0 trace - called modules:
01:07:57.680 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
01:07:57.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854031e8]
01:07:57.690 3 CLASSPNP.SYS[87baf8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x83b36028]
01:08:01.133 AVAST engine scan C:\Windows
01:08:05.058 AVAST engine scan C:\Windows\system32
01:11:48.927 AVAST engine scan C:\Windows\system32\drivers
01:12:23.094 AVAST engine scan C:\Users\Stephen
01:13:16.075 Disk 0 MBR has been saved successfully to "C:\Users\Stephen\Desktop\MBR.dat"
01:13:16.083 The log file has been saved successfully to "C:\Users\Stephen\Desktop\aswMBR.txt"
01:56:08.372 AVAST engine scan C:\ProgramData
01:56:33.329 Disk 0 MBR has been saved successfully to "C:\Users\Stephen\Desktop\MBR.dat"
01:56:33.371 The log file has been saved successfully to "C:\Users\Stephen\Desktop\aswMBR.txt"
Admin Edit
Copy pasted logs into post.