KarlosSpicyWan
Members-
Posts
2 -
Joined
-
Last visited
Reputation
0 Neutral-
Hey there! I've been having trouble with this virus on my computer. It seems to play advertisements every now and then and I've done all I can to try and remove it. I have even fully formatted my C drive and then re-installed windows. Here is what the DDS found: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Karlos at 21:20:01 on 2012-06-18 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.7159.5519 [GMT 1:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\AUDIODG.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit=userinit.exe, uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) LSP: mswsock.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{0B68263B-094E-4F39-8AF7-7ECFF97320B9} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\hain7se3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Ba1d88c10-99c3-447f-9358-b8a08e88ffc0%7D&mid=08e6117f8f5e47d081f4d14b34ec7e3e-4b5c7e35565c403b226ae1a1b2e4cbc529ccb54d&ds=st011&v=10.0.0.7〈=en&pr=sa&d=2012-05-08%2021%3A14%3A08&sap=ku&q= FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll FF - plugin: C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\hain7se3.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll . ---- FIREFOX POLICIES ---- FF - user.js: extentions.y2layers.installId - c81cb142-e62a-4d9f-9bde-3252477ddf9e . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-18 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-18 1262400] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-18 257224] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-18 113120] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] SUnknown Adobe Licensing Console;Adobe Licensing Console; [x] . =============== Created Last 30 ================ . 2012-06-18 22:59:22 -------- d-----w- C:\Windows\Panther 2012-06-18 22:59:13 -------- d-sh--w- C:\Boot 2012-06-18 18:47:40 -------- d-----w- C:\Users\Karlos\AppData\Roaming\Malwarebytes 2012-06-18 18:47:28 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-18 18:47:27 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-18 18:47:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-18 18:25:48 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-06-18 18:12:12 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-06-18 18:01:36 -------- d-----w- C:\Program Files (x86)\Games 2012-06-18 17:58:34 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-06-18 17:58:34 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll 2012-06-18 17:58:34 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2012-06-18 17:08:59 -------- d-----w- C:\Users\Karlos\AppData\Roaming\NVIDIA 2012-06-18 17:08:37 -------- d-----w- C:\Users\Karlos\AppData\Roaming\.minecraft 2012-06-18 17:06:09 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-06-18 17:06:09 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-06-18 17:05:05 -------- d-----w- C:\Users\Karlos\AppData\Roaming\.techniclauncher 2012-06-18 16:54:59 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-06-18 16:54:38 -------- d-----w- C:\NVIDIA 2012-06-18 16:37:03 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2 2012-06-18 16:36:55 225280 ----a-w- C:\Windows\SysWow64\rewire.dll 2012-06-18 16:36:55 -------- d-----w- C:\Program Files (x86)\VstPlugins 2012-06-18 16:36:50 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm 2012-06-18 16:36:48 -------- d-----w- C:\Program Files (x86)\Outsim 2012-06-18 16:36:01 -------- d-----w- C:\Program Files (x86)\Image-Line 2012-06-18 14:34:16 -------- d-----w- C:\Program Files\Yamicsoft 2012-06-18 14:30:51 -------- d-----w- C:\Users\Karlos\AppData\Local\Macromedia 2012-06-18 14:30:47 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-18 14:30:47 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-18 14:23:24 -------- d-----r- C:\Program Files (x86)\Skype 2012-06-18 14:23:22 -------- d-sh--w- C:\Windows\Installer 2012-06-18 14:19:41 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-06-18 14:18:32 -------- d-----w- C:\Users\Karlos\AppData\Roaming\uTorrent 2012-06-18 14:11:56 -------- d-----w- C:\Users\Karlos\Remix Packs 2012-06-18 14:11:15 -------- d-----w- C:\Users\Karlos\R4 2012-06-18 14:10:27 -------- d-----w- C:\Users\Karlos\PSP 2012-06-18 14:10:27 -------- d-----w- C:\Users\Karlos\Midi 2012-06-18 14:10:25 -------- d-----w- C:\Users\Karlos\Legacy of Lemons 2012-06-18 14:07:23 -------- d-----w- C:\Windows\SysWow64\Wat 2012-06-18 14:07:23 -------- d-----w- C:\Windows\System32\Wat 2012-06-18 14:06:12 -------- d-sh--w- C:\Recovery . ==================== Find3M ==================== . 2012-06-18 14:07:30 419840 ----a-w- C:\Windows\System32\systemcpl.dll 2012-06-18 14:07:30 14848 ----a-w- C:\Windows\System32\slwga.dll 2012-06-18 14:07:30 13824 ----a-w- C:\Windows\SysWow64\slwga.dll 2012-06-18 14:07:29 833024 ----a-w- C:\Windows\SysWow64\user32.dll 2012-06-18 14:07:29 1008640 ----a-w- C:\Windows\System32\user32.dll 2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll 2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll 2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll 2012-05-15 01:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe . ============= FINISH: 21:20:11.44 =============== I have also added the Attach.txt as requested. I look forward to your reply. Many thanks in advance. Karl PS : Sorry for double posting, I forgot to add the attachment and couldn't find a delete button on the other thread. Attach.txt
-
Hey there! I've been having trouble with this virus on my computer. It seems to play advertisements every now and then and I've done all I can to try and remove it. I have even fully formatted my C drive and then re-installed windows. Here is what the DDS found: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Karlos at 21:20:01 on 2012-06-18 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.7159.5519 [GMT 1:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\AUDIODG.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit=userinit.exe, uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) LSP: mswsock.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{0B68263B-094E-4F39-8AF7-7ECFF97320B9} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\hain7se3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Ba1d88c10-99c3-447f-9358-b8a08e88ffc0%7D&mid=08e6117f8f5e47d081f4d14b34ec7e3e-4b5c7e35565c403b226ae1a1b2e4cbc529ccb54d&ds=st011&v=10.0.0.7〈=en&pr=sa&d=2012-05-08%2021%3A14%3A08&sap=ku&q= FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll FF - plugin: C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\hain7se3.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll . ---- FIREFOX POLICIES ---- FF - user.js: extentions.y2layers.installId - c81cb142-e62a-4d9f-9bde-3252477ddf9e . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-18 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-18 1262400] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-18 257224] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-18 113120] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] SUnknown Adobe Licensing Console;Adobe Licensing Console; [x] . =============== Created Last 30 ================ . 2012-06-18 22:59:22 -------- d-----w- C:\Windows\Panther 2012-06-18 22:59:13 -------- d-sh--w- C:\Boot 2012-06-18 18:47:40 -------- d-----w- C:\Users\Karlos\AppData\Roaming\Malwarebytes 2012-06-18 18:47:28 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-18 18:47:27 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-18 18:47:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-18 18:25:48 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-06-18 18:12:12 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-06-18 18:01:36 -------- d-----w- C:\Program Files (x86)\Games 2012-06-18 17:58:34 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-06-18 17:58:34 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll 2012-06-18 17:58:34 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2012-06-18 17:08:59 -------- d-----w- C:\Users\Karlos\AppData\Roaming\NVIDIA 2012-06-18 17:08:37 -------- d-----w- C:\Users\Karlos\AppData\Roaming\.minecraft 2012-06-18 17:06:09 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-06-18 17:06:09 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-06-18 17:05:05 -------- d-----w- C:\Users\Karlos\AppData\Roaming\.techniclauncher 2012-06-18 16:54:59 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-06-18 16:54:38 -------- d-----w- C:\NVIDIA 2012-06-18 16:37:03 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2 2012-06-18 16:36:55 225280 ----a-w- C:\Windows\SysWow64\rewire.dll 2012-06-18 16:36:55 -------- d-----w- C:\Program Files (x86)\VstPlugins 2012-06-18 16:36:50 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm 2012-06-18 16:36:48 -------- d-----w- C:\Program Files (x86)\Outsim 2012-06-18 16:36:01 -------- d-----w- C:\Program Files (x86)\Image-Line 2012-06-18 14:34:16 -------- d-----w- C:\Program Files\Yamicsoft 2012-06-18 14:30:51 -------- d-----w- C:\Users\Karlos\AppData\Local\Macromedia 2012-06-18 14:30:47 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-18 14:30:47 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-18 14:23:24 -------- d-----r- C:\Program Files (x86)\Skype 2012-06-18 14:23:22 -------- d-sh--w- C:\Windows\Installer 2012-06-18 14:19:41 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-06-18 14:18:32 -------- d-----w- C:\Users\Karlos\AppData\Roaming\uTorrent 2012-06-18 14:11:56 -------- d-----w- C:\Users\Karlos\Remix Packs 2012-06-18 14:11:15 -------- d-----w- C:\Users\Karlos\R4 2012-06-18 14:10:27 -------- d-----w- C:\Users\Karlos\PSP 2012-06-18 14:10:27 -------- d-----w- C:\Users\Karlos\Midi 2012-06-18 14:10:25 -------- d-----w- C:\Users\Karlos\Legacy of Lemons 2012-06-18 14:07:23 -------- d-----w- C:\Windows\SysWow64\Wat 2012-06-18 14:07:23 -------- d-----w- C:\Windows\System32\Wat 2012-06-18 14:06:12 -------- d-sh--w- C:\Recovery . ==================== Find3M ==================== . 2012-06-18 14:07:30 419840 ----a-w- C:\Windows\System32\systemcpl.dll 2012-06-18 14:07:30 14848 ----a-w- C:\Windows\System32\slwga.dll 2012-06-18 14:07:30 13824 ----a-w- C:\Windows\SysWow64\slwga.dll 2012-06-18 14:07:29 833024 ----a-w- C:\Windows\SysWow64\user32.dll 2012-06-18 14:07:29 1008640 ----a-w- C:\Windows\System32\user32.dll 2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll 2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll 2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll 2012-05-15 01:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe . ============= FINISH: 21:20:11.44 =============== I have also added the Attach.txt as requested. I look forward to your reply. Many thanks in advance. Karl