0

I need to remove Vundo and potentially other issues from my son's computer. BTW **Do not allow your kids to play Pickle **as that seems to be where he got it. sigh

I've followed all of the instructions from the "Read me before posting" instructions. Your help is much appreciated!

'=========== malwarebytes log =========

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Vincent :: VINCENT-PC [administrator]

Protection: Enabled

5/17/2013 8:47:49 PM
mbam-log-2013-05-17 (20-47-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 375978
Time elapsed: 34 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

============ GMER One.log ===========
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-17 20:20:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1001FAES-75W7A0 rev.05.01D05 931.51GB
Running: fq2lk3vl.exe; Driver: C:\Users\Vincent\AppData\Local\Temp\uxriifog.sys


---- Threads - GMER 2.1 ----

Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3476]                                          0000000071b01dd4
Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3540]                                          0000000071b01dd4
Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3568]                                          000007fefb79d880
Thread   C:\Windows\System32\svchost.exe [3700:4476]                                                             000007fef0509688
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:4152]                                          000007fefe5d0168
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:808]                                           000007fefbc72a7c
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:4424]                                          000007feeab1d618
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:2104]                                          000007fefad35124
---- Processes - GMER 2.1 ----

Library  C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL (*** suspicious ***) @ C:\Windows\Explorer.EXE [1896]  0000000002ee0000

---- EOF - GMER 2.1 ----


======== GMER Two.log ========

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-17 20:39:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1001FAES-75W7A0 rev.05.01D05 931.51GB
Running: fq2lk3vl.exe; Driver: C:\Users\Vincent\AppData\Local\Temp\uxriifog.sys


---- Threads - GMER 2.1 ----

Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3476]                                                                                                                                    0000000071b01dd4
Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3540]                                                                                                                                    0000000071b01dd4
Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3568]                                                                                                                                    000007fefb79d880
Thread   C:\Windows\System32\svchost.exe [3700:4476]                                                                                                                                                       000007fef0509688
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:4152]                                                                                                                                    000007fefe5d0168
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:808]                                                                                                                                     000007fefbc72a7c
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:4424]                                                                                                                                    000007feeab1d618
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:2104]                                                                                                                                    000007fefad35124
---- Processes - GMER 2.1 ----

Library  C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL (*** suspicious ***) @ C:\Windows\Explorer.EXE [1896]                                                                                            0000000002ee0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                                                                              2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                                                                             2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                                                                                       aswFsBlk
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                                                                             FSFilter Activity Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                                                                                   FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                                                                                       avast! mini-filter driver (aswFsBlk)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                                                                               3
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                                                                                         aswFsBlk Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                                                              388400
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                                                                 0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                                                                             2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                                                                            2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                                                                                     1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                                                                                        \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                                                                                      aswMonFlt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                                                                            FSFilter Anti-Virus
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                                                                                  FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                                                                                      avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                                                                                        
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                                                                                        aswMonFlt Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                                                            320700
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                                                               0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                                                                                  
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                                                                                         aswRdr
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                                                                               PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                                                                                     tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                                                                                         avast! WFP Redirect driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                                                                           \SystemRoot\System32\Drivers\aswrdr2.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                                                       nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                                                                              0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                                                                                       1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                                                                                        aswRvrt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                                                                                        avast! Revert
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                                                                             14
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                                                                             3373043
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                                                                              \Device\Harddisk0\Partition3\Windows
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                                                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                                                                                2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                                                                                         aswSnx
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                                                                               FSFilter Virtualization
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                                                                                     FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                                                                                         avast! virtualization driver (aswSnx)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                                                                                                                 2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                                                                                           aswSnx Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                                                                  137600
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                                                                                     0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                                                                                            \DosDevices\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                                                                               \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                                                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                                                                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                                                                                          aswSP
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                                                                                          avast! Self Protection
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                                                                                             \DosDevices\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                                                                                \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                                                                                        \DosDevices\C:\Program Files
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                                                                                                                              \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                                                                                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                                                                                         avast! Network Shield Support
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                                                                               PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                                                                                     tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                                                                                         avast! Network Shield TDI driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                                                                                 12
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                                                                               3
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                                                                                         aswVmm
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                                                                                         avast! VM Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                                                                                      32
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                                                                                     2
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                                                                                 "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                                                                               avast! Antivirus
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                                                                                     ShellSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                                                                                           aswMonFlt?RpcSS?
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                                                                                     1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                                                                                LocalSystem
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                                                                                            1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                                                                               Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                                                                                  2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                                                                                 2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                                                                                           aswFsBlk
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                                                                                 FSFilter Activity Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                                                                                       FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                                                                                           avast! mini-filter driver (aswFsBlk)
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                                                                                   3
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                                                                                             aswFsBlk Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                                                                                   
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                                                                  388400
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                                                                     0
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                                                                                 2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                                                                                2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                                                                                         1
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                                                                                            \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                                                                                          aswMonFlt
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                                                                                FSFilter Anti-Virus
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                                                                                      FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                                                                                          avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                                                                                    
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                                                                                            aswMonFlt Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                                                                                 
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                                                                320700
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                                                                   0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                                                                                             aswRdr
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                                                                                   PNP_TDI
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                                                                                         tcpip?
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                                                                                             avast! WFP Redirect driver
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                                                                               \SystemRoot\System32\Drivers\aswrdr2.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                                                                                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                                                           nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                                                                                                                  0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                                                                                                                           1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                                                                                                                            aswRvrt
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                                                                                                                            avast! Revert
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                                                                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                                                                                                                 14
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                                                                                                                 3373043
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                                                                                                                  \Device\Harddisk0\Partition3\Windows
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                                                                                                                    2
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                                                                                                                             aswSnx
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                                                                                                                   FSFilter Virtualization
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                                                                                                                         FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                                                                                                                             avast! virtualization driver (aswSnx)
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                                                                                                                     2
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                                                                                                               aswSnx Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                                                                      137600
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                                                                                                                         0
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                                                                                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                                                                                                                \DosDevices\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                                                                                                                   \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                                                                                                                     1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                                                                                                                             1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                                                                                                                              aswSP
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                                                                                                                              avast! Self Protection
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                                                                                                                 \DosDevices\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                                                                                                                    \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                                                                                                                            \DosDevices\C:\Program Files
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                                                                                                                  \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                                                                                                                             avast! Network Shield Support
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                                                                                                                   PNP_TDI
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                                                                                                                         tcpip?
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                                                                                                                             avast! Network Shield TDI driver
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                                                                                                                     12
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                                                                                                                   3
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                                                                                                                             aswVmm
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                                                                                                                             avast! VM Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                                                                                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                                                                                                                          32
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                                                                                                                         2
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                                                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                                                                                                                     "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                                                                                                                   avast! Antivirus
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                                                                                                                         ShellSvcGroup
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                                                                                                               aswMonFlt?RpcSS?
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                                                                                                                         1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                                                                                                                    LocalSystem
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                                                                                                                1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                                                                                                                   Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Vincent\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe  1

---- EOF - GMER 2.1 ----


=========== dds.txt ===========

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576
Run by Vincent at 21:44:22 on 2013-05-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5943.4078 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {2e9331d0-b42b-42b7-9824-a6545d0ceaa6} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Vincent\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7B6E9E3E-35B2-4192-9038-6C2AABAE4735} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-1 65336]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-30 55280]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-10-12 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-10-12 377920]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-10-12 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-12 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-1 45248]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-17 701512]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-6-25 109168]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-30 56344]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-30 271872]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-11-30 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-17 25928]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-1 178624]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-30 158976]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
.
=============== Created Last 30 ================
.
2013-05-18 01:41:36 --------    d-----w-    C:\Users\Vincent\AppData\Roaming\Malwarebytes
2013-05-18 01:41:27 --------    d-----w-    C:\ProgramData\Malwarebytes
2013-05-18 01:41:26 25928   ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-05-18 01:41:26 --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-18 01:41:05 --------    d-----w-    C:\Users\Vincent\AppData\Local\Programs
2013-05-17 23:16:26 --------    d-----w-    C:\Program Files (x86)\Free Window Registry Repair
2013-05-17 23:15:02 388096  ----a-r-    C:\Users\Vincent\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-17 23:15:01 --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-05-17 19:12:14 --------    d-----r-    C:\Program Files (x86)\Skype
2013-05-17 16:02:11 9460464 ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F70E6934-0AF8-479E-A557-6A665C951823}\mpengine.dll
2013-05-15 08:00:59 1767424 ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-15 08:00:57 2242048 ----a-w-    C:\Windows\System32\wininet.dll
2013-05-07 08:03:22 9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-04 21:31:56 737072  ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-05-04 21:31:36 2876528 ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-04 21:31:08 42776   ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-04 21:30:59 539984  ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-02 00:35:14 --------    d-----w-    C:\Users\Vincent\AppData\Roaming\.minecraft
2013-04-28 00:10:28 --------    d-----w-    C:\Program Files (x86)\AirPort
2013-04-23 22:06:10 1656680 ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-05-15 05:05:10 71048   ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 05:05:10 692104  ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-07 08:03:22 9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-05 22:36:15 545200  ----a-w-    C:\Windows\System32\npdeployJava1.dll
2013-05-05 22:36:15 526768  ----a-w-    C:\Windows\System32\deployJava1.dll
2013-05-02 07:06:08 278800  ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168  ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208  ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736  ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104  ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624  ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-10 06:01:54 265064  ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400  ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w-    C:\Windows\System32\win32k.sys
2013-04-08 22:00:05 796672  ----a-w-    C:\Windows\GPInstall.exe
2013-04-05 06:50:36 3958784 ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072   ----a-w-    C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704  ----a-w-    C:\Windows\System32\iesysprep.dll
2013-04-05 05:26:26 2877440 ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440   ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056  ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w-    C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600   ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680   ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-03-19 06:04:06 5550424 ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640   ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400  ----a-w-    C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520   ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640  ----a-w-    C:\Windows\System32\smss.exe
2013-03-06 22:33:21 70992   ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 22:33:21 65336   ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 22:33:21 178624  ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 22:33:21 1025808 ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 22:33:20 80816   ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 22:32:51 41664   ----a-w-    C:\Windows\avastSS.scr
2013-03-06 09:31:21 477616  ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-03-06 09:31:21 473520  ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-02-27 06:02:44 111448  ----a-w-    C:\Windows\System32\consent.exe
2013-02-27 05:48:00 1930752 ----a-w-    C:\Windows\System32\authui.dll
2013-02-27 05:47:10 70144   ----a-w-    C:\Windows\System32\appinfo.dll
2013-02-27 04:49:24 1796096 ----a-w-    C:\Windows\SysWow64\authui.dll
.
============= FINISH: 21:44:46.59 ===============



======= attach.txt ========

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 12/12/2010 12:52:02 PM
System Uptime: 5/17/2013 9:35:16 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0C2KJT
Processor: Intel(R) Core(TM) i3 CPU         550  @ 3.20GHz | CPU 1 | 3200/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 923 GiB total, 865.713 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP527: 5/10/2013 3:00:11 AM - Windows Update
RP528: 5/11/2013 3:00:11 AM - Windows Update
RP529: 5/12/2013 3:00:16 AM - Windows Update
RP530: 5/13/2013 3:00:11 AM - Windows Update
RP531: 5/14/2013 3:00:11 AM - Windows Update
RP532: 5/15/2013 3:00:13 AM - Windows Update
RP533: 5/16/2013 3:00:12 AM - Windows Update
RP534: 5/17/2013 3:00:11 AM - Windows Update
RP535: 5/17/2013 2:20:56 PM - Windows Update
RP536: 5/17/2013 3:23:57 PM - Windows Update
RP537: 5/17/2013 3:48:22 PM - Windows Update
RP538: 5/17/2013 5:42:17 PM - Windows Update
RP539: 5/17/2013 6:14:45 PM - Installed HiJackThis
RP540: 5/17/2013 6:38:56 PM - Removed TheSkyX First Light Edition.
RP541: 5/17/2013 6:39:54 PM - Removed TONKA Search & Rescue 2
.
==== Installed Programs ======================
.
4 Elements
Acer eDisplay Management
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
AirPort
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
CameraHelperMsi
Chicken Invaders 3
Compatibility Pack for the 2007 Office system
D3DX10
Dell Dock
Dell Edoc Viewer
Dell Support Center
Dora's Big Birthday Adventure
Dora Saves the Crystal Kingdom!
erLT
Google Chrome
HiJackThis
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 45 (64-bit)
Junk Mail filter update
Kidzui
KONICA MINOLTA magicolor 1600W
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
MSVCRT
MSVCRT_amd64
Multimedia Card Reader
Panel Utility
Pivot Pro Plugin
PowerDVD DX
QuickTime
Realtek High Definition Audio Driver
ROBLOX Player for Vincent
ROBLOX Studio 2013 for Vincent
Roxio Burn
Safari
SDK
Secunia PSI (2.0.0.3001)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Skype™ 6.3
SpongeBob and the Clash of Triton
swMSM
Unreal Tournament
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/17/2013 9:35:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa800543f040, 0xfffff80000b9c510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051713-17643-01.
5/17/2013 5:53:18 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 5:51:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/17/2013 5:51:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/17/2013 5:51:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/17/2013 5:51:17 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/17/2013 5:51:12 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx aswSP aswTdi discache SASDIFSV SASKUTIL spldr vmm Wanarpv6
5/17/2013 5:44:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2667402).
5/17/2013 4:29:27 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 4:28:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/17/2013 4:28:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/17/2013 4:27:49 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vmm Wanarpv6 WfpLwf
5/17/2013 4:27:49 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
5/17/2013 4:27:49 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 4:27:49 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 4:27:49 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 4:27:49 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 4:27:48 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 4:27:48 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
5/17/2013 4:27:48 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
5/17/2013 4:27:48 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/17/2013 4:27:48 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
.
==== End Of File ==========================='
2
Contributors
3
Replies
9
Views
4 Years
Discussion Span
Last Post by gerbil
0

MBAM is usually right on top of Vundo. All you have are the two Searchscopes keys, which were removed. GMER looks clean, no suspicious keys or services in DDS.

0

If only that was true. There is something else wrong then as I still am not able to do Windows update. It continually fails on the same update.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.