Good evening,
I've been recently trying to combat a Smitfraud c Generic bug and have been losing. It's been detected by Spybot and AGV, but neither has been able to remove, as per normal from what I've seen. I've seen quite a few topic on how to fix but know that it is recomended to ask for directions so here I am.
Here are the logs (jumped the gun on the aswmbr log it seemed like it was done x.x)
Thanks in advance for any help
DDS (Ver_2012-10-19.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Pete at 19:50:43 on 2012-10-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8088.6406 [GMT -4:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
C:\Windows\regedit.exe
C:\Windows\SysWOW64\ctfmon.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
uRun: [Steam] "C:\Games\Steam\Steam.exe" -silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl10] "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{792B389F-2944-4F41-946C-B17AC2401AA6} : DHCPNameServer = 64.233.217.3 64.233.217.5
TCP: Interfaces\{925AD308-9922-470B-8417-CF727AC2CDFB} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{925AD308-9922-470B-8417-CF727AC2CDFB}\45F6C656370223E243 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{925AD308-9922-470B-8417-CF727AC2CDFB}\45F6C656370253 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{925AD308-9922-470B-8417-CF727AC2CDFB}\64F6878657E64702D41627B623 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{925AD308-9922-470B-8417-CF727AC2CDFB}\B69647475686 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{925AD308-9922-470B-8417-CF727AC2CDFB}\E45445745414251313D25374 : DHCPNameServer = 10.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [KeepSafe] "C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe" /startup
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [DeLay] C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\3lv5q6dx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-06 11:17; avg@toolbar; C:\ProgramData\AVG Secure Search\12.2.5.34
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-5-15 32896]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-9-21 61792]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-26 16152]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-6 31080]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-26 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-26 787736]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2012-3-26 60184]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2012-1-9 11416576]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-13 677480]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-9-13 151904]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2012-8-5 30592]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-1 239616]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-2 5783672]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-2 193568]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-11 135952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FPLService;TrueSuiteService;C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-11-3 299848]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-13 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-11 627936]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-13 161560]
S2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-2-18 35328]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-13 363800]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-10-6 722528]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-8-1 10279424]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-8-1 368640]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-8-1 276288]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-1 342528]
S3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-8-1 8934976]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-20 115168]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2012-6-13 292968]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-22 1255736]
.
=============== Created Last 30 ================
.
2012-10-29 16:29:16 20480 ----a-w- C:\Windows\svchost.exe
2012-10-10 22:26:46 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 22:26:46 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 22:26:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 22:26:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 22:26:39 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 22:26:39 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 22:26:36 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 22:26:36 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 22:26:36 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 22:26:35 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 22:26:35 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 22:26:35 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-09 23:58:49 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-10-09 23:58:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-10-09 23:46:11 -------- d-----w- C:\Users\Pete\AppData\Local\NPE
2012-10-09 23:46:11 -------- d-----w- C:\ProgramData\Norton
2012-10-07 01:09:10 -------- d-----w- C:\Users\Pete\AppData\Roaming\.minecraft
2012-10-07 01:08:42 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-06 15:19:38 -------- d-----w- C:\Users\Pete\AppData\Local\AVG Secure Search
2012-10-06 15:17:35 -------- d-----w- C:\Users\Pete\AppData\Roaming\AVG2013
2012-10-06 15:17:10 -------- d-----w- C:\Users\Pete\AppData\Roaming\TuneUp Software
2012-10-06 15:17:02 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-10-06 15:16:57 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-10-06 15:16:56 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-10-06 15:16:55 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-10-06 03:46:29 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BD1D98D-CC8D-4C6A-9740-7DE9468AD970}\mpengine.dll
2012-10-06 03:43:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-06 02:17:50 -------- d--h--w- C:\$AVG
2012-10-06 02:17:49 -------- d-----w- C:\ProgramData\AVG2013
2012-10-06 02:17:11 -------- d-----w- C:\Program Files (x86)\AVG
2012-10-06 02:13:11 -------- d--h--w- C:\ProgramData\Common Files
2012-10-06 02:13:11 -------- d-----w- C:\Users\Pete\AppData\Local\MFAData
2012-10-06 02:13:11 -------- d-----w- C:\Users\Pete\AppData\Local\Avg2013
2012-10-06 02:13:11 -------- d-----w- C:\ProgramData\MFAData
2012-10-05 07:26:22 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-05 04:15:01 -------- d-----w- C:\Users\Pete\AppData\Roaming\Malwarebytes
2012-10-05 04:12:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-05 04:12:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-05 01:59:14 -------- d-----w- C:\Windows\SysWow64\%APPDATA%
2012-10-02 07:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
==================== Find3M ====================
.
2012-10-07 01:08:36 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-07 01:08:36 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-21 07:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 07:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-21 07:45:50 61792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-09-14 07:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-09-13 07:11:18 151904 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-02 03:55:23 0 ----a-w- C:\Windows\ativpsrm.bin
.
============= FINISH: 19:51:41.75 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-29 19:53:43
-----------------------------
19:53:43.883 OS Version: Windows x64 6.1.7601 Service Pack 1
19:53:43.883 Number of processors: 8 586 0x3A09
19:53:43.883 ComputerName: PETE-PC UserName: Pete
19:53:47.471 Initialize success
19:56:48.059 AVAST engine defs: 12102901
19:57:03.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:57:03.180 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
19:57:03.180 Device \Driver\iaStor -> MajorFunction fffffa800a5295e8
19:57:03.180 Disk 0 MBR read successfully
19:57:03.180 Disk 0 MBR scan
19:57:03.180 Disk 0 Windows 7 default MBR code
19:57:03.195 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
19:57:03.195 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715202 MB offset 411648
19:57:03.227 Disk 0 scanning C:\Windows\system32\drivers
19:57:12.397 Service scanning
19:57:30.898 Modules scanning
19:57:30.898 Disk 0 trace - called modules:
19:57:30.898 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800a5295e8]<<
19:57:30.898 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a54790]
19:57:30.898 3 CLASSPNP.SYS[fffff88000dd043f] -> nt!IofCallDriver -> [0xfffffa8007911950]
19:57:30.898 5 ACPI.sys[fffff88000f4a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a25050]
19:57:30.898 \Driver\iaStor[0xfffffa800a49f270] -> IRP_MJ_CREATE -> 0xfffffa800a5295e8
19:57:33.831 AVAST engine scan C:\Windows
19:57:36.358 AVAST engine scan C:\Windows\system32
19:59:58.610 AVAST engine scan C:\Windows\system32\drivers
20:00:09.671 AVAST engine scan C:\Users\Pete
20:02:04.222 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
20:02:04.222 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-29 19:53:43
-----------------------------
19:53:43.883 OS Version: Windows x64 6.1.7601 Service Pack 1
19:53:43.883 Number of processors: 8 586 0x3A09
19:53:43.883 ComputerName: PETE-PC UserName: Pete
19:53:47.471 Initialize success
19:56:48.059 AVAST engine defs: 12102901
19:57:03.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:57:03.180 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
19:57:03.180 Device \Driver\iaStor -> MajorFunction fffffa800a5295e8
19:57:03.180 Disk 0 MBR read successfully
19:57:03.180 Disk 0 MBR scan
19:57:03.180 Disk 0 Windows 7 default MBR code
19:57:03.195 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
19:57:03.195 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715202 MB offset 411648
19:57:03.227 Disk 0 scanning C:\Windows\system32\drivers
19:57:12.397 Service scanning
19:57:30.898 Modules scanning
19:57:30.898 Disk 0 trace - called modules:
19:57:30.898 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800a5295e8]<<
19:57:30.898 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a54790]
19:57:30.898 3 CLASSPNP.SYS[fffff88000dd043f] -> nt!IofCallDriver -> [0xfffffa8007911950]
19:57:30.898 5 ACPI.sys[fffff88000f4a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a25050]
19:57:30.898 \Driver\iaStor[0xfffffa800a49f270] -> IRP_MJ_CREATE -> 0xfffffa800a5295e8
19:57:33.831 AVAST engine scan C:\Windows
19:57:36.358 AVAST engine scan C:\Windows\system32
19:59:58.610 AVAST engine scan C:\Windows\system32\drivers
20:00:09.671 AVAST engine scan C:\Users\Pete
20:02:04.222 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
20:02:04.222 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR.txt"
20:04:34.591 AVAST engine scan C:\ProgramData
20:05:04.558 Scan finished successfully
20:07:03.836 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
20:07:03.852 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR.txt"
I've been recently trying to combat a Smitfraud c Generic bug and have been losing. It's been detected by Spybot and AGV, but neither has been able to remove, as per normal from what I've seen. I've seen quite a few topic on how to fix but know that it is recomended to ask for directions so here I am.
Here are the logs (jumped the gun on the aswmbr log it seemed like it was done x.x)
Thanks in advance for any help
DDS (Ver_2012-10-19.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Pete at 19:50:43 on 2012-10-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8088.6406 [GMT -4:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
C:\Windows\regedit.exe
C:\Windows\SysWOW64\ctfmon.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
uRun: [Steam] "C:\Games\Steam\Steam.exe" -silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl10] "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{792B389F-2944-4F41-946C-B17AC2401AA6} : DHCPNameServer = 64.233.217.3 64.233.217.5
TCP: Interfaces\{925AD308-9922-470B-8417-CF727AC2CDFB} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{925AD308-9922-470B-8417-CF727AC2CDFB}\45F6C656370223E243 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{925AD308-9922-470B-8417-CF727AC2CDFB}\45F6C656370253 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{925AD308-9922-470B-8417-CF727AC2CDFB}\64F6878657E64702D41627B623 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{925AD308-9922-470B-8417-CF727AC2CDFB}\B69647475686 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{925AD308-9922-470B-8417-CF727AC2CDFB}\E45445745414251313D25374 : DHCPNameServer = 10.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [KeepSafe] "C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe" /startup
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [DeLay] C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\3lv5q6dx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-06 11:17; avg@toolbar; C:\ProgramData\AVG Secure Search\12.2.5.34
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-5-15 32896]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-9-21 61792]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-26 16152]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-6 31080]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-26 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-26 787736]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2012-3-26 60184]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2012-1-9 11416576]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-13 677480]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-9-13 151904]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2012-8-5 30592]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-1 239616]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-2 5783672]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-2 193568]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-11 135952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FPLService;TrueSuiteService;C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-11-3 299848]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-13 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-11 627936]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-13 161560]
S2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-2-18 35328]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-13 363800]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-10-6 722528]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-8-1 10279424]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-8-1 368640]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-8-1 276288]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-1 342528]
S3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-8-1 8934976]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-20 115168]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2012-6-13 292968]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-22 1255736]
.
=============== Created Last 30 ================
.
2012-10-29 16:29:16 20480 ----a-w- C:\Windows\svchost.exe
2012-10-10 22:26:46 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 22:26:46 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 22:26:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 22:26:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 22:26:39 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 22:26:39 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 22:26:36 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 22:26:36 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 22:26:36 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 22:26:35 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 22:26:35 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 22:26:35 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-09 23:58:49 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-10-09 23:58:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-10-09 23:46:11 -------- d-----w- C:\Users\Pete\AppData\Local\NPE
2012-10-09 23:46:11 -------- d-----w- C:\ProgramData\Norton
2012-10-07 01:09:10 -------- d-----w- C:\Users\Pete\AppData\Roaming\.minecraft
2012-10-07 01:08:42 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-06 15:19:38 -------- d-----w- C:\Users\Pete\AppData\Local\AVG Secure Search
2012-10-06 15:17:35 -------- d-----w- C:\Users\Pete\AppData\Roaming\AVG2013
2012-10-06 15:17:10 -------- d-----w- C:\Users\Pete\AppData\Roaming\TuneUp Software
2012-10-06 15:17:02 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-10-06 15:16:57 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-10-06 15:16:56 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-10-06 15:16:55 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-10-06 03:46:29 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BD1D98D-CC8D-4C6A-9740-7DE9468AD970}\mpengine.dll
2012-10-06 03:43:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-06 02:17:50 -------- d--h--w- C:\$AVG
2012-10-06 02:17:49 -------- d-----w- C:\ProgramData\AVG2013
2012-10-06 02:17:11 -------- d-----w- C:\Program Files (x86)\AVG
2012-10-06 02:13:11 -------- d--h--w- C:\ProgramData\Common Files
2012-10-06 02:13:11 -------- d-----w- C:\Users\Pete\AppData\Local\MFAData
2012-10-06 02:13:11 -------- d-----w- C:\Users\Pete\AppData\Local\Avg2013
2012-10-06 02:13:11 -------- d-----w- C:\ProgramData\MFAData
2012-10-05 07:26:22 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-05 04:15:01 -------- d-----w- C:\Users\Pete\AppData\Roaming\Malwarebytes
2012-10-05 04:12:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-05 04:12:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-05 01:59:14 -------- d-----w- C:\Windows\SysWow64\%APPDATA%
2012-10-02 07:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
==================== Find3M ====================
.
2012-10-07 01:08:36 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-07 01:08:36 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-21 07:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 07:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-21 07:45:50 61792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-09-14 07:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-09-13 07:11:18 151904 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-02 03:55:23 0 ----a-w- C:\Windows\ativpsrm.bin
.
============= FINISH: 19:51:41.75 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-29 19:53:43
-----------------------------
19:53:43.883 OS Version: Windows x64 6.1.7601 Service Pack 1
19:53:43.883 Number of processors: 8 586 0x3A09
19:53:43.883 ComputerName: PETE-PC UserName: Pete
19:53:47.471 Initialize success
19:56:48.059 AVAST engine defs: 12102901
19:57:03.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:57:03.180 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
19:57:03.180 Device \Driver\iaStor -> MajorFunction fffffa800a5295e8
19:57:03.180 Disk 0 MBR read successfully
19:57:03.180 Disk 0 MBR scan
19:57:03.180 Disk 0 Windows 7 default MBR code
19:57:03.195 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
19:57:03.195 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715202 MB offset 411648
19:57:03.227 Disk 0 scanning C:\Windows\system32\drivers
19:57:12.397 Service scanning
19:57:30.898 Modules scanning
19:57:30.898 Disk 0 trace - called modules:
19:57:30.898 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800a5295e8]<<
19:57:30.898 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a54790]
19:57:30.898 3 CLASSPNP.SYS[fffff88000dd043f] -> nt!IofCallDriver -> [0xfffffa8007911950]
19:57:30.898 5 ACPI.sys[fffff88000f4a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a25050]
19:57:30.898 \Driver\iaStor[0xfffffa800a49f270] -> IRP_MJ_CREATE -> 0xfffffa800a5295e8
19:57:33.831 AVAST engine scan C:\Windows
19:57:36.358 AVAST engine scan C:\Windows\system32
19:59:58.610 AVAST engine scan C:\Windows\system32\drivers
20:00:09.671 AVAST engine scan C:\Users\Pete
20:02:04.222 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
20:02:04.222 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-29 19:53:43
-----------------------------
19:53:43.883 OS Version: Windows x64 6.1.7601 Service Pack 1
19:53:43.883 Number of processors: 8 586 0x3A09
19:53:43.883 ComputerName: PETE-PC UserName: Pete
19:53:47.471 Initialize success
19:56:48.059 AVAST engine defs: 12102901
19:57:03.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:57:03.180 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
19:57:03.180 Device \Driver\iaStor -> MajorFunction fffffa800a5295e8
19:57:03.180 Disk 0 MBR read successfully
19:57:03.180 Disk 0 MBR scan
19:57:03.180 Disk 0 Windows 7 default MBR code
19:57:03.195 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
19:57:03.195 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715202 MB offset 411648
19:57:03.227 Disk 0 scanning C:\Windows\system32\drivers
19:57:12.397 Service scanning
19:57:30.898 Modules scanning
19:57:30.898 Disk 0 trace - called modules:
19:57:30.898 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800a5295e8]<<
19:57:30.898 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a54790]
19:57:30.898 3 CLASSPNP.SYS[fffff88000dd043f] -> nt!IofCallDriver -> [0xfffffa8007911950]
19:57:30.898 5 ACPI.sys[fffff88000f4a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a25050]
19:57:30.898 \Driver\iaStor[0xfffffa800a49f270] -> IRP_MJ_CREATE -> 0xfffffa800a5295e8
19:57:33.831 AVAST engine scan C:\Windows
19:57:36.358 AVAST engine scan C:\Windows\system32
19:59:58.610 AVAST engine scan C:\Windows\system32\drivers
20:00:09.671 AVAST engine scan C:\Users\Pete
20:02:04.222 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
20:02:04.222 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR.txt"
20:04:34.591 AVAST engine scan C:\ProgramData
20:05:04.558 Scan finished successfully
20:07:03.836 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
20:07:03.852 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR.txt"
