After removing the FBI scam virus using some manual tinkering then Malwarebytes, Avast and Spybot, I ran Hijack and found a bunch of O23 entries that marked them as (file missing). Hijack will not let me remove them.
Most relate to important Windows files in the System32 folder. The files are there. I am wondering if this is a serious problem or if I still have some malware,
My PC is an HP Pavilion Entertainment model in Windows 7 Home Premium.
I also uninstalled some apps; they would not load or threw some errors: Sendori, Norton antivirus, ABBYY, McAfee remnants, Antivirus Security Pro (rogue fake) and Top Chef (it was classified as a bomb).
When I ran gmer, most check boxes were disabled. Only services, registry, files and ADS were active. The Show all was unchecked. At the end gmer said there was a system modification possibly due to a root kit.
Here is the dds.txt contents:DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.40.2
Run by Robert at 23:00:05 on 2013-09-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1825 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_168_ActiveX.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Windows\System32\Sendori.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B4D33B26-27DD-432E-95F3-40CEC1AF6A22} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B4D33B26-27DD-432E-95F3-40CEC1AF6A22}\35072796E64784F6473707F6475383 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2013-9-7 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2013-9-7 270824]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-7 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-9-7 204880]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-11 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-11 1139800]
R1 aswFW;avast! TDI Firewall Driver;C:\Windows\System32\drivers\aswFW.sys [2013-9-7 131232]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-9-7 22600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-9-7 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-9-7 378944]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-11 433752]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-9-7 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-9-7 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-7 46808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-9-7 137960]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-24 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-5-20 70656]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-10 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-11-10 34872]
S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-11 169048]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-11 224416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-9-10 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 240736]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-28 140128]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-22 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-09-11 16:49:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-11 16:41:08 973736 ----a-w- C:\Windows\System32\deployJava1.dll
2013-09-11 16:41:08 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-09-11 16:40:57 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-09-11 12:58:32 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-11 12:58:28 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-11 03:44:59 69632 ----a-w- C:\Windows\System32\xxpbar.exe
2013-09-11 03:44:59 429568 ----a-w- C:\Windows\System32\xxcopysu.exe
2013-09-11 03:44:59 429568 ----a-w- C:\Windows\System32\xxcopy.exe
2013-09-11 03:44:59 236963 ----a-w- C:\Windows\System32\xxcopy16.exe
2013-09-11 03:13:12 236963 ----a-w- C:\Windows\SysWow64\XXCOPY16.EXE
2013-09-11 03:13:12 236963 ----a-w- C:\Windows\SysWow64\XX293116.EXE
2013-09-11 03:13:12 2321 ----a-w- C:\Windows\SysWow64\UIXXCOPY.BAT
2013-09-11 03:13:11 69632 ----a-w- C:\Windows\SysWow64\XXPBAR.EXE
2013-09-11 03:13:11 429568 ----a-w- C:\Windows\SysWow64\XXCOPYSU.EXE
2013-09-11 03:13:11 429568 ----a-w- C:\Windows\SysWow64\XXCOPY.EXE
2013-09-11 03:13:11 429568 ----a-w- C:\Windows\SysWow64\XX2971.EXE
2013-09-11 03:13:11 142840 ----a-w- C:\Windows\SysWow64\XXCONSOLE.EXE
2013-09-11 03:11:24 -------- d-----w- C:\Temp
2013-09-11 02:14:28 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-09-11 01:13:10 -------- d-----w- C:\ProgramData\Oracle
2013-09-10 13:41:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-09-10 13:41:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-09-09 14:21:14 -------- d-----w- C:\Program Files\CCleaner
2013-09-08 13:55:09 9430408 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-09-08 02:37:52 -------- d-sh--w- C:\found.000
2013-09-08 02:21:33 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-09-08 02:21:33 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2013-09-08 02:21:33 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2013-09-08 02:21:31 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-09-08 02:21:30 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-09-08 02:21:30 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-09-08 02:21:29 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-09-08 02:21:28 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-09-08 02:21:20 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2013-09-08 02:20:41 41664 ----a-w- C:\Windows\avastSS.scr
2013-09-08 02:20:17 -------- d-----w- C:\Program Files\AVAST Software
2013-09-08 02:20:07 -------- d-----w- C:\ProgramData\AVAST Software
2013-09-08 02:19:59 -------- d-----w- C:\Users\Robert\AppData\Roaming\Malwarebytes
2013-09-08 02:19:38 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-08 02:19:33 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-08 02:19:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-08 02:19:18 -------- d-----w- C:\Users\Robert\AppData\Local\Programs
2013-09-05 20:13:22 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-09-05 20:13:21 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-09-05 20:13:04 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-09-05 20:13:03 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-09-05 20:12:56 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-09-05 20:12:56 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-09-05 20:12:55 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-09-05 20:12:55 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-09-05 20:12:55 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-09-05 20:12:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-09-05 20:12:55 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-09-05 20:12:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-09-05 20:12:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-09-05 20:12:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-09-05 20:12:46 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-09-05 20:12:46 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-01 03:22:53 -------- d-sh--w- C:\$$PendingFiles
2013-08-15 13:58:00 -------- d-----w- C:\Windows\System32\MRT
.
==================== Find3M ====================
.
2013-09-11 16:55:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 16:55:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-11 16:49:17 868264 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-09-11 01:12:26 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-01 19:28:10 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll
2013-06-17 23:05:37 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
.
============= FINISH: 23:00:34.96 ===============
Most relate to important Windows files in the System32 folder. The files are there. I am wondering if this is a serious problem or if I still have some malware,
My PC is an HP Pavilion Entertainment model in Windows 7 Home Premium.
I also uninstalled some apps; they would not load or threw some errors: Sendori, Norton antivirus, ABBYY, McAfee remnants, Antivirus Security Pro (rogue fake) and Top Chef (it was classified as a bomb).
When I ran gmer, most check boxes were disabled. Only services, registry, files and ADS were active. The Show all was unchecked. At the end gmer said there was a system modification possibly due to a root kit.
Here is the dds.txt contents:DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.40.2
Run by Robert at 23:00:05 on 2013-09-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1825 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_168_ActiveX.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Windows\System32\Sendori.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B4D33B26-27DD-432E-95F3-40CEC1AF6A22} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B4D33B26-27DD-432E-95F3-40CEC1AF6A22}\35072796E64784F6473707F6475383 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2013-9-7 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2013-9-7 270824]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-7 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-9-7 204880]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-11 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-11 1139800]
R1 aswFW;avast! TDI Firewall Driver;C:\Windows\System32\drivers\aswFW.sys [2013-9-7 131232]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-9-7 22600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-9-7 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-9-7 378944]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-11 433752]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-9-7 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-9-7 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-7 46808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-9-7 137960]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-24 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-5-20 70656]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-10 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-11-10 34872]
S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-11 169048]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-11 224416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-9-10 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 240736]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-28 140128]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-22 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-09-11 16:49:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-11 16:41:08 973736 ----a-w- C:\Windows\System32\deployJava1.dll
2013-09-11 16:41:08 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-09-11 16:40:57 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-09-11 12:58:32 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-11 12:58:28 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-11 03:44:59 69632 ----a-w- C:\Windows\System32\xxpbar.exe
2013-09-11 03:44:59 429568 ----a-w- C:\Windows\System32\xxcopysu.exe
2013-09-11 03:44:59 429568 ----a-w- C:\Windows\System32\xxcopy.exe
2013-09-11 03:44:59 236963 ----a-w- C:\Windows\System32\xxcopy16.exe
2013-09-11 03:13:12 236963 ----a-w- C:\Windows\SysWow64\XXCOPY16.EXE
2013-09-11 03:13:12 236963 ----a-w- C:\Windows\SysWow64\XX293116.EXE
2013-09-11 03:13:12 2321 ----a-w- C:\Windows\SysWow64\UIXXCOPY.BAT
2013-09-11 03:13:11 69632 ----a-w- C:\Windows\SysWow64\XXPBAR.EXE
2013-09-11 03:13:11 429568 ----a-w- C:\Windows\SysWow64\XXCOPYSU.EXE
2013-09-11 03:13:11 429568 ----a-w- C:\Windows\SysWow64\XXCOPY.EXE
2013-09-11 03:13:11 429568 ----a-w- C:\Windows\SysWow64\XX2971.EXE
2013-09-11 03:13:11 142840 ----a-w- C:\Windows\SysWow64\XXCONSOLE.EXE
2013-09-11 03:11:24 -------- d-----w- C:\Temp
2013-09-11 02:14:28 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-09-11 01:13:10 -------- d-----w- C:\ProgramData\Oracle
2013-09-10 13:41:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-09-10 13:41:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-09-09 14:21:14 -------- d-----w- C:\Program Files\CCleaner
2013-09-08 13:55:09 9430408 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-09-08 02:37:52 -------- d-sh--w- C:\found.000
2013-09-08 02:21:33 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-09-08 02:21:33 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2013-09-08 02:21:33 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2013-09-08 02:21:31 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-09-08 02:21:30 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-09-08 02:21:30 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-09-08 02:21:29 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-09-08 02:21:28 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-09-08 02:21:20 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2013-09-08 02:20:41 41664 ----a-w- C:\Windows\avastSS.scr
2013-09-08 02:20:17 -------- d-----w- C:\Program Files\AVAST Software
2013-09-08 02:20:07 -------- d-----w- C:\ProgramData\AVAST Software
2013-09-08 02:19:59 -------- d-----w- C:\Users\Robert\AppData\Roaming\Malwarebytes
2013-09-08 02:19:38 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-08 02:19:33 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-08 02:19:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-08 02:19:18 -------- d-----w- C:\Users\Robert\AppData\Local\Programs
2013-09-05 20:13:22 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-09-05 20:13:21 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-09-05 20:13:04 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-09-05 20:13:03 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-09-05 20:12:56 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-09-05 20:12:56 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-09-05 20:12:55 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-09-05 20:12:55 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-09-05 20:12:55 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-09-05 20:12:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-09-05 20:12:55 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-09-05 20:12:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-09-05 20:12:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-09-05 20:12:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-09-05 20:12:46 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-09-05 20:12:46 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-01 03:22:53 -------- d-sh--w- C:\$$PendingFiles
2013-08-15 13:58:00 -------- d-----w- C:\Windows\System32\MRT
.
==================== Find3M ====================
.
2013-09-11 16:55:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 16:55:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-11 16:49:17 868264 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-09-11 01:12:26 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-01 19:28:10 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll
2013-06-17 23:05:37 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
.
============= FINISH: 23:00:34.96 ===============