Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Hangs, is slow and Malwarebytes Scan crashes midway


  • This topic is locked This topic is locked
10 replies to this topic

#1 davidicdynasty

davidicdynasty

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 23 January 2013 - 08:09 AM

My laptop is getting slower and response time to clicks or actions is taking seconds longer. It gets wrose everyday. Avg did not find anything and malwarebyte crases midway and i get a blue screen of death everytime i run a scan from it.

I though after that it might be my start up programs or maybe applications are much on my pc but am not sure.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_32
Run by House of David at 14:01:47 on 2013-01-23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2798.889 [GMT 0:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\MTN F@stLink\AssistantServices.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MTN F@stLink\UIExec.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Clip2Net\clip2net.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Actual Title Buttons\ActualTitleButtonsCenter.exe
C:\Users\House of David\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\MTN F@stLink\UIMain.exe
C:\Program Files\MTN F@stLink\CMUpdater.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Users\HOUSEO~1\AppData\Local\Temp\ocr3350.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Users\HOUSEO~1\AppData\Local\Temp\ocr4644.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_tray\pia_tray.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Google Update] "c:\users\house of david\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [Clip2Net] c:\program files\clip2net\clip2net.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [GoogleChromeAutoLaunch_ECC2AEB201A2DC65207A730176FBF644] "c:\users\house of david\appdata\local\google\chrome\application\chrome.exe" --no-startup-window
uRun: [F.lux] "c:\users\house of david\local settings\apps\f.lux\flux.exe" /noshow
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Actual Title Buttons] "c:\program files\actual title buttons\ActualTitleButtonsCenter.exe"
mRun: [TaskTray] <no file>
StartupFolder: c:\users\houseo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma

Loader.exe
StartupFolder: c:\users\houseo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\house of david\appdata\roaming\dropbox\bin

\Dropbox.exe
StartupFolder: c:\users\houseo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\effici~1.lnk - c:\program files\efficientpim\EfficientPIM.exe
StartupFolder: c:\users\houseo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\houseo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: + Offline &Explorer: Download the link - c:\program files\offline explorer pro\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - c:\program files\offline explorer pro\Add_AllO.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download web site with Free Download Manager - c:\program files\free download manager\dlpage.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: LastPass - c:\users\house of david\appdata\locallow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\users\house of david\appdata\locallow\lastpass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: Interfaces\{27A6C5C2-3496-45D4-B887-503442E55250} : NameServer = 10.109.5.97 10.199.212.120
TCP: Interfaces\{C24B3BFE-0220-45E2-84D7-047DDCBFCFC1}\14E64627F6964684F6473707F64763132363 : DHCPNameServer = 192.168.43.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\house of david\appdata\roaming\mozilla\firefox\profiles\myz6x2z6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B35e94d0c-1a47-4a6e-ada1-0ebb80b10c4f%7D&mid=807bd369dc2947d0b8483d1cbf0cf07b-

422b59472e5d5d8caf1e08f7820bbcba055e9419&ds=AVG&v=11.0.0.10&lang=en&pr=pr&d=2012-08-20%2000%3A12%3A23&sap=ku&q=
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\house of david\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-01-08 09:14; avg@toolbar; c:\users\house of david\appdata\roaming\mozilla\firefox\profiles\myz6x2z6.default\extensions\avg@toolbar
FF - ExtSQL: 2013-01-08 10:06; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files\avg\avg2012\Firefox4
FF - ExtSQL: 2013-01-13 16:21; adapter@gingersoftware.com; c:\users\house of david\appdata\roaming\mozilla\firefox\profiles\myz6x2z6.default\extensions

\adapter@gingersoftware.com
FF - ExtSQL: 2013-01-16 10:38; zotero@chnm.gmu.edu; c:\users\house of david\appdata\roaming\mozilla\firefox\profiles\myz6x2z6.default\extensions\zotero@chnm.gmu.edu
FF - ExtSQL: !HIDDEN! 2012-10-16 16:28; mozilla_cc@internetdownloadmanager.com; c:\users\house of david\appdata\roaming\idm\idmmzcc5
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-12-30 102040]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-11 26984]
R1 RapportCerberus_44365;RapportCerberus_44365;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_44365.sys [2013-1-20 274328]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-12-30 97784]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-12-30 173880]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2012-10-25 63864]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2012-10-25 384888]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-5-8 229376]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-10-10 99192]
R2 NetBalancerService;NetBalancerService;c:\program files\netbalancer\SeriousBit.NetBalancer.Service.exe [2012-9-17 10240]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-12-30 1115992]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-22 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-22 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-22 168384]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-10-6 2754984]
R2 UI Assistant Service;UI Assistant Service;c:\program files\mtn f@stlink\AssistantServices.exe [2012-9-3 261456]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-8-13

2533400]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2013-1-11 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-8-13 63616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-26 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-8-23 270336]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [2012-9-17 31016]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-1-27 7087616]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2013-1-20 55448]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2012-10-25 393080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PrivateEyeService;PrivateEye Service;"c:\program files\oculis labs\privateeye\privateeyesvc.exe" --> c:\program files\oculis labs\privateeye\PrivateEyeSvc.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-1-1 83168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-8-13 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-8-13 204800]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-21 40776]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-1-1 181344]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2013-1-1 181344]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-01-22 07:56:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-01-22 05:47:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-22 05:46:55 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-22 05:46:47 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-01-21 09:13:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-20 19:34:45 -------- d-----w- c:\users\house of david\appdata\local\Programs
2013-01-20 10:49:59 917400 ----a-w- c:\program files\mozilla firefox\firefox.exe
2013-01-20 10:49:57 5030088 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-01-20 10:49:56 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-01-20 10:49:56 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-01-20 10:49:56 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-01-20 10:49:56 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2013-01-20 10:49:56 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-01-20 10:49:55 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-01-20 10:35:50 -------- d-----w- c:\users\house of david\appdata\local\Trusteer
2013-01-20 10:35:35 -------- d-----w- c:\program files\Trusteer
2013-01-19 16:42:17 -------- d-----w- c:\users\house of david\appdata\roaming\EfficientPIM
2013-01-19 16:42:09 -------- d-----w- c:\program files\EfficientPIM
2013-01-17 09:40:27 -------- d-----w- c:\programdata\Trusteer
2013-01-13 16:49:06 16384 ----a-w- c:\windows\system32\FileOps.exe
2013-01-13 13:17:42 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2013-01-11 09:59:39 -------- d-----w- c:\programdata\Free Download Manager
2013-01-11 09:07:29 -------- d-----w- c:\users\house of david\appdata\local\AVG Secure Search
2013-01-11 09:07:08 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-01-10 10:41:31 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-01-10 10:41:31 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-01-10 10:41:31 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-01-10 10:41:31 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-01-10 10:41:31 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-01-09 10:55:09 -------- d-----w- c:\users\house of david\.ScreamingFrogSEOSpider
2013-01-08 19:09:49 -------- d-----w- c:\users\house of david\appdata\roaming\Acapela Group
2013-01-08 19:08:47 -------- d-----w- c:\program files\Ginger
2013-01-08 09:14:07 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-01-08 09:14:06 -------- d-----w- c:\program files\AVG Secure Search
2013-01-08 09:12:42 -------- d-----w- c:\windows\system32\drivers\AVG
2013-01-08 09:08:47 -------- d-----w- c:\programdata\MFAData
2013-01-07 08:48:49 -------- d-----w- c:\program files\Citrix
2013-01-01 10:18:25 -------- d-----w- C:\temp
2013-01-01 10:01:46 -------- d-----w- c:\users\house of david\appdata\local\Samsung
2013-01-01 10:01:29 -------- d-----w- c:\users\house of david\appdata\roaming\Samsung
2013-01-01 09:59:49 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2013-01-01 09:59:49 181344 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2013-01-01 09:59:49 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-01-01 09:59:48 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-01-01 09:59:48 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-01-01 09:56:44 -------- d-----w- c:\program files\MyFree Codec
2013-01-01 09:42:24 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-01-01 09:41:41 821824 ----a-w- c:\windows\system32\dgderapi.dll
2013-01-01 09:40:52 -------- d-----w- c:\programdata\Samsung
2013-01-01 09:40:52 -------- d-----w- c:\program files\Samsung
2012-12-30 14:26:00 102040 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2013-01-12 09:54:45 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-12 09:54:45 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 14:03:19.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:29 AM

Posted 28 January 2013 - 08:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/482737 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 davidicdynasty

davidicdynasty
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 28 January 2013 - 09:23 AM

My PC is slow and crawls.

My laptop is getting slower and response time to clicks or actions is taking seconds longer. It gets wrose everyday. Avg did not find anything and malwarebyte crases midway and i get a blue screen of death everytime i run a scan from it.

I though after that it might be my start up programs or maybe applications are much on my pc but am not sure.

Takes long to boot up and is a lil slower shutting down.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_32
Run by House of David at 14:19:02 on 2013-01-28
#Option MBR scan is disabled.
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2798.951 [GMT 0:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\MTN F@stLink\AssistantServices.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MTN F@stLink\UIExec.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Clip2Net\clip2net.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\MTN F@stLink\UIMain.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Users\House of David\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\House of David\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\EfficientPIM\EfficientPIM.exe
C:\Program Files\MTN F@stLink\CMUpdater.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Google Update] "c:\users\house of david\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [Clip2Net] c:\program files\clip2net\clip2net.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [F.lux] "c:\users\house of david\local settings\apps\f.lux\flux.exe" /noshow
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [TaskTray] <no file>
StartupFolder: c:\users\houseo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\houseo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\house of david\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\houseo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\effici~1.lnk - c:\program files\efficientpim\EfficientPIM.exe
StartupFolder: c:\users\houseo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: + Offline &Explorer: Download the link - c:\program files\offline explorer pro\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - c:\program files\offline explorer pro\Add_AllO.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download web site with Free Download Manager - c:\program files\free download manager\dlpage.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: LastPass - c:\users\house of david\appdata\locallow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\users\house of david\appdata\locallow\lastpass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: Interfaces\{27A6C5C2-3496-45D4-B887-503442E55250} : NameServer = 10.109.5.97 10.199.212.120
TCP: Interfaces\{C24B3BFE-0220-45E2-84D7-047DDCBFCFC1}\14E64627F6964684F6473707F64763132363 : DHCPNameServer = 192.168.43.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\house of david\appdata\roaming\mozilla\firefox\profiles\myz6x2z6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B35e94d0c-1a47-4a6e-ada1-0ebb80b10c4f%7D&mid=807bd369dc2947d0b8483d1cbf0cf07b-422b59472e5d5d8caf1e08f7820bbcba055e9419&ds=AVG&v=11.0.0.10&lang=en&pr=pr&d=2012-08-20%2000%3A12%3A23&sap=ku&q=
FF - plugin: c:\program files\c-gct\media express\npCongressDDS.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\house of david\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-01-08 09:14; avg@toolbar; c:\users\house of david\appdata\roaming\mozilla\firefox\profiles\myz6x2z6.default\extensions\avg@toolbar
FF - ExtSQL: 2013-01-08 10:06; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files\avg\avg2012\Firefox4
FF - ExtSQL: 2013-01-13 16:21; adapter@gingersoftware.com; c:\users\house of david\appdata\roaming\mozilla\firefox\profiles\myz6x2z6.default\extensions\adapter@gingersoftware.com
FF - ExtSQL: 2013-01-16 10:38; zotero@chnm.gmu.edu; c:\users\house of david\appdata\roaming\mozilla\firefox\profiles\myz6x2z6.default\extensions\zotero@chnm.gmu.edu
FF - ExtSQL: !HIDDEN! 2012-10-16 16:28; mozilla_cc@internetdownloadmanager.com; c:\users\house of david\appdata\roaming\idm\idmmzcc5
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-11 26984]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2012-10-25 63864]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2012-10-25 384888]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-5-8 229376]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-10-10 99192]
R2 NetBalancerService;NetBalancerService;c:\program files\netbalancer\SeriousBit.NetBalancer.Service.exe [2012-9-17 10240]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-22 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-22 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-22 168384]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
R2 UI Assistant Service;UI Assistant Service;c:\program files\mtn f@stlink\AssistantServices.exe [2012-9-3 261456]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-8-13 2533400]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2013-1-11 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-8-13 63616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-26 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-8-23 270336]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [2012-9-17 31016]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-1-27 7087616]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2012-10-25 393080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PrivateEyeService;PrivateEye Service;"c:\program files\oculis labs\privateeye\privateeyesvc.exe" --> c:\program files\oculis labs\privateeye\PrivateEyeSvc.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-1-1 83168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-8-13 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-8-13 204800]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-21 40776]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2013-1-20 55448]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-1-1 181344]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2013-1-1 181344]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-01-27 18:31:37 -------- d-----w- c:\users\house of david\appdata\roaming\XMind
2013-01-27 18:30:09 -------- d-----w- c:\program files\XMind
2013-01-25 03:25:57 -------- d-----w- c:\program files\C-GCT
2013-01-24 19:18:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-24 19:18:05 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-24 19:18:05 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-22 07:56:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-01-22 05:47:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-22 05:46:55 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-22 05:46:47 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-01-21 09:13:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-20 19:34:45 -------- d-----w- c:\users\house of david\appdata\local\Programs
2013-01-20 10:49:59 917400 ----a-w- c:\program files\mozilla firefox\firefox.exe
2013-01-20 10:49:57 5030088 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-01-20 10:49:56 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-01-20 10:49:56 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-01-20 10:49:56 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-01-20 10:49:56 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2013-01-20 10:49:56 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-01-20 10:49:55 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-01-20 10:35:50 -------- d-----w- c:\users\house of david\appdata\local\Trusteer
2013-01-19 16:42:17 -------- d-----w- c:\users\house of david\appdata\roaming\EfficientPIM
2013-01-19 16:42:09 -------- d-----w- c:\program files\EfficientPIM
2013-01-17 09:40:27 -------- d-----w- c:\programdata\Trusteer
2013-01-13 16:49:06 16384 ----a-w- c:\windows\system32\FileOps.exe
2013-01-13 13:17:42 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2013-01-11 09:59:39 -------- d-----w- c:\programdata\Free Download Manager
2013-01-11 09:07:29 -------- d-----w- c:\users\house of david\appdata\local\AVG Secure Search
2013-01-11 09:07:08 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-01-10 10:41:31 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-01-10 10:41:31 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-01-10 10:41:31 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-01-10 10:41:31 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-01-10 10:41:31 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-01-09 10:55:09 -------- d-----w- c:\users\house of david\.ScreamingFrogSEOSpider
2013-01-08 19:09:49 -------- d-----w- c:\users\house of david\appdata\roaming\Acapela Group
2013-01-08 19:08:47 -------- d-----w- c:\program files\Ginger
2013-01-08 09:14:07 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-01-08 09:14:06 -------- d-----w- c:\program files\AVG Secure Search
2013-01-08 09:12:42 -------- d-----w- c:\windows\system32\drivers\AVG
2013-01-08 09:08:47 -------- d-----w- c:\programdata\MFAData
2013-01-07 08:48:49 -------- d-----w- c:\program files\Citrix
2013-01-01 10:18:25 -------- d-----w- C:\temp
2013-01-01 10:01:46 -------- d-----w- c:\users\house of david\appdata\local\Samsung
2013-01-01 10:01:29 -------- d-----w- c:\users\house of david\appdata\roaming\Samsung
2013-01-01 09:59:49 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2013-01-01 09:59:49 181344 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2013-01-01 09:59:49 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-01-01 09:59:48 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-01-01 09:59:48 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-01-01 09:56:44 -------- d-----w- c:\program files\MyFree Codec
2013-01-01 09:42:24 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-01-01 09:41:41 821824 ----a-w- c:\windows\system32\dgderapi.dll
2013-01-01 09:40:52 -------- d-----w- c:\programdata\Samsung
2013-01-01 09:40:52 -------- d-----w- c:\program files\Samsung
.
==================== Find3M ====================
.
2013-01-12 09:54:45 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-12 09:54:45 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 14:20:03.11 ===============

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:29 AM

Posted 02 February 2013 - 08:15 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

Mod Edit: Topic reopened - Hamluis.

Edited by hamluis, 02 February 2013 - 10:49 AM.


#5 davidicdynasty

davidicdynasty
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 02 February 2013 - 10:51 AM

what does this bot what?

i gave the dds and attach logs...

whats else do i do?

#6 davidicdynasty

davidicdynasty
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 02 February 2013 - 10:40 PM

My PC is slow and crawls.

My laptop is getting slower and response time to clicks or actions is taking seconds longer. It gets wrose everyday. Avg did not find anything and malwarebyte crases midway and i get a blue screen of death everytime i run a scan from it.

I though after that it might be my start up programs or maybe applications are much on my pc but am not sure.

Takes long to boot up and is a lil slower shutting down.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_32
Run by House of David at 14:19:02 on 2013-01-28
#Option MBR scan is disabled.
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2798.951 [GMT 0:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\MTN F@stLink\AssistantServices.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MTN F@stLink\UIExec.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Clip2Net\clip2net.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\MTN F@stLink\UIMain.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Users\House of David\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\House of David\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\EfficientPIM\EfficientPIM.exe
C:\Program Files\MTN F@stLink\CMUpdater.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\House of David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Google Update] "c:\users\house of david\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [Clip2Net] c:\program files\clip2net\clip2net.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [F.lux] "c:\users\house of david\local settings\apps\f.lux\flux.exe" /noshow
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [TaskTray] <no file>
StartupFolder: c:\users\houseo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\houseo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\house of david\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\houseo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\effici~1.lnk - c:\program files\efficientpim\EfficientPIM.exe
StartupFolder: c:\users\houseo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: + Offline &Explorer: Download the link - c:\program files\offline explorer pro\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - c:\program files\offline explorer pro\Add_AllO.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download web site with Free Download Manager - c:\program files\free download manager\dlpage.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: LastPass - c:\users\house of david\appdata\locallow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\users\house of david\appdata\locallow\lastpass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: Interfaces\{27A6C5C2-3496-45D4-B887-503442E55250} : NameServer = 10.109.5.97 10.199.212.120
TCP: Interfaces\{C24B3BFE-0220-45E2-84D7-047DDCBFCFC1}\14E64627F6964684F6473707F64763132363 : DHCPNameServer = 192.168.43.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\house of david\appdata\roaming\mozilla\firefox\profiles\myz6x2z6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B35e94d0c-1a47-4a6e-ada1-0ebb80b10c4f%7D&mid=807bd369dc2947d0b8483d1cbf0cf07b-422b59472e5d5d8caf1e08f7820bbcba055e9419&ds=AVG&v=11.0.0.10&lang=en&pr=pr&d=2012-08-20%2000%3A12%3A23&sap=ku&q=
FF - plugin: c:\program files\c-gct\media express\npCongressDDS.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\house of david\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-01-08 09:14; avg@toolbar; c:\users\house of david\appdata\roaming\mozilla\firefox\profiles\myz6x2z6.default\extensions\avg@toolbar
FF - ExtSQL: 2013-01-08 10:06; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files\avg\avg2012\Firefox4
FF - ExtSQL: 2013-01-13 16:21; adapter@gingersoftware.com; c:\users\house of david\appdata\roaming\mozilla\firefox\profiles\myz6x2z6.default\extensions\adapter@gingersoftware.com
FF - ExtSQL: 2013-01-16 10:38; zotero@chnm.gmu.edu; c:\users\house of david\appdata\roaming\mozilla\firefox\profiles\myz6x2z6.default\extensions\zotero@chnm.gmu.edu
FF - ExtSQL: !HIDDEN! 2012-10-16 16:28; mozilla_cc@internetdownloadmanager.com; c:\users\house of david\appdata\roaming\idm\idmmzcc5
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-11 26984]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2012-10-25 63864]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2012-10-25 384888]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-5-8 229376]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-10-10 99192]
R2 NetBalancerService;NetBalancerService;c:\program files\netbalancer\SeriousBit.NetBalancer.Service.exe [2012-9-17 10240]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-22 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-22 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-22 168384]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
R2 UI Assistant Service;UI Assistant Service;c:\program files\mtn f@stlink\AssistantServices.exe [2012-9-3 261456]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-8-13 2533400]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2013-1-11 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-8-13 63616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-26 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-8-23 270336]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [2012-9-17 31016]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-1-27 7087616]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2012-10-25 393080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PrivateEyeService;PrivateEye Service;"c:\program files\oculis labs\privateeye\privateeyesvc.exe" --> c:\program files\oculis labs\privateeye\PrivateEyeSvc.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-1-1 83168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-8-13 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-8-13 204800]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-21 40776]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2013-1-20 55448]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-1-1 181344]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2013-1-1 181344]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-01-27 18:31:37 -------- d-----w- c:\users\house of david\appdata\roaming\XMind
2013-01-27 18:30:09 -------- d-----w- c:\program files\XMind
2013-01-25 03:25:57 -------- d-----w- c:\program files\C-GCT
2013-01-24 19:18:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-24 19:18:05 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-24 19:18:05 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-22 07:56:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-01-22 05:47:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-22 05:46:55 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-22 05:46:47 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-01-21 09:13:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-20 19:34:45 -------- d-----w- c:\users\house of david\appdata\local\Programs
2013-01-20 10:49:59 917400 ----a-w- c:\program files\mozilla firefox\firefox.exe
2013-01-20 10:49:57 5030088 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-01-20 10:49:56 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-01-20 10:49:56 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-01-20 10:49:56 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-01-20 10:49:56 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2013-01-20 10:49:56 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-01-20 10:49:55 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-01-20 10:35:50 -------- d-----w- c:\users\house of david\appdata\local\Trusteer
2013-01-19 16:42:17 -------- d-----w- c:\users\house of david\appdata\roaming\EfficientPIM
2013-01-19 16:42:09 -------- d-----w- c:\program files\EfficientPIM
2013-01-17 09:40:27 -------- d-----w- c:\programdata\Trusteer
2013-01-13 16:49:06 16384 ----a-w- c:\windows\system32\FileOps.exe
2013-01-13 13:17:42 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2013-01-11 09:59:39 -------- d-----w- c:\programdata\Free Download Manager
2013-01-11 09:07:29 -------- d-----w- c:\users\house of david\appdata\local\AVG Secure Search
2013-01-11 09:07:08 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-01-10 10:41:31 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-01-10 10:41:31 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-01-10 10:41:31 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-01-10 10:41:31 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-01-10 10:41:31 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-01-09 10:55:09 -------- d-----w- c:\users\house of david\.ScreamingFrogSEOSpider
2013-01-08 19:09:49 -------- d-----w- c:\users\house of david\appdata\roaming\Acapela Group
2013-01-08 19:08:47 -------- d-----w- c:\program files\Ginger
2013-01-08 09:14:07 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-01-08 09:14:06 -------- d-----w- c:\program files\AVG Secure Search
2013-01-08 09:12:42 -------- d-----w- c:\windows\system32\drivers\AVG
2013-01-08 09:08:47 -------- d-----w- c:\programdata\MFAData
2013-01-07 08:48:49 -------- d-----w- c:\program files\Citrix
2013-01-01 10:18:25 -------- d-----w- C:\temp
2013-01-01 10:01:46 -------- d-----w- c:\users\house of david\appdata\local\Samsung
2013-01-01 10:01:29 -------- d-----w- c:\users\house of david\appdata\roaming\Samsung
2013-01-01 09:59:49 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2013-01-01 09:59:49 181344 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2013-01-01 09:59:49 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-01-01 09:59:48 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-01-01 09:59:48 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-01-01 09:56:44 -------- d-----w- c:\program files\MyFree Codec
2013-01-01 09:42:24 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-01-01 09:41:41 821824 ----a-w- c:\windows\system32\dgderapi.dll
2013-01-01 09:40:52 -------- d-----w- c:\programdata\Samsung
2013-01-01 09:40:52 -------- d-----w- c:\program files\Samsung
.
==================== Find3M ====================
.
2013-01-12 09:54:45 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-12 09:54:45 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 14:20:03.11 ===============


No i do not own a windows cd.

Attached Files



#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:29 PM

Posted 03 February 2013 - 01:19 AM

Hello, davidicdynasty
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.


Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Download ComboFix Save to the Desktop
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 davidicdynasty

davidicdynasty
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 03 February 2013 - 03:31 AM

ComboFix 13-02-02.05 - House of David 02/03/2013 9:03.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2798.1743 [GMT 0:00]
Running from: c:\users\House of David\Downloads\Programs\ComboFix_2.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\House of David\AppData\Local\Temp\_MEI52722\_ctypes.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\_elementtree.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\_hashlib.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\_socket.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\_ssl.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\pyexpat.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\pysqlite2._sqlite.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\python26.dll
c:\users\House of David\AppData\Local\Temp\_MEI52722\pythoncom26.dll
c:\users\House of David\AppData\Local\Temp\_MEI52722\PyWinTypes26.dll
c:\users\House of David\AppData\Local\Temp\_MEI52722\select.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\unicodedata.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\win32api.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\win32com.shell.shell.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\win32crypt.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\win32event.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\win32file.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\win32inet.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\win32pdh.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\win32process.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\win32profile.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\win32security.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\win32ts.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\windows._cacheinvalidation.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\wx._controls_.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\wx._core_.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\wx._gdi_.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\wx._html2.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\wx._misc_.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\wx._windows_.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\wx._wizard.pyd
c:\users\House of David\AppData\Local\Temp\_MEI52722\wxbase293u_net_vc.dll
c:\users\House of David\AppData\Local\Temp\_MEI52722\wxbase293u_vc.dll
c:\users\House of David\AppData\Local\Temp\_MEI52722\wxmsw293u_adv_vc.dll
c:\users\House of David\AppData\Local\Temp\_MEI52722\wxmsw293u_core_vc.dll
c:\users\House of David\AppData\Local\Temp\_MEI52722\wxmsw293u_html_vc.dll
c:\users\House of David\AppData\Local\Temp\_MEI52722\wxmsw293u_webview_vc.dll
c:\users\House of David\Documents\~WRL0005.tmp
c:\users\House of David\Documents\~WRL1528.tmp
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\_ctypes.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\_elementtree.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\_hashlib.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\_socket.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\_ssl.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\pyexpat.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\pysqlite2._sqlite.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\python26.dll
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\pythoncom26.dll
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\PyWinTypes26.dll
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\select.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\unicodedata.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\win32api.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\win32com.shell.shell.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\win32crypt.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\win32event.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\win32file.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\win32inet.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\win32pdh.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\win32process.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\win32profile.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\win32security.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\win32ts.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\windows._cacheinvalidation.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\wx._controls_.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\wx._core_.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\wx._gdi_.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\wx._html2.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\wx._misc_.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\wx._windows_.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\wx._wizard.pyd
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\wxbase293u_net_vc.dll
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\wxbase293u_vc.dll
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\wxmsw293u_adv_vc.dll
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\wxmsw293u_core_vc.dll
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\wxmsw293u_html_vc.dll
c:\users\HOUSEO~1\AppData\Local\Temp\_MEI52722\wxmsw293u_webview_vc.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\0cfbc83485106dcf.fb
c:\windows\system32\Cache\0e6fc71c4c6fc1de.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\40827863fc88df5a.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\60bd81caee4764ac.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((( Files Created from 2013-01-03 to 2013-02-03 )))))))))))))))))))))))))))))))
.
.
2013-02-03 09:15 . 2013-02-03 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-01 07:51 . 2013-02-01 07:51 -------- d-----w- c:\users\House of David\AppData\Roaming\XRayz
2013-02-01 07:51 . 2013-02-01 07:51 -------- d-----w- c:\program files\ClipCache
2013-01-27 18:31 . 2013-01-27 18:36 -------- d-----w- c:\users\House of David\AppData\Roaming\XMind
2013-01-27 18:30 . 2013-01-27 18:31 -------- d-----w- c:\program files\XMind
2013-01-25 03:25 . 2013-01-25 03:25 -------- d-----w- c:\program files\C-GCT
2013-01-24 19:18 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-01-24 19:18 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-01-24 19:18 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-01-24 19:18 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-24 19:18 . 2012-06-02 15:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-24 19:18 . 2012-06-02 15:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-24 14:21 . 2013-01-24 14:21 -------- d-----w- c:\program files\Common Files\Skype
2013-01-22 07:56 . 2013-01-22 07:56 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-01-22 05:47 . 2013-01-22 13:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-22 05:46 . 2009-01-25 12:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-22 05:46 . 2013-01-22 05:47 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-01-21 09:13 . 2013-01-21 23:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-20 19:34 . 2013-01-20 19:34 -------- d-----w- c:\users\House of David\AppData\Local\Programs
2013-01-20 10:35 . 2013-01-20 10:35 -------- d-----w- c:\users\House of David\AppData\Local\Trusteer
2013-01-19 16:42 . 2013-01-19 16:42 -------- d-----w- c:\users\House of David\AppData\Roaming\EfficientPIM
2013-01-19 16:42 . 2013-01-19 16:42 -------- d-----w- c:\program files\EfficientPIM
2013-01-17 09:40 . 2013-01-17 09:40 -------- d-----w- c:\programdata\Trusteer
2013-01-13 16:49 . 2004-08-17 01:40 16384 ----a-w- c:\windows\system32\FileOps.exe
2013-01-13 13:17 . 2013-01-13 13:17 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2013-01-11 09:59 . 2013-01-11 09:59 -------- d-----w- c:\programdata\Free Download Manager
2013-01-11 09:07 . 2013-01-11 09:07 -------- d-----w- c:\users\House of David\AppData\Local\AVG Secure Search
2013-01-11 09:07 . 2013-01-31 07:56 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-01-10 15:20 . 2013-01-10 15:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apps
2013-01-10 10:41 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-01-10 10:41 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-01-10 10:41 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-01-10 10:41 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-01-10 10:41 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-01-09 10:55 . 2013-01-09 12:18 -------- d-----w- c:\users\House of David\.ScreamingFrogSEOSpider
2013-01-08 19:09 . 2013-01-08 19:09 -------- d-----w- c:\users\House of David\AppData\Roaming\Acapela Group
2013-01-08 19:08 . 2013-01-15 08:23 -------- d-----w- c:\program files\Ginger
2013-01-08 09:14 . 2013-01-31 07:57 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-01-08 09:14 . 2013-01-31 07:57 -------- d-----w- c:\program files\AVG Secure Search
2013-01-08 09:12 . 2013-02-03 05:19 -------- d-----w- c:\windows\system32\drivers\AVG
2013-01-08 09:08 . 2013-01-31 09:39 -------- d-----w- c:\programdata\MFAData
2013-01-07 08:48 . 2013-01-07 08:48 -------- d-----w- c:\program files\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 09:54 . 2012-08-19 20:28 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-12 09:54 . 2012-08-19 20:28 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-18 10:06 . 2013-01-01 09:42 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-12-18 10:06 . 2012-12-18 10:06 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-12-18 10:06 . 2012-12-18 10:06 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-12-18 10:06 . 2012-12-18 10:06 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-12-18 10:06 . 2012-12-18 10:06 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-12-18 10:06 . 2012-12-18 10:06 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-12-18 10:06 . 2012-12-18 10:06 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-12-18 10:06 . 2012-12-18 10:06 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-12-18 10:06 . 2012-12-18 10:06 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-12-18 10:06 . 2012-12-18 10:06 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-12-18 10:06 . 2012-12-18 10:06 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-12-18 10:06 . 2012-12-18 10:06 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-12-18 10:06 . 2012-12-18 10:06 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-12-18 10:06 . 2012-12-18 10:06 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-12-18 10:06 . 2012-12-18 10:06 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-12-18 10:06 . 2012-12-18 10:06 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-12-18 10:06 . 2012-12-18 10:06 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-12-18 10:06 . 2012-12-18 10:06 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-12-18 10:06 . 2012-12-18 10:06 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-12-18 10:06 . 2012-12-18 10:06 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-12-18 10:06 . 2012-12-18 10:06 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-12-18 10:06 . 2012-12-18 10:06 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-12-18 10:06 . 2012-12-18 10:06 172032 ----a-w- c:\windows\system32\muzapp.exe
2012-12-18 10:06 . 2012-12-18 10:06 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-12-18 10:06 . 2012-12-18 10:06 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-12-18 10:06 . 2012-12-18 10:06 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-12-18 10:06 . 2012-12-18 10:06 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-12-18 10:06 . 2012-12-18 10:06 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-12-18 10:06 . 2012-12-18 10:06 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-12-18 10:06 . 2012-12-18 10:06 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-12-18 10:06 . 2013-01-01 09:41 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-12-10 03:28 . 2012-12-10 03:28 142176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-11-08 03:49 . 2012-11-08 03:49 250080 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-01-20 10:50 . 2013-01-20 10:49 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-31 07:56 1883824 ----a-w- c:\program files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-31 1883824]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\House of David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\House of David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\House of David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 19:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 19:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 19:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 19:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
"Steam"="c:\program files\Steam\Steam.exe" [2013-01-15 1354736]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2013-01-16 6860288]
"Clip2Net"="c:\program files\Clip2Net\clip2net.exe" [2012-08-13 1881088]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-12-17 16328976]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-10-16 3536320]
"F.lux"="c:\users\House of David\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"UIExec"="c:\program files\MTN F@stLink\UIExec.exe" [2011-03-17 139088]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2012-10-25 593784]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-01-31 1101488]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\House of David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ClipCache Pro.lnk - c:\program files\ClipCache\clipc.exe [2013-2-1 2058488]
Dropbox.lnk - c:\users\House of David\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
EfficientPIM.lnk - c:\program files\EfficientPIM\EfficientPIM.exe [2013-1-19 10987520]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 PrivateEyeService;PrivateEye Service;c:\program files\Oculis Labs\PrivateEye\PrivateEyeSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [x]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 NetBalancerService;NetBalancerService;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files\MTN F@stLink\AssistantServices.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 09:54]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-07 20:09]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-07 20:09]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3619313100-3277475401-228778913-1000Core.job
- c:\users\House of David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 07:21]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3619313100-3277475401-228778913-1000UA.job
- c:\users\House of David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 07:21]
.
2013-02-03 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-31 07:56]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Pro\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Pro\Add_AllO.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download web site with Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\users\House of David\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\House of David\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\House of David\AppData\Roaming\Mozilla\Firefox\Profiles\myz6x2z6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={1C492F1B-FA06-40B1-BC2C-0D6615A5AD89}&mid=807bd369dc2947d0b8483d1cbf0cf07b-422b59472e5d5d8caf1e08f7820bbcba055e9419&lang=en&ds=AVG&pr=pr&d=2013-01-08 09:14&v=14.0.2.14&pid=avg&sg=&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={1C492F1B-FA06-40B1-BC2C-0D6615A5AD89}&mid=807bd369dc2947d0b8483d1cbf0cf07b-422b59472e5d5d8caf1e08f7820bbcba055e9419&lang=en&ds=AVG&pr=pr&d=2013-01-08 09:14&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
FF - ExtSQL: 2013-01-08 09:14; avg@toolbar; c:\users\House of David\AppData\Roaming\Mozilla\Firefox\Profiles\myz6x2z6.default\extensions\avg@toolbar
FF - ExtSQL: 2013-01-08 10:06; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files\AVG\AVG2012\Firefox4
FF - ExtSQL: 2013-01-13 16:21; adapter@gingersoftware.com; c:\users\House of David\AppData\Roaming\Mozilla\Firefox\Profiles\myz6x2z6.default\extensions\adapter@gingersoftware.com
FF - ExtSQL: 2013-01-16 10:38; zotero@chnm.gmu.edu; c:\users\House of David\AppData\Roaming\Mozilla\Firefox\Profiles\myz6x2z6.default\extensions\zotero@chnm.gmu.edu
FF - ExtSQL: 2013-02-01 07:46; multicopy@guru.com; c:\users\House of David\AppData\Roaming\Mozilla\Firefox\Profiles\myz6x2z6.default\extensions\multicopy@guru.com.xpi
FF - ExtSQL: !HIDDEN! 2012-10-16 16:28; mozilla_cc@internetdownloadmanager.com; c:\users\House of David\AppData\Roaming\IDM\idmmzcc5
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
HKLM-Run-TaskTray - (no file)
HKLM-Run-EfficientPIM - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3619313100-3277475401-228778913-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):5c,09,5d,75,36,8a,e6,15,05,4a,76,9e,05,6a,2b,1e,5b,e7,91,93,5d,
70,73,a9,1f,03,71,90,23,c2,d4,d8,64,74,e6,21,2d,21,49,e4,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3619313100-3277475401-228778913-1000_Classes\CLSID\{6fcb296b-6778-4320-afbf-502962efae65}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000104
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_USERS\S-1-5-21-3619313100-3277475401-228778913-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):96,10,5d,0a,b7,89,4f,16,9a,34,8e,a7,70,92,7e,9d,1d,13,21,7c,aa,
66,09,b5,2a,6f,e2,56,1f,ac,63,26,86,6b,a4,07,9e,ce,3f,c5,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3619313100-3277475401-228778913-1000_Classes\CLSID\{dd90e880-2f3d-4cf0-ac21-5034421352f3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000122
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1392)
c:\users\House of David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\sppsvc.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2013-02-03 09:22:18 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-03 09:22
.
Pre-Run: 208,707,014,656 bytes free
Post-Run: 209,032,278,016 bytes free
.
- - End Of File - - EB2F4CC0E0D14D6B633BDB2FC437DAD5

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:29 PM

Posted 03 February 2013 - 06:03 AM

Hi,

Combofix have to run from the desktop. Please delete your version and download a fresh one, run it from the desktop and post the logfile, along with a fresh DDS logfile.

Also please try to update Malwarebytes and run a quickscan, post back with the logfile please.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:29 PM

Posted 07 February 2013 - 03:55 PM

Still with me?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:29 PM

Posted 13 February 2013 - 02:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users