.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by josh at 13:34:37 on 2012-04-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.2046.974 [GMT 10:00]
.
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\josh\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\rundll32.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://
www.google.com.au/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\josh\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 203.161.169.200 8.8.8.8
TCP: Interfaces\{A86C40FD-E9CC-4337-B944-7624C60B6BE3} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BC37C831-F33B-4EC1-BC1D-018B1088CA9C} : DhcpNameServer = 203.161.169.200 8.8.8.8
TCP: Interfaces\{BC37C831-F33B-4EC1-BC1D-018B1088CA9C}\2456C6B696E6F574F505C65737F5D494D4F4F5833493440364 : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-28 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-28 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-28 29712]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-28 243152]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-29 308136]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-27 1343400]
S4 NVDCPservice;Neevia Document Converter Pro COM object;c:\program files\neevia.com\docconverterpro\comobjs\dcCOM.dll [2011-11-9 380312]
S4 oldDCPservice;Neevia Document Converter Pro old COM object;c:\program files\neevia.com\docconverterpro\comobjs\old\docConverter.dll [2011-11-9 325024]
.
=============== Created Last 30 ================
.
2012-04-20 03:07:16--------d-----w-c:\users\josh\appdata\roaming\Malwarebytes
2012-04-20 03:07:11--------d-----w-c:\programdata\Malwarebytes
2012-04-20 03:07:1022344----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-20 03:07:09--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-04-20 02:51:04--------d-----w-C:\TDSSKiller_Quarantine
2012-04-20 02:00:37--------d-----w-c:\programdata\AVAST Software
2012-04-20 02:00:37--------d-----w-c:\program files\AVAST Software
2012-04-16 05:47:09--------d-----w-C:\c81fbdf6c4f08a9400
2012-04-16 05:46:575120----a-w-c:\windows\system32\wmi.dll
2012-04-16 05:46:5719824----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-04-16 05:46:57172544----a-w-c:\windows\system32\wintrust.dll
2012-04-16 05:46:57159232----a-w-c:\windows\system32\imagehlp.dll
2012-04-16 05:46:403968368----a-w-c:\windows\system32\ntkrnlpa.exe
2012-04-16 05:46:403913072----a-w-c:\windows\system32\ntoskrnl.exe
2012-04-11 07:07:02--------d-----w-c:\users\josh\appdata\roaming\QuickScan
2012-04-06 23:46:160--sha-w-c:\windows\system32\dds_trash_log.cmd
2012-04-06 23:38:37--------d-----w-c:\program files\Doremisoft
2012-04-06 23:34:32--------d-----w-c:\programdata\Emicsoft Studio
2012-04-06 23:34:21--------d-----w-c:\program files\Emicsoft Studio
.
==================== Find3M ====================
.
2012-04-20 02:52:18388096----a-w-c:\windows\system32\drivers\csc.sys
2012-02-17 05:34:22826880----a-w-c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08183808----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:2224576----a-w-c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38:431077248----a-w-c:\windows\system32\DWrite.dll
2012-02-07 01:02:401070352----a-w-c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54:272343424----a-w-c:\windows\system32\win32k.sys
2012-01-25 05:32:3558880----a-w-c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34129536----a-w-c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:518192----a-w-c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 13:34:53.89 ===============