Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

afd.sys problem, Windows 7 booting up slow


  • This topic is locked This topic is locked
9 replies to this topic

#1 emak222

emak222

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 08 June 2012 - 03:32 PM

I was redirected here from: http://www.bleepingcomputer.com/forums/topic456217.html

Under Control Panel\All Control Panel Items\Performance Information and Tools\Advanced Tools, it says there is a driver causing Windows to load slowly, I have attached a screenshot. I have also attached the log files requested and below is the paste of DDS.txt. Thank you for the help!!


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by User at 22:57:39 on 2012-06-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1026.18.2038.1187 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Users\User\AppData\Roaming\7 Taskbar Tweaker\7 Taskbar Tweaker.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\explorer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
uRun: [7 Taskbar Tweaker] "c:\users\user\appdata\roaming\7 taskbar tweaker\7 Taskbar Tweaker.exe" -hidewnd
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LaunchAp] "c:\program files\launch manager\LaunchAp.exe"
mRun: [LMgrOSD] "c:\program files\launch manager\OSDCtrl.exe"
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
uPolicies-explorer: AlwaysShowClassicMenu = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 1 (0x1)
mPolicies-system: SynchronousUserGroupPolicy = 1 (0x1)
IE: &???????????? ??? Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6198B2B6-486C-41F5-BDA7-CE8D7E4A6E8B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B22880A5-7068-4513-B480-67A5111A77F6}\4462D4F575966496 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B22880A5-7068-4513-B480-67A5111A77F6}\D64756C6D2E6564656C69616 : DhcpNameServer = 212.36.24.3 213.240.254.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\l8zfs9ds.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-24 242240]
R1 vmlitedrv;vmlitedrv;c:\windows\system32\drivers\vmlitedrv.sys [2012-5-17 15464]
R1 VMLiteUSBMon;VMLiteUSBMon;c:\windows\system32\drivers\vmliteusbmon.sys [2012-5-17 127080]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2012-3-19 117256]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-8 654408]
R2 VMLiteService;VMLiteService;c:\program files\vmlite\vmlite workstation\VMLiteService.exe [2010-8-21 455784]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-3 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-8 22344]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
R3 vmlitestor;vmlitestor;c:\windows\system32\drivers\vmlitestor.sys [2010-8-18 140392]
R3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2012-3-19 118784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-2-18 15872]
S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2012-5-5 404256]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-18 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-18 1343400]
S3 WGSControl;Worldgroup Server;c:\wgserv\wgssvc.exe --> c:\wgserv\wgssvc.exe [?]
S3 WGSMain;WGS Executable;c:\wgserv\wgserver.exe --> c:\wgserv\wgserver.exe [?]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2012-06-08 18:31:13 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2012-06-08 18:30:55 -------- d-----w- c:\programdata\Malwarebytes
2012-06-08 18:30:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-08 18:30:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-06 18:39:33 -------- d-----w- c:\users\user\appdata\roaming\calibre
2012-06-06 18:38:59 -------- d-----w- c:\program files\Calibre2
2012-06-05 08:50:19 -------- d-----w- c:\windows\LastGood.Tmp
2012-06-04 04:33:31 -------- d-----w- c:\users\user\appdata\local\Opera
2012-06-03 20:49:50 -------- d-----w- c:\program files\DLLSuite
2012-06-03 20:46:33 -------- d-----w- c:\users\user\appdata\local\AVG Secure Search
2012-06-03 20:45:39 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-03 20:45:38 -------- d-----w- c:\program files\AVG Secure Search
2012-06-03 20:43:49 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-03 20:39:46 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-06-03 20:39:35 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bf5c7873-568f-4f01-bbfc-9707b72e12bd}\mpengine.dll
2012-06-03 20:09:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-25 15:44:48 -------- d-----w- c:\users\user\appdata\roaming\CBS Interactive
2012-05-25 15:24:52 -------- d-----w- c:\program files\Megamud-playmajormud
2012-05-25 15:23:50 -------- d-----w- c:\program files\Megamud
2012-05-25 13:35:51 -------- d-----w- c:\program files\Yamicsoft
2012-05-25 13:13:21 -------- d-----w- c:\users\user\appdata\roaming\7 Taskbar Tweaker
2012-05-25 12:58:11 -------- d-----w- c:\users\user\appdata\local\{B998ABCE-6A8D-4C6A-8AFC-9AB2722F4B76}
2012-05-25 12:57:58 -------- d-----w- c:\users\user\appdata\local\{7C298237-98E0-4B74-8CAD-BFBC6F17142C}
2012-05-25 12:57:41 -------- d-----w- c:\users\user\appdata\roaming\Windows Live Writer
2012-05-25 12:57:41 -------- d-----w- c:\users\user\appdata\local\Windows Live Writer
2012-05-25 12:54:08 -------- d-----w- c:\windows\en
2012-05-25 12:45:16 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-05-25 12:45:16 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-05-25 12:45:15 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-05-25 12:44:42 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-05-25 12:43:43 89944 ----a-w- c:\program files\common files\windows live\.cache\3c33b381cd3a7411\DSETUP.dll
2012-05-25 12:43:43 537432 ----a-w- c:\program files\common files\windows live\.cache\3c33b381cd3a7411\DXSETUP.exe
2012-05-25 12:43:43 1801048 ----a-w- c:\program files\common files\windows live\.cache\3c33b381cd3a7411\dsetup32.dll
2012-05-25 12:43:28 94040 ----a-w- c:\program files\common files\windows live\.cache\f9d45c7c1cd3a7310\DSETUP.dll
2012-05-25 12:43:28 525656 ----a-w- c:\program files\common files\windows live\.cache\f9d45c7c1cd3a7310\DXSETUP.exe
2012-05-25 12:43:28 1691480 ----a-w- c:\program files\common files\windows live\.cache\f9d45c7c1cd3a7310\dsetup32.dll
2012-05-25 12:41:16 -------- d-----w- c:\users\user\appdata\local\Windows Live
2012-05-25 12:41:10 -------- d-----w- c:\program files\common files\Windows Live
2012-05-17 17:22:17 -------- d-----w- c:\users\user\appdata\local\VMLite Workstation
2012-05-17 17:16:53 -------- d-----w- c:\users\user\VMLites
2012-05-17 17:16:24 127080 ----a-w- c:\windows\system32\drivers\vmliteusbmon.sys
2012-05-17 17:14:57 15464 ----a-w- c:\windows\system32\drivers\vmlitedrv.sys
2012-05-17 17:14:55 143848 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-17 17:14:27 -------- d-----w- c:\program files\VMLite
2012-05-16 20:12:16 -------- d-----w- c:\users\user\appdata\roaming\AVG
2012-05-16 12:32:01 -------- d-----w- c:\program files\Computer Alarm Clock
2012-05-15 19:25:46 40960 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{e2424f51-1607-45ea-8185-78e148330773}\nightmare_redux_n.ex_7A156618029545D7AC5B9945512B0FBB.exe
2012-05-15 19:25:46 40960 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{e2424f51-1607-45ea-8185-78e148330773}\nightmare_redux.exe_7A156618029545D7AC5B9945512B0FBB.exe
2012-05-15 19:25:45 -------- d-----w- c:\program files\Nightmare Redux
2012-05-15 19:18:20 -------- d-----w- C:\WGSERV
2012-05-15 19:18:07 305152 ----a-w- c:\windows\IsUninst.exe
2012-05-15 19:07:10 -------- d-----w- c:\users\user\WCCMMUD
2012-05-15 18:45:14 -------- d-----w- c:\users\user\appdata\roaming\BitZipper
2012-05-15 18:26:57 -------- d-----w- c:\users\user\appdata\local\Smith Micro
2012-05-15 18:25:19 -------- d-----w- c:\programdata\Smith Micro
2012-05-11 21:53:01 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 21:52:59 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-11 21:52:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 21:52:49 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 21:52:49 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 21:52:33 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 21:52:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2012-05-05 08:58:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 08:58:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-26 00:00:46 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2012-04-19 01:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 23:21:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-24 20:10:03 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-19 02:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 22:58:59,41 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 11 June 2012 - 11:05 AM

Hi again emak222 :hello:

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

Please download Combofix from one of the following links:
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 13 June 2012 - 02:37 PM

Hi emak222,

It has been two days since my last post. Do you still need help?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 emak222

emak222
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 14 June 2012 - 08:13 PM

Hi,

I apologize for not replying timely. I do still need help.

I ran Combofix like you said and it seemed to have found a file. After I restarted it still boots up slow and in Control Panel it says the same thing, the dialog box I posted in my first post. Afd.sys is causing it to start slowly.

here is the log and thanks for the help!

ComboFix 12-06-14.01 - User 15/06/2012 3:48.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1026.18.2038.1262 [GMT 3:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 00:56 . 2012-06-15 00:56 -------- d-----w- c:\users\Deni\AppData\Local\temp
2012-06-15 00:56 . 2012-06-15 00:57 -------- d-----w- c:\users\User\AppData\Local\temp
2012-06-15 00:56 . 2012-06-15 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 16:06 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-14 16:06 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 16:05 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 16:05 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 16:04 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 16:04 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 16:04 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 16:04 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 16:04 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 16:04 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 16:04 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 14:37 . 2012-06-12 14:37 -------- d-----w- c:\windows\Sun
2012-06-08 18:31 . 2012-06-08 18:31 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-06-08 18:30 . 2012-06-08 18:30 -------- d-----w- c:\programdata\Malwarebytes
2012-06-08 18:30 . 2012-06-15 02:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-06 18:39 . 2012-06-06 22:11 -------- d-----w- c:\users\User\AppData\Roaming\calibre
2012-06-06 18:38 . 2012-06-15 02:43 -------- d-----w- c:\program files\Calibre2
2012-06-04 04:33 . 2012-06-04 04:33 -------- d-----w- c:\users\User\AppData\Local\Opera
2012-06-04 04:33 . 2012-06-15 00:27 -------- d-----w- c:\program files\Opera
2012-06-03 20:49 . 2012-06-03 20:49 -------- d-----w- c:\program files\DLLSuite
2012-06-03 20:46 . 2012-06-03 20:46 -------- d-----w- c:\users\User\AppData\Local\AVG Secure Search
2012-06-03 20:45 . 2012-06-15 02:43 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-03 20:45 . 2012-06-03 20:45 -------- d-----w- c:\program files\AVG Secure Search
2012-06-03 20:43 . 2012-06-14 16:03 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-03 20:39 . 2012-05-14 22:43 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF5C7873-568F-4F01-BBFC-9707B72E12BD}\mpengine.dll
2012-06-03 20:09 . 2012-02-23 07:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-25 16:25 . 2012-05-25 16:25 -------- d-----w- c:\users\User\AppData\Roaming\Media Player Classic
2012-05-25 16:25 . 2012-05-25 16:25 -------- d-----w- c:\users\User\AppData\Roaming\DivX
2012-05-25 15:44 . 2012-05-25 15:44 -------- d-----w- c:\users\User\AppData\Roaming\CBS Interactive
2012-05-25 15:24 . 2012-06-14 16:05 -------- d-----w- c:\program files\Megamud-playmajormud
2012-05-25 15:23 . 2012-06-14 22:32 -------- d-----w- c:\program files\Megamud
2012-05-25 13:35 . 2012-05-25 13:35 -------- d-----w- c:\program files\Yamicsoft
2012-05-25 13:13 . 2012-05-25 13:13 -------- d-----w- c:\users\User\AppData\Roaming\7 Taskbar Tweaker
2012-05-25 12:57 . 2012-05-25 12:58 -------- d-----w- c:\users\User\AppData\Local\Windows Live Writer
2012-05-25 12:57 . 2012-05-25 12:57 -------- d-----w- c:\users\User\AppData\Roaming\Windows Live Writer
2012-05-25 12:54 . 2012-05-25 12:54 -------- d-----w- c:\windows\en
2012-05-25 12:46 . 2012-05-25 12:50 -------- d-----w- c:\program files\Windows Live
2012-05-25 12:45 . 2009-09-04 14:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-05-25 12:45 . 2009-09-04 14:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-05-25 12:45 . 2009-09-04 14:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-05-25 12:44 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-05-25 12:41 . 2012-05-25 13:31 -------- d-----w- c:\users\User\AppData\Local\Windows Live
2012-05-25 12:41 . 2012-05-25 12:41 -------- d-----w- c:\program files\Common Files\Windows Live
2012-05-17 17:22 . 2012-05-17 17:22 -------- d-----w- c:\users\User\AppData\Local\VMLite Workstation
2012-05-17 17:16 . 2012-06-15 00:38 -------- d-----w- c:\users\User\VMLites
2012-05-17 17:16 . 2010-08-18 09:28 127080 ----a-w- c:\windows\system32\drivers\vmliteusbmon.sys
2012-05-17 17:14 . 2010-06-29 07:20 15464 ----a-w- c:\windows\system32\drivers\vmlitedrv.sys
2012-05-17 17:14 . 2010-08-11 08:04 143848 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-17 17:14 . 2012-05-17 17:14 -------- d-----w- c:\program files\VMLite
2012-05-16 20:12 . 2012-05-16 20:12 -------- d-----w- c:\users\User\AppData\Roaming\AVG
2012-05-16 12:32 . 2012-05-16 12:32 -------- d-----w- c:\program files\Computer Alarm Clock
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-25 12:48 . 2011-03-28 15:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-17 17:31 . 2012-04-25 13:16 164880 ---ha-w- c:\users\User\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2012-05-15 19:25 . 2012-05-15 19:25 40960 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{E2424F51-1607-45EA-8185-78E148330773}\nightmare_redux_n.ex_7A156618029545D7AC5B9945512B0FBB.exe
2012-05-15 19:25 . 2012-05-15 19:25 40960 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{E2424F51-1607-45EA-8185-78E148330773}\nightmare_redux.exe_7A156618029545D7AC5B9945512B0FBB.exe
2012-05-05 08:58 . 2012-05-05 08:58 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 08:58 . 2012-02-18 13:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-28 03:51 . 2012-04-28 03:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-04-26 00:00 . 2012-04-26 00:00 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2012-04-19 01:50 . 2012-04-19 01:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 23:21 . 2012-04-18 23:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 04:39 . 2012-05-11 21:52 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 21:52 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-11 21:53 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-24 20:10 . 2012-03-24 20:10 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-19 02:17 . 2012-03-19 02:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-17 07:27 . 2012-05-11 21:52 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-20 09:55 . 2012-02-18 10:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-03 20:45 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-03 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7 Taskbar Tweaker"="c:\users\User\AppData\Roaming\7 Taskbar Tweaker\7 Taskbar Tweaker.exe" [2012-04-20 184320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-26 866824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-03 1104440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 105160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AlwaysShowClassicMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
R1 mailKmd;mailKmd; [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-08-01 404256]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub; [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-24 242240]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-05-05 117256]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1850688498-1706333264-4029570450-1003Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 15:41]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1850688498-1706333264-4029570450-1003UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 15:41]
.
.
------- Supplementary Scan -------
.
IE: &???????????? ??? Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l8zfs9ds.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66,
6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:bf,be,82,7e,22,26,cd,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-15 04:02:32
ComboFix-quarantined-files.txt 2012-06-15 01:02
.
Pre-Run: 60 319 256 576 bytes free
Post-Run: 60 923 002 880 bytes free
.
- - End Of File - - 7B23A9F1775243B0EDF3DF3508AB0729

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 15 June 2012 - 09:20 AM

emak222,

Did this problem with afd.sys recently start happening? Did you recently install AVG?

Please rerun Farbar Service Scanner.
Type the following in the search box:

afd

Click "Export Service" and post the log it makes (FSS.txt).
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 19 June 2012 - 11:26 AM

emak222,

It has been four days sine my last post. Do you still need help?

If you do, please follow my previous instructions:

Did this problem with afd.sys recently start happening? Did you recently install AVG?

Please rerun Farbar Service Scanner.
Type the following in the search box:

afd

Click "Export Service" and post the log it makes (FSS.txt).


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 emak222

emak222
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 19 June 2012 - 11:34 AM

yes, thank you, sorry I didn't reply.
My laptop has rebooted on it's own since then a few times, and today for the first time it rebooted(or crashed, I was not there) and when I got to it had a BSOD. I dont know how to post a log of that, if you need it.
About the other two questions, the problem wth afd.sys has always been there,since about 3 months now. That was when I bought this laptop used, so I'm not sure how long before that it has been going on.
And I did also recently re install AVG, maybe 3 weeks ago, around there...
here is FSS:

Farbar Service Scanner Version: 19-06-2012
Ran by User (administrator) on 19-06-2012 at 19:31:10
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-14 19:04] - [2012-04-24 07:36] - 0140288 ____A (Microsoft Corporation) 06E771AA596B8761107AB57E99F128D7

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 19 June 2012 - 11:56 AM

That's odd that your PC restarted automatically.

Let's take a deeper look with FRST. Please download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

- OR -

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 23 June 2012 - 08:12 AM

emak222,

It has been four days since my last post. Do you still need help?

If you do, please follow my previous instructions. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:23 PM

Posted 28 June 2012 - 11:40 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users