Win 7 pro laptop hijacked

Posted 9/18/2013 5:01 PM
#96010
User avatar

Myron P Valued member

Date Joined Nov 2016
Total Posts: 11
My Windows 7 Pro HP laptop has been booting slowly. On startup my anti-virus program is disabled, and most programs wil not run. Cannot access internet, or run any virus or malware removal tools. After multiple shut down and restart attampts I seem to be alive, this has happened a number of times, so I'm not shutting down or restarting for now; just logging off. Ran DDs screen. <br/> <br/>DDS (Ver_2012-11-20.01) - NTFS_AMD64 <br/>Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.21.2 <br/>Run by Myron at 14:20:13 on 2013-09-18 <br/>Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8087.5001 [GMT -4:00] <br/>. <br/>AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} <br/>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} <br/>. <br/>============== Running Processes =============== <br/>. <br/>C:\Windows\system32\lsm.exe <br/>C:\Windows\system32\svchost.exe -k DcomLaunch <br/>C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe <br/>C:\Windows\system32\nvvsvc.exe <br/>C:\Windows\system32\svchost.exe -k RPCSS <br/>c:\Program Files\Microsoft Security Client\MsMpEng.exe <br/>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted <br/>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted <br/>C:\Windows\system32\svchost.exe -k LocalService <br/>C:\Windows\system32\svchost.exe -k netsvcs <br/>C:\Program Files\IDT\WDM\STacSV64.exe <br/>C:\Windows\system32\svchost.exe -k GPSvcGroup <br/>C:\Windows\system32\Hpservice.exe <br/>C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe <br/>C:\Windows\system32\nvvsvc.exe <br/>C:\Windows\System32\WUDFHost.exe <br/>C:\Windows\system32\svchost.exe -k NetworkService <br/>C:\Windows\system32\WLANExt.exe <br/>C:\Windows\System32\spoolsv.exe <br/>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork <br/>C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>C:\Windows\system32\taskhost.exe <br/>C:\Program Files (x86)\HP SimplePass\TouchControl.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Windows\system32\taskeng.exe <br/>C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe <br/>C:\Program Files\NVIDIA Corporation\Display\nvtray.exe <br/>C:\Windows\system32\svchost.exe -k bthsvcs <br/>C:\Program Files\Intel\WiFi\bin\EvtEng.exe <br/>C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe <br/>C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe <br/>C:\Program Files\Intel\iCLS Client\HeciServer.exe <br/>C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe <br/>C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe <br/>C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe <br/>C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe <br/>C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe <br/>C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe <br/>C:\Windows\system32\svchost.exe -k imgsvc <br/>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE <br/>C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe <br/>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe <br/>C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe <br/>C:\Windows\system32\wbem\unsecapp.exe <br/>C:\Windows\system32\wbem\wmiprvse.exe <br/>C:\Windows\system32\svchost.exe -k WbioSvcGroup <br/>C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted <br/>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe <br/>C:\Program Files\Microsoft Security Client\msseces.exe <br/>C:\Windows\system32\wbem\unsecapp.exe <br/>C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe <br/>C:\Program Files\IDT\WDM\sttray64.exe <br/>C:\Windows\System32\hkcmd.exe <br/>C:\Windows\System32\igfxpers.exe <br/>C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe <br/>C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe <br/>C:\Program Files (x86)\HP SimplePass\BioMonitor.exe <br/>C:\Windows\System32\rundll32.exe <br/>C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE <br/>C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe <br/>C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe <br/>C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe <br/>C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe <br/>C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe <br/>C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe <br/>C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe <br/>C:\Program Files (x86)\CyberLink\Shared files\brs.exe <br/>C:\Program Files\Windows Media Player\wmpnetwk.exe <br/>C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe <br/>C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe <br/>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation <br/>C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe <br/>C:\Windows\system32\SearchIndexer.exe <br/>c:\Program Files\Microsoft Security Client\NisSrv.exe <br/>C:\Windows\system32\SearchProtocolHost.exe <br/>C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe <br/>C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe <br/>C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe <br/>C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe <br/>C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe <br/>C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe <br/>C:\Windows\servicing\TrustedInstaller.exe <br/>C:\Users\Myron\Desktop\TOOLS\setup_11.0.1.1245.x01_2013_09_17_18_33.exe <br/>C:\Users\Myron\AppData\Local\Temp\RarSFX0\1669646.exe <br/>C:\Users\Myron\AppData\Local\Temp\6071169\1669646.exe <br/>C:\Windows\system32\SearchFilterHost.exe <br/>c:\Program Files\Microsoft Security Client\MpCmdRun.exe <br/>C:\Windows\system32\wbem\wmiprvse.exe <br/>C:\Windows\System32\cscript.exe <br/>. <br/>============== Pseudo HJT Report =============== <br/>. <br/>uStart Page = hxxp://www.dogpile.com/info.dogpl/search/home <br/>uURLSearchHooks: FCToolbarURLSearchHook Class: {e719d8a6-cca4-41b5-b27c-ccf969280033} - C:\Program Files (x86)\Dogpile Toolbar\Helper.dll <br/>uURLSearchHooks: <No Name>: - LocalServer32 - <no file> <br/>mWinlogon: Userinit = userinit.exe, <br/>BHO: Dogpile Toolbar BHO: {61AFBC1F-52F3-43F5-A5ED-AFA778C579E1} - C:\Program Files (x86)\Dogpile Toolbar\Toolbar.dll <br/>BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> <br/>BHO: HP SimplePass Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll <br/>BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned> <br/>TB: Dogpile Toolbar: {8A936F47-6B90-4537-A1BC-6F369A203D47} - C:\Program Files (x86)\Dogpile Toolbar\Toolbar.dll <br/>TB: HP SimplePass Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll <br/>TB: Dogpile Toolbar: {8A936F47-6B90-4537-A1BC-6F369A203D47} - C:\Program Files (x86)\Dogpile Toolbar\Toolbar.dll <br/>mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" <br/>mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe <br/>mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey <br/>mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" <br/>mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe <br/>mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" <br/>mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe <br/>mRunOnce: [GrpConv] grpconv -o <br/>StartupFolder: C:\Users\Myron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\Myron\AppData\Local\Temp\_uninst_33472720.bat <br/>StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE <br/>uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 <br/>mPolicies-Explorer: NoActiveDesktop = dword:1 <br/>mPolicies-Explorer: NoActiveDesktopChanges = dword:1 <br/>mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 <br/>mPolicies-System: ConsentPromptBehaviorUser = dword:3 <br/>mPolicies-System: EnableUIADesktopToggle = dword:0 <br/>IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 <br/>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} <br/>IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 <br/>DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab <br/>TCP: NameServer = 167.206.112.138 167.206.7.4 <br/>TCP: Interfaces\{44E1A87F-9FA1-41E8-A5B5-AB398FFD89DC} : DHCPNameServer = 167.206.112.138 167.206.7.4 <br/>TCP: Interfaces\{7A5432E6-628D-4686-949C-D6150C3E94C0} : DHCPNameServer = 167.206.112.138 167.206.7.4 <br/>TCP: Interfaces\{7A5432E6-628D-4686-949C-D6150C3E94C0}\6416E63697341647D27657563747 : DHCPNameServer = 167.206.245.129 167.206.245.130 <br/>TCP: Interfaces\{7A5432E6-628D-4686-949C-D6150C3E94C0}\876696E696479777966696 : DHCPNameServer = 10.250.255.72 10.250.255.73 <br/>TCP: Interfaces\{7A5432E6-628D-4686-949C-D6150C3E94C0}\A456E6E69666562772370296E6475627E656470236F6E6E65636D27657563747 : DHCPNameServer = 167.206.245.129 167.206.245.130 192.168.33.1 <br/>TCP: Interfaces\{7A5432E6-628D-4686-949C-D6150C3E94C0}\F6074796D657D677966696 : DHCPNameServer = 10.250.255.72 10.250.255.73 <br/>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll <br/>Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll <br/>AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll, C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll <br/>SSODL: WebCheck - <orphaned> <br/>mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn <br/>x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll <br/>x64-BHO: HP SimplePass Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll <br/>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll <br/>x64-TB: HP SimplePass Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll <br/>x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe <br/>x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe <br/>x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey <br/>x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe <br/>x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe <br/>x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe <br/>x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe <br/>x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" <br/>x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe <br/>x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp <br/>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> <br/>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> <br/>x64-Notify: igfxcui - igfxdev.dll <br/>x64-SSODL: WebCheck - <orphaned> <br/>x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn <br/>. <br/>============= SERVICES / DRIVERS =============== <br/>. <br/>R0 33472720;33472720;C:\Windows\System32\drivers\33472720.sys [2013-9-18 460888] <br/>R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2011-12-5 16152] <br/>R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216] <br/>R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-7-30 30496] <br/>R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976] <br/>R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-27 1014096] <br/>R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-27 1104208] <br/>R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952] <br/>R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424] <br/>R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] <br/>R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] <br/>R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040] <br/>R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] <br/>R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-16 13592] <br/>R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456] <br/>R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-8-16 128280] <br/>R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-16 161560] <br/>R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 139616] <br/>R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 14984480] <br/>R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-16 363800] <br/>R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232] <br/>R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144] <br/>R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-27 1304912] <br/>R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232] <br/>R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008] <br/>R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] <br/>R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2011-12-7 108288] <br/>R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928] <br/>R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-16 331264] <br/>R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2011-12-5 355096] <br/>R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2011-12-5 785688] <br/>R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-12-20 25496] <br/>R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600] <br/>R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-7-30 39712] <br/>R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-16 565352] <br/>R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2011-10-14 20016] <br/>RUnknown 1669646drv;1669646drv; [x] <br/>S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/07/17 12:07:58;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-9-3 245264] <br/>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] <br/>S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] <br/>S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] <br/>S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144] <br/>S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168] <br/>S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-12-20 34200] <br/>S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-6-25 272688] <br/>S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-11 19456] <br/>S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-8-16 259688] <br/>S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] <br/>S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] <br/>S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] <br/>S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] <br/>S3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2011-12-9 269640] <br/>S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-11 57856] <br/>S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-11 30208] <br/>S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-23 1255736] <br/>S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] <br/>. <br/>=============== Created Last 30 ================ <br/>. <br/>2013-09-18 18:16:43 460888 ----a-w- C:\Windows\System32\drivers\33472720.sys <br/>2013-09-17 19:07:48 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) <br/>2013-09-17 18:38:05 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{971DD1B5-DAE2-4C05-8F20-9FCFB15156D3}\mpengine.dll <br/>2013-09-17 14:32:51 -------- d-----w- C:\ProgramData\Kaspersky Lab <br/>2013-09-16 15:27:25 9694160 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll <br/>2013-09-12 13:14:47 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe <br/>2013-09-06 16:55:25 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D4E7837D-9910-4CB5-9D18-2B0F59C2258F}\gapaengine.dll <br/>. <br/>==================== Find3M ==================== <br/>. <br/>2013-09-13 16:15:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl <br/>2013-09-13 16:15:59 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe <br/>2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll <br/>2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll <br/>2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll <br/>2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll <br/>2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll <br/>2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll <br/>2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll <br/>2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll <br/>2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb <br/>2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb <br/>2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe <br/>2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe <br/>2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys <br/>2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys <br/>2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe <br/>2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll <br/>2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll <br/>2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll <br/>2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll <br/>2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll <br/>2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll <br/>2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll <br/>2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe <br/>2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll <br/>2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll <br/>2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll <br/>2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe <br/>2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe <br/>2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe <br/>2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll <br/>2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe <br/>2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe <br/>2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll <br/>2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll <br/>2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll <br/>2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll <br/>2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL <br/>2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL <br/>2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll <br/>2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll <br/>2013-07-17 15:58:38 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll <br/>2013-07-17 15:58:38 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll <br/>2013-07-17 15:58:38 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll <br/>2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll <br/>2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll <br/>2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll <br/>2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll <br/>2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll <br/>2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll <br/>2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll <br/>2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll <br/>2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll <br/>2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll <br/>2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys <br/>2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll <br/>2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll <br/>2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe <br/>2013-06-21 10:23:10 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll <br/>2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll <br/>2013-06-21 10:23:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll <br/>2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll <br/>2013-06-21 10:23:10 1025312 ----a-w- C:\Windows\System32\nv3dappshext.dll <br/>. <br/>============= FINISH: 14:20:53.26 ===============
Posted 9/24/2013 9:36 PM
#96025
User avatar

Advanced member

The first thing that came ito my view is C:\Users\Myron\AppData\Local\Temp\6071169\1669646.exe <br/>There should not be any executable files running from temporary folders, especially one with numbers for a name. <br/> <br/>Did you run a full computer scan with your Microsoft Security Essentials? <br/> <br/>Also, download Combofix from here and run it: http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/> <br/>When finished, it will produce a log for you. The log is automatically saved on Local disk C:\ and is named Combofix.txt . Post back the results.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, December 7, 2016, 11:10 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 37,967 registered members. Please welcome our newest member, ConcepcionJAbbate.
There are currently no users on-line.