[REDACTED]
Posts: 20 +0
After running a full scan with Avira Free and Malwarebytes Anti-Malware, at startup instancess of iexplorer and rundll show up in task manager and the 'choose a program to open file' dialog pops up. Last restart an alert popped up saying something about ...user/Roaming/rtunt.dll
Any help would be appreciated.
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.06.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
[REDACTED] :: [REDACTED]-PC [administrator]
4/6/2013 6:39:40 PM
mbam-log-2013-04-06 (18-39-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235847
Time elapsed: 5 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Avira (Trojan.Agent.RVGen5) -> Data: C:\Users\[REDACTED]\AppData\Roaming\D2B205\D2B205.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|srets (Trojan.Medfos.RRE) -> Data: rundll32.exe "C:\Users\[REDACTED]\AppData\Roaming\srets.dll",HrGetStreamPos -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\[REDACTED]\AppData\Roaming\skype.dat -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 9
C:\Users\[REDACTED]\AppData\Roaming\D2B205\D2B205.exe (Trojan.Agent.RVGen5) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Roaming\srets.dll (Trojan.Medfos.RRE) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Roaming\rtunt.dll (Trojan.Dropper.DU) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Roaming\skype.dat (Trojan.Ransom.RRE) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Local\Temp\iGzee.exe (PUP.Casino) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Local\Temp\uILSDB.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Local\Temp\~!#2EB3.tmp (Trojan.FakeAlert.NSIS) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Local\Temp\~!#4BA2.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3707050995-4052671073-1020293463-1000\$RQY3I5W.exe (PUP.Casino) -> Quarantined and deleted successfully.
(end)
=============
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 1.6.0_26
Run by [REDACTED] at 19:19:37 on 2013-04-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.1056 [GMT -8:00]
.
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Faveset Klink\kclientgui.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Users\[REDACTED]\AppData\Local\CrossLoop\CrossLoopService.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Faveset Klink\adb.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1333g&r=17361010m206p04c5v125r4622s227
uWinlogon: Shell = explorer.exe,C:\Users\[REDACTED]\AppData\Roaming\skype.dat
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [dlwig] "C:\Windows\System32\rundll32.exe" "C:\Users\[REDACTED]\AppData\Roaming\dlwig.dll",init_mmx_flags
uRun: [rtunt] "C:\Windows\System32\rundll32.exe" "C:\Users\[REDACTED]\AppData\Roaming\rtunt.dll",get_header_ver
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\[REDACTED]~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FAVESE~1.LNK - C:\Program Files (x86)\Faveset Klink\kclientgui.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 209.112.128.2 204.17.139.2
TCP: Interfaces\{76C09F17-3DAB-4FF0-8A0B-AE83015E5F44} : DHCPNameServer = 209.112.128.2 204.17.139.2 192.168.1.1
TCP: Interfaces\{DEE5C81B-4278-4336-A04E-4F6A9630E5ED} : DHCPNameServer = 209.112.128.2 204.17.139.2
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1333g&r=17361010m206p04c5v125r4622s227
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2013-03-20 17:30; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - ExtSQL: 2013-03-24 15:17; {ce7e73df-6a44-4028-8079-5927a588c948}; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}
FF - ExtSQL: 2013-03-24 15:58; firebug@software.joehewitt.com; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-03-26 17:26; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF - ExtSQL: 2013-03-28 00:30; {8b86149f-01fb-4842-9dd8-4d7eb02fd055}; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
FF - ExtSQL: 2013-03-30 04:57; autopager@mozilla.org; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\autopager@mozilla.org.xpi
FF - ExtSQL: !HIDDEN! 2013-04-06 19:18; {61e9067a-1ebf-483c-8fd8-2de8c7e9e951}; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\{61e9067a-1ebf-483c-8fd8-2de8c7e9e951}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-10-11 402992]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-4-6 28600]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-10-11 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-10-11 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101008.002\IDSviA64.sys [2010-9-15 476720]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-4-6 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-4-6 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-4-6 100712]
R2 CrossLoopService;CrossLoop Service;C:\Users\[REDACTED]\AppData\Local\CrossLoop\CrossLoopService.exe [2011-3-18 560848]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-2-17 87176]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-19 1153368]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-20 240160]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-10-26 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\NISx64\1008000.029\symndisv.sys [2010-10-11 56880]
R3 tapklink;Klink Virtual Network Adapter;C:\Windows\System32\drivers\tapklink.sys [2011-10-23 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-10-11 117640]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-16 102368]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\System32\drivers\nwusbser2.sys [2009-11-10 213376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-30 59392]
S3 tvnserver;TightVNC Server;C:\Users\[REDACTED]\AppData\Local\CrossLoop\tvnserver.exe [2011-3-18 814080]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-12 1255736]
.
=============== Created Last 30 ================
.
2013-04-07 02:28:00 -------- d-----w- C:\Users\[REDACTED]\AppData\Roaming\Avira
2013-04-07 02:22:28 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-04-07 02:22:28 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-04-07 02:22:24 -------- d-----w- C:\ProgramData\Avira
2013-04-07 02:22:24 -------- d-----w- C:\Program Files (x86)\Avira
2013-04-06 08:42:49 761856 ----a-w- C:\Users\[REDACTED]\AppData\Roaming\dlwig.dll
2013-04-03 17:26:41 -------- d-----w- C:\Program Files (x86)\Audacity
2013-03-21 14:40:52 -------- d-----w- C:\Program Files (x86)\MouseServer
2013-03-21 14:40:44 -------- d-----w- C:\Users\[REDACTED]\AppData\Local\Programs
2013-03-21 13:13:13 -------- d-----w- C:\Users\[REDACTED]\AppData\Local\WindowsUpdate
2013-03-21 12:03:46 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-03-21 12:03:46 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-03-21 12:03:46 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-03-21 12:03:46 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-03-21 11:51:59 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-21 11:23:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-03-21 11:23:20 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-03-21 11:23:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-03-21 11:23:19 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-03-21 11:22:38 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-03-21 11:22:38 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-03-21 11:22:37 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-03-21 11:22:37 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-03-21 11:22:36 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-03-21 11:22:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-03-21 11:22:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-03-21 11:14:10 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-03-21 11:14:10 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-03-21 11:14:10 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-03-21 11:14:10 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-03-21 11:14:10 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-03-20 22:54:28 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-20 13:47:37 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-20 13:47:35 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-20 13:47:35 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-20 13:47:05 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-03-20 13:47:05 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-03-20 13:47:05 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-03-20 13:46:59 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-03-20 13:46:58 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-03-20 13:43:50 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-20 13:40:58 1572864 ----a-w- C:\Windows\System32\quartz.dll
2013-03-20 13:40:57 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-03-20 13:40:57 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-03-20 13:40:57 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2013-03-20 13:40:04 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-03-20 13:40:04 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-03-20 13:40:00 220160 ----a-w- C:\Windows\System32\wintrust.dll
2013-03-20 13:40:00 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-03-20 13:37:54 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-03-20 13:35:24 59392 ----a-w- C:\Windows\System32\browcli.dll
2013-03-20 13:35:24 136704 ----a-w- C:\Windows\System32\browser.dll
2013-03-20 13:35:23 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2013-03-20 13:13:22 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-03-20 13:13:22 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-03-20 13:11:10 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-03-20 13:11:10 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-03-20 13:11:06 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2013-03-20 13:11:06 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-03-20 13:04:32 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-03-20 13:04:32 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-03-20 12:59:10 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2013-03-20 12:59:10 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2013-03-20 12:58:40 395776 ----a-w- C:\Windows\System32\webio.dll
2013-03-20 12:58:40 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2013-03-20 12:58:37 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-03-20 12:55:34 515584 ----a-w- C:\Windows\System32\timedate.cpl
2013-03-20 12:55:34 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2013-03-20 12:47:31 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-03-20 12:47:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-03-20 12:43:02 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-03-20 12:42:36 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-03-20 12:36:43 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-03-20 12:36:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-03-20 12:02:06 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-03-20 12:02:05 67072 ----a-w- C:\Windows\splwow64.exe
2013-03-20 11:12:50 -------- d-----w- C:\Windows\System32\SPReview
2013-03-20 11:11:27 -------- d-----w- C:\Windows\System32\EventProviders
2013-03-20 10:52:48 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-03-20 10:52:48 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-03-20 10:52:47 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-03-20 10:52:47 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-03-20 10:52:47 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-03-20 10:52:47 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-03-20 10:29:13 77312 ----a-w- C:\Windows\System32\packager.dll
2013-03-20 10:29:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-03-20 10:28:56 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-03-20 10:28:55 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-03-20 10:28:55 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-03-20 10:15:25 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-03-20 10:14:53 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-03-20 10:14:18 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-03-20 10:14:18 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-03-19 23:27:11 -------- d-----w- C:\Program Files (x86)\WinDirStat
2013-03-19 08:54:28 -------- d-----w- C:\Users\[REDACTED]\.android
2013-03-19 08:42:20 -------- d-----w- C:\Program Files (x86)\Faveset Klink
2013-03-18 00:50:07 131072 ----a-w- C:\Windows\SysWow64\WlanApp.dll
2013-03-18 00:50:06 577536 ----a-w- C:\Windows\SysWow64\ANIWZCS2.dll
2013-03-18 00:50:06 57407 ----a-w- C:\Windows\SysWow64\ANICtl.dll
2013-03-18 00:50:06 49152 ----a-w- C:\Windows\SysWow64\AQCKGen.dll
2013-03-18 00:50:06 192512 ----a-w- C:\Windows\SysWow64\aIPH.dll
2013-03-18 00:50:06 1163337 ----a-w- C:\Windows\SysWow64\odSupp_M.dll
2013-03-18 00:49:42 36864 ----a-w- C:\Windows\SysWow64\ANIOApi.dll
2013-03-18 00:49:42 28205 ----a-w- C:\Windows\SysWow64\ANIO.sys
2013-03-18 00:49:42 16997 ----a-w- C:\Windows\SysWow64\ANIO.VXD
2013-03-18 00:49:42 11904 ----a-w- C:\Windows\SysWow64\anio4.sys
2013-03-18 00:49:41 -------- d-----w- C:\Program Files (x86)\ANI
2013-03-18 00:49:38 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-03-18 00:49:37 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-03-18 00:49:37 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-03-18 00:49:37 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-03-18 00:49:34 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-03-18 00:49:17 -------- d-----w- C:\Program Files (x86)\D-Link
2013-03-17 10:01:40 -------- d-----w- C:\Windows\pss
.
==================== Find3M ====================
.
2013-03-21 11:51:59 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2013-03-20 19:00:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-03-20 19:00:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-02-16 16:51:40 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
.
============= FINISH: 19:20:39.70 ===============
========
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2010 4:58:09 PM
System Uptime: 4/6/2013 7:17:41 PM (0 hours ago)
.
Motherboard: eMachines | | WMCP61M
Processor: AMD Athlon(tm) Processor LE-1640 | Socket AM2 | 999/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 400.282 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP140: 3/21/2013 3:00:52 AM - Windows Update
RP141: 3/22/2013 2:03:11 AM - Windows Update
RP142: 3/31/2013 6:40:13 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Advertising Center
AirPlus G
ANIO Service
ANIWZCS2 Service
Apple Application Support
Apple Software Update
Audacity 2.0.3
Avira Free Antivirus
Cherry Red Casino
Compatibility Pack for the 2007 Office system
CrossLoop 2.74
Dropbox
DVDFab 8.1.1.2 (08/08/2011) Qt
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Faveset Klink
GIMP 2.6.11
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Identity Card
ImagXpress
InstallVC90Support
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Lexmark Printable Web
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mobile Broadband Generic Drivers
MobiLink 3
MouseServer version 1.3.0.0
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Neat Image v6 Demo (with plug-in)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
No Dish Network
Norton Online Backup
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SimTheme Park
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.10
VST Bridge 1.1
Welcome Center
WinDirStat 1.1.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR 4.00 (64-bit)
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
4/6/2013 7:18:06 PM, Error: Service Control Manager [7024] - The Norton Internet Security service terminated with service-specific error %%-1.
4/6/2013 7:18:05 PM, Error: Service Control Manager [7000] - The ANIO Service service failed to start due to the following error: The system cannot find the file specified.
4/6/2013 3:55:28 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
Any help would be appreciated.
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.06.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
[REDACTED] :: [REDACTED]-PC [administrator]
4/6/2013 6:39:40 PM
mbam-log-2013-04-06 (18-39-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235847
Time elapsed: 5 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Avira (Trojan.Agent.RVGen5) -> Data: C:\Users\[REDACTED]\AppData\Roaming\D2B205\D2B205.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|srets (Trojan.Medfos.RRE) -> Data: rundll32.exe "C:\Users\[REDACTED]\AppData\Roaming\srets.dll",HrGetStreamPos -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\[REDACTED]\AppData\Roaming\skype.dat -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 9
C:\Users\[REDACTED]\AppData\Roaming\D2B205\D2B205.exe (Trojan.Agent.RVGen5) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Roaming\srets.dll (Trojan.Medfos.RRE) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Roaming\rtunt.dll (Trojan.Dropper.DU) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Roaming\skype.dat (Trojan.Ransom.RRE) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Local\Temp\iGzee.exe (PUP.Casino) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Local\Temp\uILSDB.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Local\Temp\~!#2EB3.tmp (Trojan.FakeAlert.NSIS) -> Quarantined and deleted successfully.
C:\Users\[REDACTED]\AppData\Local\Temp\~!#4BA2.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3707050995-4052671073-1020293463-1000\$RQY3I5W.exe (PUP.Casino) -> Quarantined and deleted successfully.
(end)
=============
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 1.6.0_26
Run by [REDACTED] at 19:19:37 on 2013-04-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.1056 [GMT -8:00]
.
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Faveset Klink\kclientgui.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Users\[REDACTED]\AppData\Local\CrossLoop\CrossLoopService.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Faveset Klink\adb.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1333g&r=17361010m206p04c5v125r4622s227
uWinlogon: Shell = explorer.exe,C:\Users\[REDACTED]\AppData\Roaming\skype.dat
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [dlwig] "C:\Windows\System32\rundll32.exe" "C:\Users\[REDACTED]\AppData\Roaming\dlwig.dll",init_mmx_flags
uRun: [rtunt] "C:\Windows\System32\rundll32.exe" "C:\Users\[REDACTED]\AppData\Roaming\rtunt.dll",get_header_ver
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\[REDACTED]~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FAVESE~1.LNK - C:\Program Files (x86)\Faveset Klink\kclientgui.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 209.112.128.2 204.17.139.2
TCP: Interfaces\{76C09F17-3DAB-4FF0-8A0B-AE83015E5F44} : DHCPNameServer = 209.112.128.2 204.17.139.2 192.168.1.1
TCP: Interfaces\{DEE5C81B-4278-4336-A04E-4F6A9630E5ED} : DHCPNameServer = 209.112.128.2 204.17.139.2
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1333g&r=17361010m206p04c5v125r4622s227
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2013-03-20 17:30; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - ExtSQL: 2013-03-24 15:17; {ce7e73df-6a44-4028-8079-5927a588c948}; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}
FF - ExtSQL: 2013-03-24 15:58; firebug@software.joehewitt.com; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-03-26 17:26; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF - ExtSQL: 2013-03-28 00:30; {8b86149f-01fb-4842-9dd8-4d7eb02fd055}; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
FF - ExtSQL: 2013-03-30 04:57; autopager@mozilla.org; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\autopager@mozilla.org.xpi
FF - ExtSQL: !HIDDEN! 2013-04-06 19:18; {61e9067a-1ebf-483c-8fd8-2de8c7e9e951}; C:\Users\[REDACTED]\AppData\Roaming\Mozilla\Firefox\Profiles\x1pwisa5.default\extensions\{61e9067a-1ebf-483c-8fd8-2de8c7e9e951}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-10-11 402992]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-4-6 28600]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-10-11 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-10-11 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101008.002\IDSviA64.sys [2010-9-15 476720]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-4-6 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-4-6 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-4-6 100712]
R2 CrossLoopService;CrossLoop Service;C:\Users\[REDACTED]\AppData\Local\CrossLoop\CrossLoopService.exe [2011-3-18 560848]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-2-17 87176]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-19 1153368]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-20 240160]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-10-26 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\NISx64\1008000.029\symndisv.sys [2010-10-11 56880]
R3 tapklink;Klink Virtual Network Adapter;C:\Windows\System32\drivers\tapklink.sys [2011-10-23 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-10-11 117640]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-16 102368]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\System32\drivers\nwusbser2.sys [2009-11-10 213376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-30 59392]
S3 tvnserver;TightVNC Server;C:\Users\[REDACTED]\AppData\Local\CrossLoop\tvnserver.exe [2011-3-18 814080]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-12 1255736]
.
=============== Created Last 30 ================
.
2013-04-07 02:28:00 -------- d-----w- C:\Users\[REDACTED]\AppData\Roaming\Avira
2013-04-07 02:22:28 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-04-07 02:22:28 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-04-07 02:22:24 -------- d-----w- C:\ProgramData\Avira
2013-04-07 02:22:24 -------- d-----w- C:\Program Files (x86)\Avira
2013-04-06 08:42:49 761856 ----a-w- C:\Users\[REDACTED]\AppData\Roaming\dlwig.dll
2013-04-03 17:26:41 -------- d-----w- C:\Program Files (x86)\Audacity
2013-03-21 14:40:52 -------- d-----w- C:\Program Files (x86)\MouseServer
2013-03-21 14:40:44 -------- d-----w- C:\Users\[REDACTED]\AppData\Local\Programs
2013-03-21 13:13:13 -------- d-----w- C:\Users\[REDACTED]\AppData\Local\WindowsUpdate
2013-03-21 12:03:46 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-03-21 12:03:46 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-03-21 12:03:46 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-03-21 12:03:46 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-03-21 11:51:59 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-21 11:23:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-03-21 11:23:20 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-03-21 11:23:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-03-21 11:23:19 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-03-21 11:22:38 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-03-21 11:22:38 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-03-21 11:22:37 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-03-21 11:22:37 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-03-21 11:22:36 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-03-21 11:22:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-03-21 11:22:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-03-21 11:14:10 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-03-21 11:14:10 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-03-21 11:14:10 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-03-21 11:14:10 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-03-21 11:14:10 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-03-20 22:54:28 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-20 13:47:37 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-20 13:47:35 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-20 13:47:35 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-20 13:47:05 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-03-20 13:47:05 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-03-20 13:47:05 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-03-20 13:46:59 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-03-20 13:46:58 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-03-20 13:43:50 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-20 13:40:58 1572864 ----a-w- C:\Windows\System32\quartz.dll
2013-03-20 13:40:57 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-03-20 13:40:57 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-03-20 13:40:57 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2013-03-20 13:40:04 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-03-20 13:40:04 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-03-20 13:40:00 220160 ----a-w- C:\Windows\System32\wintrust.dll
2013-03-20 13:40:00 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-03-20 13:37:54 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-03-20 13:35:24 59392 ----a-w- C:\Windows\System32\browcli.dll
2013-03-20 13:35:24 136704 ----a-w- C:\Windows\System32\browser.dll
2013-03-20 13:35:23 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2013-03-20 13:13:22 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-03-20 13:13:22 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-03-20 13:11:10 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-03-20 13:11:10 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-03-20 13:11:06 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2013-03-20 13:11:06 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-03-20 13:04:32 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-03-20 13:04:32 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-03-20 12:59:10 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2013-03-20 12:59:10 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2013-03-20 12:58:40 395776 ----a-w- C:\Windows\System32\webio.dll
2013-03-20 12:58:40 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2013-03-20 12:58:37 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-03-20 12:55:34 515584 ----a-w- C:\Windows\System32\timedate.cpl
2013-03-20 12:55:34 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2013-03-20 12:47:31 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-03-20 12:47:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-03-20 12:43:02 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-03-20 12:42:36 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-03-20 12:36:43 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-03-20 12:36:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-03-20 12:02:06 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-03-20 12:02:05 67072 ----a-w- C:\Windows\splwow64.exe
2013-03-20 11:12:50 -------- d-----w- C:\Windows\System32\SPReview
2013-03-20 11:11:27 -------- d-----w- C:\Windows\System32\EventProviders
2013-03-20 10:52:48 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-03-20 10:52:48 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-03-20 10:52:47 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-03-20 10:52:47 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-03-20 10:52:47 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-03-20 10:52:47 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-03-20 10:29:13 77312 ----a-w- C:\Windows\System32\packager.dll
2013-03-20 10:29:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-03-20 10:28:56 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-03-20 10:28:55 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-03-20 10:28:55 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-03-20 10:15:25 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-03-20 10:14:53 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-03-20 10:14:18 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-03-20 10:14:18 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-03-19 23:27:11 -------- d-----w- C:\Program Files (x86)\WinDirStat
2013-03-19 08:54:28 -------- d-----w- C:\Users\[REDACTED]\.android
2013-03-19 08:42:20 -------- d-----w- C:\Program Files (x86)\Faveset Klink
2013-03-18 00:50:07 131072 ----a-w- C:\Windows\SysWow64\WlanApp.dll
2013-03-18 00:50:06 577536 ----a-w- C:\Windows\SysWow64\ANIWZCS2.dll
2013-03-18 00:50:06 57407 ----a-w- C:\Windows\SysWow64\ANICtl.dll
2013-03-18 00:50:06 49152 ----a-w- C:\Windows\SysWow64\AQCKGen.dll
2013-03-18 00:50:06 192512 ----a-w- C:\Windows\SysWow64\aIPH.dll
2013-03-18 00:50:06 1163337 ----a-w- C:\Windows\SysWow64\odSupp_M.dll
2013-03-18 00:49:42 36864 ----a-w- C:\Windows\SysWow64\ANIOApi.dll
2013-03-18 00:49:42 28205 ----a-w- C:\Windows\SysWow64\ANIO.sys
2013-03-18 00:49:42 16997 ----a-w- C:\Windows\SysWow64\ANIO.VXD
2013-03-18 00:49:42 11904 ----a-w- C:\Windows\SysWow64\anio4.sys
2013-03-18 00:49:41 -------- d-----w- C:\Program Files (x86)\ANI
2013-03-18 00:49:38 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-03-18 00:49:37 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-03-18 00:49:37 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-03-18 00:49:37 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-03-18 00:49:34 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-03-18 00:49:17 -------- d-----w- C:\Program Files (x86)\D-Link
2013-03-17 10:01:40 -------- d-----w- C:\Windows\pss
.
==================== Find3M ====================
.
2013-03-21 11:51:59 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2013-03-20 19:00:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-03-20 19:00:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-02-16 16:51:40 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
.
============= FINISH: 19:20:39.70 ===============
========
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2010 4:58:09 PM
System Uptime: 4/6/2013 7:17:41 PM (0 hours ago)
.
Motherboard: eMachines | | WMCP61M
Processor: AMD Athlon(tm) Processor LE-1640 | Socket AM2 | 999/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 400.282 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP140: 3/21/2013 3:00:52 AM - Windows Update
RP141: 3/22/2013 2:03:11 AM - Windows Update
RP142: 3/31/2013 6:40:13 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Advertising Center
AirPlus G
ANIO Service
ANIWZCS2 Service
Apple Application Support
Apple Software Update
Audacity 2.0.3
Avira Free Antivirus
Cherry Red Casino
Compatibility Pack for the 2007 Office system
CrossLoop 2.74
Dropbox
DVDFab 8.1.1.2 (08/08/2011) Qt
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Faveset Klink
GIMP 2.6.11
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Identity Card
ImagXpress
InstallVC90Support
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Lexmark Printable Web
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mobile Broadband Generic Drivers
MobiLink 3
MouseServer version 1.3.0.0
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Neat Image v6 Demo (with plug-in)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
No Dish Network
Norton Online Backup
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SimTheme Park
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.10
VST Bridge 1.1
Welcome Center
WinDirStat 1.1.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR 4.00 (64-bit)
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
4/6/2013 7:18:06 PM, Error: Service Control Manager [7024] - The Norton Internet Security service terminated with service-specific error %%-1.
4/6/2013 7:18:05 PM, Error: Service Control Manager [7000] - The ANIO Service service failed to start due to the following error: The system cannot find the file specified.
4/6/2013 3:55:28 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================