Member Avatar

I need to remove Vundo and potentially other issues from my son's computer. BTW **Do not allow your kids to play Pickle **as that seems to be where he got it. sigh

I've followed all of the instructions from the "Read me before posting" instructions. Your help is much appreciated!

'=========== malwarebytes log =========

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Vincent :: VINCENT-PC [administrator]

Protection: Enabled

5/17/2013 8:47:49 PM
mbam-log-2013-05-17 (20-47-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 375978
Time elapsed: 34 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

============ GMER One.log ===========
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-17 20:20:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1001FAES-75W7A0 rev.05.01D05 931.51GB
Running: fq2lk3vl.exe; Driver: C:\Users\Vincent\AppData\Local\Temp\uxriifog.sys


---- Threads - GMER 2.1 ----

Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3476]                                          0000000071b01dd4
Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3540]                                          0000000071b01dd4
Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3568]                                          000007fefb79d880
Thread   C:\Windows\System32\svchost.exe [3700:4476]                                                             000007fef0509688
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:4152]                                          000007fefe5d0168
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:808]                                           000007fefbc72a7c
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:4424]                                          000007feeab1d618
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:2104]                                          000007fefad35124
---- Processes - GMER 2.1 ----

Library  C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL (*** suspicious ***) @ C:\Windows\Explorer.EXE [1896]  0000000002ee0000

---- EOF - GMER 2.1 ----


======== GMER Two.log ========

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-17 20:39:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1001FAES-75W7A0 rev.05.01D05 931.51GB
Running: fq2lk3vl.exe; Driver: C:\Users\Vincent\AppData\Local\Temp\uxriifog.sys


---- Threads - GMER 2.1 ----

Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3476]                                                                                                                                    0000000071b01dd4
Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3540]                                                                                                                                    0000000071b01dd4
Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3568]                                                                                                                                    000007fefb79d880
Thread   C:\Windows\System32\svchost.exe [3700:4476]                                                                                                                                                       000007fef0509688
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:4152]                                                                                                                                    000007fefe5d0168
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:808]                                                                                                                                     000007fefbc72a7c
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:4424]                                                                                                                                    000007feeab1d618
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:2104]                                                                                                                                    000007fefad35124
---- Processes - GMER 2.1 ----

Library  C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL (*** suspicious ***) @ C:\Windows\Explorer.EXE [1896]                                                                                            0000000002ee0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                                                                              2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                                                                             2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                                                                                       aswFsBlk
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                                                                             FSFilter Activity Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                                                                                   FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                                                                                       avast! mini-filter driver (aswFsBlk)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                                                                               3
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                                                                                         aswFsBlk Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                                                              388400
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                                                                 0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                                                                             2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                                                                            2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                                                                                     1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                                                                                        \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                                                                                      aswMonFlt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                                                                            FSFilter Anti-Virus
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                                                                                  FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                                                                                      avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                                                                                        
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                                                                                        aswMonFlt Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                                                            320700
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                                                               0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                                                                                  
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                                                                                         aswRdr
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                                                                               PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                                                                                     tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                                                                                         avast! WFP Redirect driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                                                                           \SystemRoot\System32\Drivers\aswrdr2.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                                                       nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                                                                              0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                                                                                       1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                                                                                        aswRvrt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                                                                                        avast! Revert
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                                                                             14
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                                                                             3373043
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                                                                              \Device\Harddisk0\Partition3\Windows
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                                                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                                                                                2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                                                                                         aswSnx
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                                                                               FSFilter Virtualization
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                                                                                     FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                                                                                         avast! virtualization driver (aswSnx)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                                                                                                                 2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                                                                                           aswSnx Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                                                                  137600
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                                                                                     0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                                                                                            \DosDevices\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                                                                               \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                                                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                                                                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                                                                                          aswSP
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                                                                                          avast! Self Protection
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                                                                                             \DosDevices\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                                                                                \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                                                                                        \DosDevices\C:\Program Files
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                                                                                                                              \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                                                                                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                                                                                         avast! Network Shield Support
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                                                                               PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                                                                                     tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                                                                                         avast! Network Shield TDI driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                                                                                 12
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                                                                               3
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                                                                                         aswVmm
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                                                                                         avast! VM Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                                                                                      32
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                                                                                     2
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                                                                                 "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                                                                               avast! Antivirus
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                                                                                     ShellSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                                                                                           aswMonFlt?RpcSS?
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                                                                                     1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                                                                                LocalSystem
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                                                                                            1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                                                                               Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                                                                                  2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                                                                                 2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                                                                                           aswFsBlk
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                                                                                 FSFilter Activity Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                                                                                       FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                                                                                           avast! mini-filter driver (aswFsBlk)
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                                                                                   3
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                                                                                             aswFsBlk Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                                                                                   
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                                                                  388400
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                                                                     0
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                                                                                 2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                                                                                2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                                                                                         1
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                                                                                            \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                                                                                          aswMonFlt
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                                                                                FSFilter Anti-Virus
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                                                                                      FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                                                                                          avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                                                                                    
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                                                                                            aswMonFlt Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                                                                                 
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                                                                320700
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                                                                   0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                                                                                             aswRdr
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                                                                                   PNP_TDI
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                                                                                         tcpip?
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                                                                                             avast! WFP Redirect driver
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                                                                               \SystemRoot\System32\Drivers\aswrdr2.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                                                                                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                                                           nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                                                                                                                  0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                                                                                                                           1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                                                                                                                            aswRvrt
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                                                                                                                            avast! Revert
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                                                                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                                                                                                                 14
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                                                                                                                 3373043
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                                                                                                                  \Device\Harddisk0\Partition3\Windows
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                                                                                                                    2
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                                                                                                                             aswSnx
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                                                                                                                   FSFilter Virtualization
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                                                                                                                         FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                                                                                                                             avast! virtualization driver (aswSnx)
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                                                                                                                     2
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                                                                                                               aswSnx Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                                                                      137600
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                                                                                                                         0
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                                                                                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                                                                                                                \DosDevices\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                                                                                                                   \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                                                                                                                     1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                                                                                                                             1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                                                                                                                              aswSP
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                                                                                                                              avast! Self Protection
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                                                                                                                 \DosDevices\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                                                                                                                    \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                                                                                                                            \DosDevices\C:\Program Files
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                                                                                                                  \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                                                                                                                             avast! Network Shield Support
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                                                                                                                   PNP_TDI
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                                                                                                                         tcpip?
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                                                                                                                             avast! Network Shield TDI driver
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                                                                                                                     12
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                                                                                                                   3
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                                                                                                                             aswVmm
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                                                                                                                             avast! VM Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                                                                                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                                                                                                                          32
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                                                                                                                         2
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                                                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                                                                                                                     "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                                                                                                                   avast! Antivirus
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                                                                                                                         ShellSvcGroup
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                                                                                                               aswMonFlt?RpcSS?
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                                                                                                                         1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                                                                                                                    LocalSystem
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                                                                                                                1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                                                                                                                   Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Vincent\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe  1

---- EOF - GMER 2.1 ----


=========== dds.txt ===========

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576
Run by Vincent at 21:44:22 on 2013-05-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5943.4078 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {2e9331d0-b42b-42b7-9824-a6545d0ceaa6} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Vincent\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7B6E9E3E-35B2-4192-9038-6C2AABAE4735} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-1 65336]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-30 55280]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-10-12 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-10-12 377920]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-10-12 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-12 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-1 45248]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-17 701512]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-6-25 109168]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-30 56344]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-30 271872]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-11-30 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-17 25928]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-1 178624]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-30 158976]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
.
=============== Created Last 30 ================
.
2013-05-18 01:41:36 --------    d-----w-    C:\Users\Vincent\AppData\Roaming\Malwarebytes
2013-05-18 01:41:27 --------    d-----w-    C:\ProgramData\Malwarebytes
2013-05-18 01:41:26 25928   ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-05-18 01:41:26 --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-18 01:41:05 --------    d-----w-    C:\Users\Vincent\AppData\Local\Programs
2013-05-17 23:16:26 --------    d-----w-    C:\Program Files (x86)\Free Window Registry Repair
2013-05-17 23:15:02 388096  ----a-r-    C:\Users\Vincent\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-17 23:15:01 --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-05-17 19:12:14 --------    d-----r-    C:\Program Files (x86)\Skype
2013-05-17 16:02:11 9460464 ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F70E6934-0AF8-479E-A557-6A665C951823}\mpengine.dll
2013-05-15 08:00:59 1767424 ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-15 08:00:57 2242048 ----a-w-    C:\Windows\System32\wininet.dll
2013-05-07 08:03:22 9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-04 21:31:56 737072  ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-05-04 21:31:36 2876528 ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-04 21:31:08 42776   ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-04 21:30:59 539984  ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-02 00:35:14 --------    d-----w-    C:\Users\Vincent\AppData\Roaming\.minecraft
2013-04-28 00:10:28 --------    d-----w-    C:\Program Files (x86)\AirPort
2013-04-23 22:06:10 1656680 ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-05-15 05:05:10 71048   ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 05:05:10 692104  ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-07 08:03:22 9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-05 22:36:15 545200  ----a-w-    C:\Windows\System32\npdeployJava1.dll
2013-05-05 22:36:15 526768  ----a-w-    C:\Windows\System32\deployJava1.dll
2013-05-02 07:06:08 278800  ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168  ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208  ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736  ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104  ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624  ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-10 06:01:54 265064  ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400  ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w-    C:\Windows\System32\win32k.sys
2013-04-08 22:00:05 796672  ----a-w-    C:\Windows\GPInstall.exe
2013-04-05 06:50:36 3958784 ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072   ----a-w-    C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704  ----a-w-    C:\Windows\System32\iesysprep.dll
2013-04-05 05:26:26 2877440 ----a-w-    C:\Windows\SysWow64\jscri

Recommended Answers

MBAM is usually right on top of Vundo. All you have are the two Searchscopes keys, which were removed. GMER looks clean, no suspicious keys or services in DDS.

Jump to Post

All 3 Replies

MBAM is usually right on top of Vundo. All you have are the two Searchscopes keys, which were removed. GMER looks clean, no suspicious keys or services in DDS.

Member Avatar

If only that was true. There is something else wrong then as I still am not able to do Windows update. It continually fails on the same update.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.21 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.