When I shutdown the computer using start shutdown it shuts down but later turns back on. System restore is not creating restore points automatically. It does create a restore point when I add a program or do windows update. I am not sure if the restore points are corrupted or not.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:47:12 PM, on 6/15/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files\Common Files\Desura\desura_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
--
End of file - 6022 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
Run by daniel at 14:51:29 on 2013-06-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3518.2532 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3034F098-21EB-4EC5-A106-57A50A06EB6A} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B0779A39-AAAC-4AD0-8562-F9415FF9B4CD} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-6-8 13560]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-4-3 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-4-3 86752]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-4-3 110816]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-4-3 84744]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-4-18 659992]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2012-12-29 5553016]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2012-12-29 451960]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500w7.sys [2013-4-3 1092160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2013-4-27 131912]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2013-5-23 34432]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-1-31 22656]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-4-18 16024]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-25 14848]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-4-18 1227800]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-25 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-12-25 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-12-25 1343400]
.
=============== Created Last 30 ================
.
2013-06-15 00:21:37 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bc28a870-c3ec-4b31-93eb-1f6fecf15169}\mpengine.dll
2013-06-15 00:20:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-15 00:20:13 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-06-15 00:11:21 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-15 00:11:18 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-15 00:11:08 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-15 00:11:08 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-15 00:11:04 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-15 00:11:00 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-15 00:10:57 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-15 00:10:47 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-15 00:10:46 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-15 00:10:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-15 00:10:46 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-15 00:10:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-08 18:05:07 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-06-08 15:11:56 -------- d-----w- c:\users\daniel.daniel-pc\appdata\roaming\LavasoftStatistics
2013-06-08 15:09:32 -------- d-----w- c:\programdata\Downloaded Installations
2013-06-08 15:09:31 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\adawarebp
2013-06-08 15:09:29 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-06-08 15:05:09 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-06-08 15:05:09 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-06-08 14:56:00 -------- d-----w- c:\programdata\Licenses
2013-06-08 14:49:31 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\NVIDIA
2013-06-08 14:34:58 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\Secunia PSI
2013-06-08 14:34:37 -------- d-----w- c:\program files\Secunia
2013-06-08 14:24:16 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-08 14:24:16 -------- d-----w- c:\program files\iTunes
2013-06-08 14:24:16 -------- d-----w- c:\program files\iPod
2013-06-07 23:48:36 388096 ----a-r- c:\users\daniel.daniel-pc\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-05-27 19:33:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-27 18:38:40 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\Programs
2013-05-27 18:38:18 -------- d-----w- c:\users\daniel.daniel-pc\appdata\roaming\Malwarebytes
2013-05-23 22:45:52 -------- d-----w- c:\users\daniel.daniel-pc\appdata\roaming\NVIDIA
2013-05-23 17:27:21 -------- d-----w- c:\users\daniel.daniel-pc\appdata\roaming\BSD
2013-05-23 17:27:21 -------- d-----w- c:\programdata\BSD
2013-05-23 17:27:15 2228736 ----a-w- c:\windows\bsdsetup.dll
2013-05-23 17:26:20 34432 ----a-w- c:\windows\system32\drivers\mcvidrv.sys
2013-05-18 19:35:03 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\Facebook
2013-05-18 18:56:07 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\Roblox
2013-05-17 00:30:54 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\Apple Computer
2013-05-17 00:30:21 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-05-17 00:28:15 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\Apple
2013-05-17 00:27:31 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2013-06-12 10:30:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 10:30:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-17 01:25:57 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-05-07 10:31:05 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 07:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 13:55:52 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-03 18:30:34 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-03 18:30:34 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-03 15:58:51 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-03 15:58:51 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-19 04:53:27 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 03:33:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
.
============= FINISH: 14:51:47.02 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2012 9:59:25 AM
System Uptime: 6/15/2013 2:33:48 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0YP696
Processor: AMD Athlon(tm) Dual Core Processor 5000B | Socket M2 | 2600/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 929 GiB total, 834.364 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP78: 6/7/2013 7:17:10 PM - new
RP79: 6/7/2013 7:19:16 PM - new 2
RP80: 6/8/2013 9:43:38 AM - Windows Update
RP81: 6/8/2013 12:45:36 PM - Windows Update
RP82: 6/8/2013 1:04:29 PM - Windows Update
RP83: 6/8/2013 1:13:14 PM - Windows Update
RP84: 6/8/2013 4:40:21 PM - Installed Wizard101 Test
RP85: 6/14/2013 7:11:26 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.21beta
Adobe AIR
Adobe Flash Player 11 ActiveX
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArtRage Studio
Autodesk SketchBook Express 2011 sp2
Avira Free Antivirus
Bamboo
Bamboo Dock
Bamboo Tablets Tutorial
Bandicam
Bandisoft MPEG-1 Decoder
Bonjour
Borderlands
CCleaner
Counter-Strike: Source
D3DX10
Desura
Disney Toontown Online
Facebook Video Calling 1.2.0.287
FileZilla Client 3.5.3
Free PDF Tablet
Garry's Mod
Google Chrome
Google Update Helper
HiJackThis
iTunes
Java 7 Update 21
Java Auto Updater
Junk Mail filter update
Left 4 Dead 2
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
Notepad++
NVIDIA Control Panel 307.83
NVIDIA Display Control Panel
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA PhysX
Photo Common
Photo Gallery
Portal 2
PVSonyDll
ROBLOX Player for daniel
Secunia PSI (3.0.0.7009)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.3
Spiral Knights
SpywareBlaster 5.0
Steam
TeamSpeak 3 Client
Terraria
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wizard101
Wizard101 Test
.
==== Event Viewer Messages From Past Week ========
.
6/9/2013 5:33:15 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/9/2013 5:33:15 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
6/14/2013 6:02:11 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-15 15:08:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000060 GB1000EA rev.HPG2 931.51GB
Running: ql1yspck.exe; Driver: C:\Users\DANIEL~1.DAN\AppData\Local\Temp\uxlirpod.sys
---- System - GMER 2.1 ----
SSDT 910C8C66 ZwCreateSection
SSDT 910C8C70 ZwRequestWaitReplyPort
SSDT 910C8C6B ZwSetContextThread
SSDT 910C8C75 ZwSetSecurityObject
SSDT 910C8C7A ZwSystemDebugControl
SSDT 910C8C07 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A809F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ABA1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82AC153C 4 Bytes [66, 8C, 0C, 91] {MOV [ECX+EDX*4], CS}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82AC1898 4 Bytes [70, 8C, 0C, 91] {JO 0xffffff8e; OR AL, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82AC18DC 4 Bytes [6B, 8C, 0C, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82AC1958 4 Bytes [75, 8C, 0C, 91] {JNZ 0xffffff8e; OR AL, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82AC19AC 4 Bytes [7A, 8C, 0C, 91] {JP 0xffffff8e; OR AL, 0x91}
.text ...
? C:\Users\DANIEL~1.DAN\AppData\Local\Temp\mbr.sys The system cannot find the path specified. !
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] shell32.DLL!RealDriveType + 173D 761FFE30 4 Bytes [E5, 36, 63, 65]
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] shell32.DLL!RealDriveType + 1745 761FFE38 8 Bytes [1B, 57, 63, 65, 97, 83, 64, ...]
---- EOF - GMER 2.1 ----
Thanks
Update: I did a restore and undo and it worked fine so it seems they are not corrupt.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:47:12 PM, on 6/15/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files\Common Files\Desura\desura_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
--
End of file - 6022 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
Run by daniel at 14:51:29 on 2013-06-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3518.2532 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3034F098-21EB-4EC5-A106-57A50A06EB6A} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B0779A39-AAAC-4AD0-8562-F9415FF9B4CD} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-6-8 13560]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-4-3 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-4-3 86752]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-4-3 110816]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-4-3 84744]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-4-18 659992]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2012-12-29 5553016]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2012-12-29 451960]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500w7.sys [2013-4-3 1092160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2013-4-27 131912]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2013-5-23 34432]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-1-31 22656]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-4-18 16024]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-25 14848]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-4-18 1227800]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-25 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-12-25 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-12-25 1343400]
.
=============== Created Last 30 ================
.
2013-06-15 00:21:37 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bc28a870-c3ec-4b31-93eb-1f6fecf15169}\mpengine.dll
2013-06-15 00:20:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-15 00:20:13 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-06-15 00:11:21 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-15 00:11:18 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-15 00:11:08 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-15 00:11:08 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-15 00:11:04 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-15 00:11:00 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-15 00:10:57 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-15 00:10:47 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-15 00:10:46 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-15 00:10:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-15 00:10:46 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-15 00:10:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-08 18:05:07 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-06-08 15:11:56 -------- d-----w- c:\users\daniel.daniel-pc\appdata\roaming\LavasoftStatistics
2013-06-08 15:09:32 -------- d-----w- c:\programdata\Downloaded Installations
2013-06-08 15:09:31 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\adawarebp
2013-06-08 15:09:29 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-06-08 15:05:09 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-06-08 15:05:09 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-06-08 14:56:00 -------- d-----w- c:\programdata\Licenses
2013-06-08 14:49:31 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\NVIDIA
2013-06-08 14:34:58 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\Secunia PSI
2013-06-08 14:34:37 -------- d-----w- c:\program files\Secunia
2013-06-08 14:24:16 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-08 14:24:16 -------- d-----w- c:\program files\iTunes
2013-06-08 14:24:16 -------- d-----w- c:\program files\iPod
2013-06-07 23:48:36 388096 ----a-r- c:\users\daniel.daniel-pc\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-05-27 19:33:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-27 18:38:40 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\Programs
2013-05-27 18:38:18 -------- d-----w- c:\users\daniel.daniel-pc\appdata\roaming\Malwarebytes
2013-05-23 22:45:52 -------- d-----w- c:\users\daniel.daniel-pc\appdata\roaming\NVIDIA
2013-05-23 17:27:21 -------- d-----w- c:\users\daniel.daniel-pc\appdata\roaming\BSD
2013-05-23 17:27:21 -------- d-----w- c:\programdata\BSD
2013-05-23 17:27:15 2228736 ----a-w- c:\windows\bsdsetup.dll
2013-05-23 17:26:20 34432 ----a-w- c:\windows\system32\drivers\mcvidrv.sys
2013-05-18 19:35:03 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\Facebook
2013-05-18 18:56:07 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\Roblox
2013-05-17 00:30:54 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\Apple Computer
2013-05-17 00:30:21 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-05-17 00:28:15 -------- d-----w- c:\users\daniel.daniel-pc\appdata\local\Apple
2013-05-17 00:27:31 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2013-06-12 10:30:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 10:30:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-17 01:25:57 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-05-07 10:31:05 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 07:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 13:55:52 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-03 18:30:34 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-03 18:30:34 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-03 15:58:51 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-03 15:58:51 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-19 04:53:27 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 03:33:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
.
============= FINISH: 14:51:47.02 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2012 9:59:25 AM
System Uptime: 6/15/2013 2:33:48 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0YP696
Processor: AMD Athlon(tm) Dual Core Processor 5000B | Socket M2 | 2600/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 929 GiB total, 834.364 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP78: 6/7/2013 7:17:10 PM - new
RP79: 6/7/2013 7:19:16 PM - new 2
RP80: 6/8/2013 9:43:38 AM - Windows Update
RP81: 6/8/2013 12:45:36 PM - Windows Update
RP82: 6/8/2013 1:04:29 PM - Windows Update
RP83: 6/8/2013 1:13:14 PM - Windows Update
RP84: 6/8/2013 4:40:21 PM - Installed Wizard101 Test
RP85: 6/14/2013 7:11:26 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.21beta
Adobe AIR
Adobe Flash Player 11 ActiveX
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArtRage Studio
Autodesk SketchBook Express 2011 sp2
Avira Free Antivirus
Bamboo
Bamboo Dock
Bamboo Tablets Tutorial
Bandicam
Bandisoft MPEG-1 Decoder
Bonjour
Borderlands
CCleaner
Counter-Strike: Source
D3DX10
Desura
Disney Toontown Online
Facebook Video Calling 1.2.0.287
FileZilla Client 3.5.3
Free PDF Tablet
Garry's Mod
Google Chrome
Google Update Helper
HiJackThis
iTunes
Java 7 Update 21
Java Auto Updater
Junk Mail filter update
Left 4 Dead 2
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
Notepad++
NVIDIA Control Panel 307.83
NVIDIA Display Control Panel
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA PhysX
Photo Common
Photo Gallery
Portal 2
PVSonyDll
ROBLOX Player for daniel
Secunia PSI (3.0.0.7009)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.3
Spiral Knights
SpywareBlaster 5.0
Steam
TeamSpeak 3 Client
Terraria
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wizard101
Wizard101 Test
.
==== Event Viewer Messages From Past Week ========
.
6/9/2013 5:33:15 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/9/2013 5:33:15 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
6/14/2013 6:02:11 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-15 15:08:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000060 GB1000EA rev.HPG2 931.51GB
Running: ql1yspck.exe; Driver: C:\Users\DANIEL~1.DAN\AppData\Local\Temp\uxlirpod.sys
---- System - GMER 2.1 ----
SSDT 910C8C66 ZwCreateSection
SSDT 910C8C70 ZwRequestWaitReplyPort
SSDT 910C8C6B ZwSetContextThread
SSDT 910C8C75 ZwSetSecurityObject
SSDT 910C8C7A ZwSystemDebugControl
SSDT 910C8C07 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A809F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ABA1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82AC153C 4 Bytes [66, 8C, 0C, 91] {MOV [ECX+EDX*4], CS}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82AC1898 4 Bytes [70, 8C, 0C, 91] {JO 0xffffff8e; OR AL, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82AC18DC 4 Bytes [6B, 8C, 0C, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82AC1958 4 Bytes [75, 8C, 0C, 91] {JNZ 0xffffff8e; OR AL, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82AC19AC 4 Bytes [7A, 8C, 0C, 91] {JP 0xffffff8e; OR AL, 0x91}
.text ...
? C:\Users\DANIEL~1.DAN\AppData\Local\Temp\mbr.sys The system cannot find the path specified. !
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] shell32.DLL!RealDriveType + 173D 761FFE30 4 Bytes [E5, 36, 63, 65]
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] shell32.DLL!RealDriveType + 1745 761FFE38 8 Bytes [1B, 57, 63, 65, 97, 83, 64, ...]
---- EOF - GMER 2.1 ----
Thanks
Update: I did a restore and undo and it worked fine so it seems they are not corrupt.