Jump to content

soulshine

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by soulshine

  1. It was doing that before I ran ComboFix..It is fix now. It seems Adaware Antivirus was causing the problem, so I uninstalled it, rebooted and right clicking on a file does not freeze up anymore. I scanned my laptop again using AVG, it found the quarantine folder that FRST made, but it is now in the vault... I found out that I can buy a recovery disc from HP store that will recover it to factory settings. Thank you very much for helping me out, MrC!!
  2. Yup, a lot of times. Should I do system restore, but would that bring back those nasty trojans?
  3. My desktop freezes when I right click on a file..this windows installer shows up and nothing happens. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.12.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jowie :: JOWIE-PC [administrator] 7/12/2012 2:13:27 PM mbam-log-2012-07-12 (14-13-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 220072 Time elapsed: 3 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. Detected none...I hope. When I click on a file, this windows installer shows up and just freezes my desktop. My mouse icon is on loading animation. But yea, my desktop is frozen right now. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.12.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jowie :: JOWIE-PC [administrator] 7/12/2012 2:13:27 PM mbam-log-2012-07-12 (14-13-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 220072 Time elapsed: 3 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. ComboFix 12-07-12.02 - Jowie 07/12/2012 11:36:17.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3999.2693 [GMT -4:00] Running from: c:\users\Jowie\Desktop\ComboFix.exe AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\program files (x86)\Extension Changer\extmain.exe c:\users\Jowie\AppData\Roaming\chrtmp c:\users\Public\videos\HP MediaSmart Demo.exe c:\windows\SysWow64\system . . ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 ))))))))))))))))))))))))))))))) . . 2012-07-12 17:03 . 2012-07-12 17:03 -------- d-----w- C:\FRST 2012-07-12 15:48 . 2012-07-12 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-12 00:37 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2012-07-12 00:30 . 2012-07-12 00:30 21520 ----a-w- c:\windows\DCEBoot64.exe 2012-07-12 00:30 . 2012-07-12 00:31 129024 ----a-w- c:\windows\RegBootClean64.exe 2012-07-12 00:13 . 2012-07-12 00:13 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-07-11 14:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 14:00 . 2012-06-02 12:05 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-07-11 11:24 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 11:24 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 11:24 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-11 11:24 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-11 11:24 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-11 11:24 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2012-07-11 01:42 . 2012-07-11 01:42 -------- d-----w- c:\users\Jowie\AppData\Local\adaware 2012-07-11 01:41 . 2012-07-12 00:30 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-07-11 01:41 . 2011-12-19 16:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys 2012-07-11 01:40 . 2011-12-19 16:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys 2012-07-11 01:40 . 2011-09-29 16:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys 2012-07-11 01:40 . 2011-12-19 17:21 45936 ----a-w- c:\windows\system32\sbbd.exe 2012-07-11 01:40 . 2012-07-12 00:32 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2012-07-11 01:38 . 2012-07-11 01:47 -------- d-----w- c:\users\Jowie\AppData\Roaming\Ad-Aware Antivirus 2012-07-10 14:59 . 2012-07-10 15:23 -------- d-----w- c:\users\Jowie\AppData\Local\MagicCamera 2012-07-10 14:59 . 2012-07-10 16:40 -------- d-----w- c:\program files (x86)\Company 2012-07-10 14:59 . 2010-05-22 12:00 15693038 ---ha-w- c:\program files\MagicCam.exe 2012-07-10 14:50 . 2010-11-09 15:21 82432 ----a-w- c:\windows\system32\HPMSWebcam.dll 2012-07-10 13:21 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AB62FD2-1839-467F-AB4E-84351BDB2E11}\mpengine.dll 2012-07-10 02:21 . 2012-07-11 14:13 -------- d-----w- c:\users\Jowie\AppData\Roaming\vlc 2012-07-08 01:33 . 2012-07-08 01:33 -------- d-----w- c:\users\Jowie\AppData\Roaming\Trine2 2012-07-05 15:59 . 2009-12-05 23:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2012-07-05 15:59 . 2012-07-05 15:59 -------- d-----w- c:\program files (x86)\ffdshow 2012-07-05 14:52 . 2012-07-05 14:52 -------- d-----w- c:\users\Jowie\AppData\Roaming\MotioninJoy 2012-07-05 14:52 . 2012-07-05 14:52 -------- d-----w- c:\program files\MotioninJoy 2012-07-05 14:52 . 2012-05-12 16:31 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys 2012-07-05 14:52 . 2011-12-07 23:42 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys 2012-07-05 14:52 . 2011-12-07 23:42 328712 ----a-w- c:\windows\system32\MijFrc.dll 2012-06-21 22:58 . 2012-06-21 22:58 -------- d-----w- c:\programdata\RELOADED 2012-06-21 22:56 . 2012-06-21 22:58 -------- d-----w- c:\program files (x86)\The Walking Dead 2012-06-21 20:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 20:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 20:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 20:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 20:09 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 20:09 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 20:09 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 20:08 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 20:08 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-18 15:58 . 2012-06-18 15:57 839096 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-18 15:58 . 2012-06-18 15:57 955840 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-18 15:55 . 2012-06-18 15:55 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-14 19:34 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 19:34 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 19:34 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 19:34 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-14 19:34 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-14 19:34 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-14 19:34 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2012-06-14 19:34 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 19:29 . 2012-06-14 19:29 -------- d-----w- c:\users\Jowie\AppData\Local\Macromedia . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 22:31 . 2012-04-01 22:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 22:31 . 2011-08-28 04:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-18 15:55 . 2012-05-20 05:05 772592 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-06-18 15:55 . 2010-04-19 23:08 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-25 01:50 . 2012-05-25 01:50 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys 2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480] "Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Jowie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jowie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "WallpaperStyle"= 2 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-07-20 921952] R2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-02 308136] R2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 136176] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144] R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Legend of Edda\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 136176] R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2010-10-02 43456] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 40464] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 pspdisp;pspdisp;c:\windows\system32\DRIVERS\pspdisp_x64.sys [2011-01-18 4608] R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2011-03-19 51776] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416] R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536] R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x] R3 X6va001;X6va001;c:\users\Jowie\AppData\Local\Temp\001C64C.tmp [x] R3 X6va003;X6va003;c:\users\Jowie\AppData\Local\Temp\0039201.tmp [x] R3 X6va005;X6va005;c:\users\Jowie\AppData\Local\Temp\0059148.tmp [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] R4 Ad-Aware Service;Ad-Aware Service; [x] R4 avgfws9;AVG Firewall; [x] R4 MBAMService;MBAMService; [x] R4 MotoHelper;MotoHelper Service; [x] R4 SBAMSvc;Ad-Aware; [x] S0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwa.sys [2010-07-12 27216] S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-07-12 56008] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2010-07-12 29976] S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-07-12 269904] S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2010-07-12 35536] S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2010-07-12 317520] S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-07-12 132688] S3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-07-12 35920] S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-03 31088] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-20 139264] S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-07-11 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 22:37] . 2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:31] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 05:55] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 05:55] . 2012-07-04 c:\windows\Tasks\HPCeeScheduleForJowie.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-09 171520] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-20 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-20 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-20 365592] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872] "SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2011-12-19 200560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 66.79.51.85 66.79.78.47 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file) Toolbar-10 - (no file) Notify-igfxcui - (no file) Notify-WB - (no file) Toolbar-10 - (no file) WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ad-Aware Service] "ImagePath"="" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgfws9] "ImagePath"="" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMService] "ImagePath"="" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MotoHelper] "ImagePath"="" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SBAMSvc] "ImagePath"="" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001] "ImagePath"="\??\c:\users\Jowie\AppData\Local\Temp\001C64C.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003] "ImagePath"="\??\c:\users\Jowie\AppData\Local\Temp\0039201.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Jowie\AppData\Local\Temp\0059148.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2796638464-2314196172-2606727940-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):0a,b5,d9,b2,88,68,e2,0a,3f,61,d4,77,11,8c,ad,b5,2f,11,d3,e6,d1, 09,d9,ee,a0,72,f1,ef,e5,08,1c,4a,29,9e,fa,d7,95,2b,af,42,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2796638464-2314196172-2606727940-1001_Classes\Wow6432Node\CLSID\{6cf5d877-0e07-476d-a14e-db46c1839e67}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000118 "Therad"=dword:0000001b "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_USERS\S-1-5-21-2796638464-2314196172-2606727940-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):04,01,b1,2b,4a,ec,ae,84,ed,de,5a,6f,20,7f,47,04,1f,0d,65,f0,34, 50,b9,4e,a6,8f,53,a5,82,93,48,21,64,f9,d8,4a,ea,eb,5d,c1,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2796638464-2314196172-2606727940-1001_Classes\Wow6432Node\CLSID\{fc7f584d-8f57-4c7b-ae82-9d4c047a2b38}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000a3 "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,00,5c,10,84,61,1a,f8,46,26,30,79,b8,99,75,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe . ************************************************************************** . Completion time: 2012-07-12 12:12:05 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-12 16:11 . Pre-Run: 30,552,686,592 bytes free Post-Run: 30,371,545,088 bytes free . - - End Of File - - 1A04C335A68A49658396FEAAFF2C2DD7
  6. I haven't tried that..I was just making sure that I'm following the instructions. I know it said *may interfere...Let me run ComboFix now..
  7. I'm trying to disable Tea Timer from Spybot&Search, but this program wants me to run it on admin; however, when I click on right click I get this pop up Windows Installer installing and then my bottom tab..the start up menu freezes.
  8. I got these: Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012 Ran by SYSTEM at 2012-07-12 10:46:58 Run:1 Running from G:\ ============================================== C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0} moved successfully. C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@ not found. C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L not found. C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U not found. C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\00000004.@ not found. C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\201d3dde not found. C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\00000004.@ not found. C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\00000008.@ not found. C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\000000cb.@ not found. C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000000.@ not found. C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000032.@ not found. C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000064.@ not found. C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0} moved successfully. C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@ not found. C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L not found. C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U not found. C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\00000004.@ not found. C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\1afb2d56 not found. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====
  9. Farbar Recovery Scan Tool Version: 11-07-2012 Ran by SYSTEM at 2012-07-12 10:22:25 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
  10. That does not sound good... Scan result of Farbar Recovery Scan Tool Version: 11-07-2012 Ran by SYSTEM at 12-07-2012 09:26:48 Running from G:\ Windows 7 Ultimate (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-09] (Sun Microsystems, Inc.) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-12-20] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2009-12-20] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2009-12-20] (Intel Corporation) HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.) HKLM\...\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-07-21] () HKLM\...\Run: [sBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" [200560 2011-12-19] (GFI Software) HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x] HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-30] (Hewlett-Packard) HKU\Default\...\Policies\system: [WallpaperStyle] 2 HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-30] (Hewlett-Packard) HKU\Default User\...\Policies\system: [WallpaperStyle] 2 HKU\Jowie\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] () HKU\Jowie\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Jowie\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1025320 2009-04-24] (SupportSoft, Inc.) HKU\Jowie\...\Policies\system: [WallpaperStyle] 2 HKU\Jowie\...\Winlogon: [shell] explorer.exe Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X] Tcpip\Parameters: [DhcpNameServer] 66.79.51.85 66.79.78.47 AppInit_DLLs: Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () Startup: C:\Users\Jowie\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ====== 2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) 2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-10] (Akamai Technologies, Inc) 2 avg9emc; "C:\Program Files (x86)\AVG\AVG9\avgemc.exe" [921952 2010-07-20] (AVG Technologies CZ, s.r.o.) 2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2010-12-02] (AVG Technologies CZ, s.r.o.) 2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent [5897808 2010-07-12] (AVG Technologies CZ, s.r.o.) 2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) ========================== Drivers (Whitelisted) ============= 1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [29976 2010-07-12] (AVG Technologies CZ, s.r.o.) 3 AVGIDSDriverw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [132688 2010-07-12] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSErHrw7a; C:\Windows\System32\Drivers\AVGIDSwa.sys [27216 2010-07-12] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSFilterw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [35920 2010-07-12] (AVG Technologies CZ, s.r.o. ) 1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [269904 2010-07-12] (AVG Technologies CZ, s.r.o.) 1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [35536 2010-07-12] (AVG Technologies CZ, s.r.o.) 0 AvgRkx64; C:\Windows\System32\Drivers\AvgRkx64.sys [56008 2010-07-12] (AVG Technologies CZ, s.r.o.) 1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [317520 2010-07-12] (AVG Technologies CZ, s.r.o.) 3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [43456 2010-10-02] (http://libusb-win32.sourceforge.net) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation) 3 msloop; C:\Windows\System32\DRIVERS\loop.sys [7680 2009-07-13] (Microsoft Corporation) 3 NPF; C:\Windows\System32\Drivers\NPF.sys [40464 2007-11-06] (CACE Technologies) 3 pspdisp; C:\Windows\System32\DRIVERS\pspdisp_x64.sys [4608 2011-01-18] (JJS) 3 PsSdk41; C:\Windows\System32\Drivers\PsSdk41.sys [51776 2011-03-19] (microOLAP Technologies LTD) 1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [57976 2011-10-26] (GFI Software) 0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-11-25] (Duplex Secure Ltd.) 4 Ad-Aware Service; [x] 4 avgfws9; [x] 3 dump_wmimmc; \??\C:\GamesCampus\Legend of Edda\GameGuard\dump_wmimmc.sys [x] 4 eabfiltr; [x] 3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] 4 MBAMService; [x] 4 MotoHelper; [x] 3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] 3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x] 4 SBAMSvc; [x] 3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x] 3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x] 3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x] 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] 3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x] 3 X6va001; \??\C:\Users\Jowie\AppData\Local\Temp\001C64C.tmp [x] 3 X6va003; \??\C:\Users\Jowie\AppData\Local\Temp\0039201.tmp [x] 3 X6va005; \??\C:\Users\Jowie\AppData\Local\Temp\0059148.tmp [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-11 18:21 - 2012-07-11 18:21 - 00003074 ____A C:\Users\Jowie\Desktop\RKreport[1].txt 2012-07-11 18:20 - 2012-07-11 18:20 - 01558016 ____A C:\Users\Jowie\Downloads\RogueKiller.exe 2012-07-11 18:19 - 2012-07-11 18:21 - 00000000 ____D C:\Users\Jowie\Desktop\RK_Quarantine 2012-07-11 17:56 - 2012-07-11 17:56 - 00025157 ____A C:\Users\Jowie\Desktop\DDS.txt 2012-07-11 17:56 - 2012-07-11 17:56 - 00016325 ____A C:\Users\Jowie\Desktop\Attach.txt 2012-07-11 17:53 - 2012-07-11 17:53 - 00002288 ____A C:\Users\Jowie\Documents\aswMBR.txt 2012-07-11 17:53 - 2012-07-11 17:53 - 00000512 ____A C:\Users\Jowie\Documents\MBR.dat 2012-07-11 17:33 - 2012-07-11 17:33 - 00607260 ____R (Swearware) C:\Users\Jowie\Downloads\dds.com 2012-07-11 16:45 - 2012-07-11 16:45 - 00189057 ____A C:\Users\Jowie\AppData\Local\census.cache 2012-07-11 16:44 - 2012-07-11 16:44 - 00131018 ____A C:\Users\Jowie\AppData\Local\ars.cache 2012-07-11 16:37 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys 2012-07-11 16:32 - 2012-07-11 16:32 - 00104544 ____A C:\Users\Jowie\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-11 16:32 - 2012-07-11 16:32 - 00000412 ____A C:\Windows\DCEBOOT.RST 2012-07-11 16:30 - 2012-07-11 16:31 - 00129024 ____A C:\Windows\RegBootClean64.exe 2012-07-11 16:30 - 2012-07-11 16:30 - 00021520 ____A C:\Windows\DCEBoot64.exe 2012-07-11 16:13 - 2012-07-11 16:13 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys 2012-07-11 16:10 - 2012-07-11 16:10 - 00001193 ____A C:\Users\Jowie\Documents\found vi.txt 2012-07-11 11:51 - 2012-07-12 05:25 - 00057229 ____A C:\Windows\WindowsUpdate.log 2012-07-11 06:26 - 2012-07-11 06:26 - 00000944 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job 2012-07-11 06:13 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 06:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-11 06:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-11 06:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-11 06:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-11 06:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-11 06:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-11 06:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-11 06:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-11 06:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-11 06:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-11 06:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-11 06:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-11 06:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-11 06:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-11 06:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-11 06:00 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-11 06:00 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-11 06:00 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-11 06:00 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-11 06:00 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-11 06:00 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-11 06:00 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-11 06:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-11 06:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-11 06:00 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-11 06:00 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-11 06:00 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-11 06:00 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-11 03:24 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 03:24 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-11 03:24 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 03:24 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 03:24 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-11 03:24 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-11 03:24 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 03:24 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-11 03:23 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 03:23 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-11 03:23 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 03:23 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 03:23 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 03:23 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 03:23 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 03:23 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-11 03:23 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-11 03:23 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-11 03:23 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-11 03:23 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-07-11 03:23 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-07-11 03:23 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-07-11 03:23 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-07-11 03:23 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-07-11 03:23 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-07-10 21:00 - 2012-07-10 21:00 - 00001188 ____A C:\Windows\SysWOW64\ServiceConfig.xml 2012-07-10 18:32 - 2012-07-10 18:32 - 00219476 ____A C:\Users\Jowie\Downloads\bookmarks-2012-07-10.json 2012-07-10 17:42 - 2012-07-10 17:42 - 00000000 ____D C:\Users\Jowie\AppData\Local\adaware 2012-07-10 17:41 - 2012-07-11 16:30 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection 2012-07-10 17:41 - 2011-12-19 08:44 - 00060536 ____A (GFI Software) C:\Windows\System32\Drivers\sbhips.sys 2012-07-10 17:40 - 2012-07-11 16:32 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus 2012-07-10 17:40 - 2011-12-19 09:21 - 00045936 ____A (GFI Software) C:\Windows\System32\sbbd.exe 2012-07-10 17:40 - 2011-12-19 08:44 - 00256632 ____A (GFI Software) C:\Windows\System32\Drivers\SbFw.sys 2012-07-10 17:40 - 2011-09-29 08:16 - 00119416 ____A (GFI Software) C:\Windows\System32\Drivers\SbFwIm.sys 2012-07-10 17:38 - 2012-07-10 17:47 - 00000000 ____D C:\Users\Jowie\AppData\Roaming\Ad-Aware Antivirus 2012-07-10 06:59 - 2012-07-10 08:40 - 00000000 ____D C:\Program Files (x86)\Company 2012-07-10 06:59 - 2012-07-10 07:23 - 00000000 ____D C:\Users\Jowie\AppData\Local\MagicCamera 2012-07-10 06:59 - 2010-05-22 04:00 - 15693038 ___AH (ShiningMorning Inc. ) C:\Program Files\MagicCam.exe 2012-07-10 06:54 - 2012-07-10 06:54 - 00000000 ____D C:\Users\Jowie\Documents\Avatar 2012-07-10 06:50 - 2010-11-09 07:21 - 00082432 ____A (TODO: <Company name>) C:\Windows\System32\HPMSWebcam.dll 2012-07-09 18:21 - 2012-07-11 06:13 - 00000000 ____D C:\Users\Jowie\AppData\Roaming\vlc 2012-07-08 16:43 - 2012-07-08 16:44 - 00000000 ____D C:\Users\Jowie\Downloads\Healing Meditation Accelerate Healing and Recovery (Brain Wave Therapy)-Mantesh 2012-07-07 17:33 - 2012-07-07 17:33 - 00000000 ____D C:\Users\Jowie\AppData\Roaming\Trine2 2012-07-05 07:59 - 2012-07-05 07:59 - 00000000 ____D C:\Program Files (x86)\ffdshow 2012-07-05 07:59 - 2009-12-05 15:42 - 00085504 ____A C:\Windows\SysWOW64\ff_vfw.dll 2012-07-05 07:19 - 2012-07-05 07:20 - 00000000 ____D C:\Users\Jowie\Documents\N64 2012-07-05 06:57 - 2012-07-05 06:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2012-07-05 06:57 - 2012-07-05 06:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf 2012-07-05 06:52 - 2012-07-05 06:52 - 00000000 ____D C:\Users\Jowie\AppData\Roaming\MotioninJoy 2012-07-05 06:52 - 2012-07-05 06:52 - 00000000 ____D C:\Program Files\MotioninJoy 2012-07-05 06:52 - 2012-05-12 08:31 - 00121416 ____A (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys 2012-07-05 06:52 - 2011-12-07 15:42 - 00328712 ____A (Logitech Inc.) C:\Windows\System32\MijFrc.dll 2012-07-05 06:52 - 2011-12-07 15:42 - 00074960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xusb21.sys 2012-07-03 14:02 - 2012-07-03 14:20 - 00000000 ____D C:\Users\Jowie\Downloads\Support 2012-07-03 14:02 - 2012-03-02 19:09 - 00417377 ____A C:\Users\Jowie\Downloads\ModMiiSkin.exe 2012-07-03 14:02 - 2012-02-25 13:59 - 00144384 ____A C:\Users\Jowie\Downloads\ModMii.exe 2012-06-21 14:58 - 2012-06-21 14:58 - 00000000 ____D C:\Users\Jowie\Documents\Telltale Games 2012-06-21 14:58 - 2012-06-21 14:58 - 00000000 ____D C:\Users\All Users\RELOADED 2012-06-21 14:56 - 2012-06-21 14:58 - 00000000 ____D C:\Program Files (x86)\The Walking Dead 2012-06-21 12:09 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-21 12:09 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-21 12:09 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-21 12:09 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-21 12:09 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-21 12:09 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-21 12:09 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-21 12:08 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-21 12:08 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-18 13:00 - 2012-06-18 13:04 - 00000000 ____D C:\Users\Jowie\Downloads\Boktai Emulator Collection 2012-06-18 07:58 - 2012-06-18 07:57 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-06-18 07:58 - 2012-06-18 07:57 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-06-18 07:58 - 2012-06-18 07:57 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-06-18 07:57 - 2012-06-18 07:57 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-06-18 07:57 - 2012-06-18 07:57 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-06-18 07:55 - 2012-06-18 07:55 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-06-18 07:53 - 2012-06-18 07:53 - 00000000 ____D C:\Users\All Users\Apple Computer 2012-06-18 07:53 - 2012-06-18 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime 2012-06-14 11:34 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-06-14 11:34 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-06-14 11:34 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-06-14 11:34 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll 2012-06-14 11:34 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-06-14 11:34 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-06-14 11:34 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-06-14 11:34 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-06-14 11:29 - 2012-06-14 11:29 - 00000000 ____D C:\Users\Jowie\AppData\Local\Macromedia ============ 3 Months Modified Files ======================== 2012-07-12 05:25 - 2012-07-11 11:51 - 00057229 ____A C:\Windows\WindowsUpdate.log 2012-07-12 05:19 - 2009-07-13 20:45 - 00029840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-12 05:19 - 2009-07-13 20:45 - 00029840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-12 05:17 - 2009-07-13 21:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-12 05:16 - 2010-05-11 21:55 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-12 05:16 - 2010-05-11 21:55 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-12 05:12 - 2010-09-18 19:07 - 00000400 ____A C:\Windows\Tasks\AWC AutoSweep.job 2012-07-12 05:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-11 18:21 - 2012-07-11 18:21 - 00003074 ____A C:\Users\Jowie\Desktop\RKreport[1].txt 2012-07-11 18:20 - 2012-07-11 18:20 - 01558016 ____A C:\Users\Jowie\Downloads\RogueKiller.exe 2012-07-11 17:56 - 2012-07-11 17:56 - 00025157 ____A C:\Users\Jowie\Desktop\DDS.txt 2012-07-11 17:56 - 2012-07-11 17:56 - 00016325 ____A C:\Users\Jowie\Desktop\Attach.txt 2012-07-11 17:53 - 2012-07-11 17:53 - 00002288 ____A C:\Users\Jowie\Documents\aswMBR.txt 2012-07-11 17:53 - 2012-07-11 17:53 - 00000512 ____A C:\Users\Jowie\Documents\MBR.dat 2012-07-11 17:33 - 2012-07-11 17:33 - 00607260 ____R (Swearware) C:\Users\Jowie\Downloads\dds.com 2012-07-11 16:45 - 2012-07-11 16:45 - 00189057 ____A C:\Users\Jowie\AppData\Local\census.cache 2012-07-11 16:44 - 2012-07-11 16:44 - 00131018 ____A C:\Users\Jowie\AppData\Local\ars.cache 2012-07-11 16:32 - 2012-07-11 16:32 - 00104544 ____A C:\Users\Jowie\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-11 16:32 - 2012-07-11 16:32 - 00000412 ____A C:\Windows\DCEBOOT.RST 2012-07-11 16:31 - 2012-07-11 16:30 - 00129024 ____A C:\Windows\RegBootClean64.exe 2012-07-11 16:31 - 2012-04-01 14:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-11 16:30 - 2012-07-11 16:30 - 00021520 ____A C:\Windows\DCEBoot64.exe 2012-07-11 16:13 - 2012-07-11 16:13 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys 2012-07-11 16:10 - 2012-07-11 16:10 - 00001193 ____A C:\Users\Jowie\Documents\found vi.txt 2012-07-11 14:31 - 2012-04-01 14:56 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-11 14:31 - 2011-08-27 20:03 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-11 13:51 - 2010-09-18 19:07 - 00000412 ____A C:\Windows\Tasks\AWC Update.job 2012-07-11 06:26 - 2012-07-11 06:26 - 00000944 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job 2012-07-11 06:18 - 2009-07-13 20:45 - 00394016 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 06:05 - 2009-12-08 01:29 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-10 21:00 - 2012-07-10 21:00 - 00001188 ____A C:\Windows\SysWOW64\ServiceConfig.xml 2012-07-10 18:32 - 2012-07-10 18:32 - 00219476 ____A C:\Users\Jowie\Downloads\bookmarks-2012-07-10.json 2012-07-10 07:06 - 2012-02-14 16:53 - 00006144 ____A C:\Users\Jowie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-07-05 06:57 - 2012-07-05 06:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2012-07-05 06:57 - 2012-07-05 06:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf 2012-07-04 14:28 - 2012-01-10 09:32 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForJowie.job 2012-06-18 07:57 - 2012-06-18 07:58 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-06-18 07:57 - 2012-06-18 07:58 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-06-18 07:57 - 2012-06-18 07:58 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-06-18 07:57 - 2012-06-18 07:57 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-06-18 07:57 - 2012-06-18 07:57 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-06-18 07:55 - 2012-06-18 07:55 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-06-18 07:55 - 2012-05-19 21:05 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2012-06-18 07:55 - 2012-05-19 21:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-06-18 07:55 - 2012-05-19 21:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-06-18 07:55 - 2010-04-19 15:08 - 00687600 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2012-06-11 19:08 - 2012-07-11 06:13 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:43 - 2012-07-11 03:24 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-11 03:24 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-07-11 03:24 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-11 03:24 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-11 03:23 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-11 03:24 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-11 03:24 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-11 03:23 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-04 23:37 - 2012-07-11 16:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys 2012-06-02 14:19 - 2012-06-21 12:09 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 12:09 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 12:09 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 12:09 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 12:09 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-21 12:09 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-21 12:09 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-21 12:08 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-21 12:08 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 04:49 - 2012-07-11 06:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 04:17 - 2012-07-11 06:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 04:12 - 2012-07-11 06:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 04:05 - 2012-07-11 06:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 04:05 - 2012-07-11 06:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 04:04 - 2012-07-11 06:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 04:04 - 2012-07-11 06:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 04:03 - 2012-07-11 06:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 04:01 - 2012-07-11 06:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 04:00 - 2012-07-11 06:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 03:59 - 2012-07-11 06:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 03:57 - 2012-07-11 06:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 03:57 - 2012-07-11 06:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 03:54 - 2012-07-11 06:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:07 - 2012-07-11 06:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 00:43 - 2012-07-11 06:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 00:33 - 2012-07-11 06:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 00:26 - 2012-07-11 06:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 00:25 - 2012-07-11 06:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 00:25 - 2012-07-11 06:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 00:23 - 2012-07-11 06:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 00:21 - 2012-07-11 06:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 00:20 - 2012-07-11 06:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 00:19 - 2012-07-11 06:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 00:19 - 2012-07-11 06:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 00:17 - 2012-07-11 06:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 00:16 - 2012-07-11 06:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 00:14 - 2012-07-11 06:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-01 21:50 - 2012-07-11 03:23 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-11 03:23 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-11 03:23 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-11 03:23 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-11 03:23 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-11 03:23 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-11 03:23 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-11 03:23 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-11 03:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-28 07:00 - 2012-05-28 07:00 - 00104860 ____A C:\Users\Jowie\Downloads\MotoContacts.vcf 2012-05-28 06:58 - 2012-05-28 06:58 - 00105381 ____A C:\Users\Jowie\Downloads\MotoContacts.bak 2012-05-24 17:50 - 2012-05-24 17:50 - 00031344 ____A (Connectify) C:\Windows\System32\Drivers\cnnctfy2.sys 2012-05-14 07:12 - 2012-05-14 07:12 - 00000274 ____A C:\Users\Public\Documents\neople_uninstaller0.bat 2012-05-12 08:31 - 2012-07-05 06:52 - 00121416 ____A (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys 2012-05-04 03:06 - 2012-06-14 11:34 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 02:03 - 2012-06-14 11:34 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 02:03 - 2012-06-14 11:34 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-04-27 21:32 - 2012-06-14 11:34 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll 2012-04-27 19:55 - 2012-06-14 11:34 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-25 21:41 - 2012-06-14 11:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-25 21:41 - 2012-06-14 11:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-25 21:34 - 2012-06-14 11:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-23 21:37 - 2012-07-11 03:23 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 21:37 - 2012-07-11 03:23 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 21:37 - 2012-07-11 03:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-23 20:36 - 2012-07-11 03:23 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-04-23 20:36 - 2012-07-11 03:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-04-23 20:36 - 2012-07-11 03:23 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-04-21 08:27 - 2010-07-25 22:10 - 00773482 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-04-18 17:04 - 2009-07-13 21:08 - 00032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx 2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts ZeroAccess: C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0} C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@ C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\00000004.@ C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\201d3dde C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\00000004.@ C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\00000008.@ C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\000000cb.@ C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000000.@ C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000032.@ C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000064.@ ZeroAccess: C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0} C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@ C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\00000004.@ C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\1afb2d56 ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 18% Total physical RAM: 3999.19 MB Available physical RAM: 3273.87 MB Total Pagefile: 3997.34 MB Available Pagefile: 3272.19 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:219.97 GB) (Free:28.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.17 GB) NTFS 3 Drive e: (RECOVERY) (Fixed) (Total:12.72 GB) (Free:2.13 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive g: (JOWIE) (Removable) (Total:3.72 GB) (Free:1.64 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 232 GB 0 B Disk 1 Online 3821 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 219 GB 200 MB Partition 3 Primary 12 GB 220 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D SYSTEM NTFS Partition 199 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 219 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E RECOVERY NTFS Partition 12 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3821 MB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G JOWIE FAT32 Removable 3821 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-06-17 18:35 ======================= End Of Log ==========================
  11. RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User: Jowie [Admin rights] Mode: Scan -- Date: 07/11/2012 22:21:00 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 7 ¤¤¤ [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\jowie\appdata\local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\jowie\appdata\local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\jowie\appdata\local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++ --- User --- [MBR] be19120960c790a0159d1587d2419653 [bSP] aa740c297d1409422a4ba86725722b84 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 225247 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461715456 | Size: 13027 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  12. DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0 Run by Jowie at 21:54:40 on 2012-07-11 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3999.2388 [GMT -4:00] . AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Opera\opera.exe C:\Windows\explorer.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb uSearch Bar = mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = <local> uURLSearchHooks: H - No File uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP \Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG \AVG9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C: \PROGRA~2\SPYBOT~1\SDHelper.dll BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP \Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP \Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant \HPWAMain.exe mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer \MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamgui.exe" /starttray mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support \APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" -- windows-run StartupFolder: C:\Users\Jowie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \Dropbox.lnk - C:\Users\Jowie\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe uPolicies-system: WallpaperStyle = 2 mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) dPolicies-system: WallpaperStyle = 2 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C: \PROGRA~2\MICROS~4\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C: \PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C: \PROGRA~2\SPYBOT~1\SDHelper.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32 -windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32 -windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32 -windows-i586.cab TCP: DhcpNameServer = 66.79.51.85 66.79.78.47 TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3} : DhcpNameServer = 66.79.51.85 66.79.78.47 TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3}\35F657C6378696E656 : DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3}\74F6F646D616E6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3}\D697177756374703331353 : DhcpNameServer = 192.168.0.1 205.171.3.25 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG \AVG9\avgpp.dll SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files \LightScribe\LSRunOnce.exe" BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP \Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG \AVG9\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C: \PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO-X64: uTorrentControl2 - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP \Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant \HPWAMain.exe mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer \MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamgui.exe" /starttray mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support \APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" -- windows-run SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\system32\Drivers\AVGIDSwa.sys --> C:\Windows \system32\Drivers\AVGIDSwa.sys [?] R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows \system32\Drivers\avgrkx64.sys [?] R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows \system32\DRIVERS\avgfwd6a.sys [?] R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows \system32\Drivers\avgtdia.sys [?] R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?] R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows \system32\DRIVERS\vwififlt.sys [?] R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows \system32\DRIVERS\enecir.sys [?] R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS \SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?] S1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows \system32\Drivers\avgldx64.sys [?] S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM \1.0\armsvc.exe [2012-1-3 63928] S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository \stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600] S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] S2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-7-20 921952] S2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-2 308136] S2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin \AVGIDSAgent.exe [2010-7-12 5897808] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows \Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows \Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-12 136176] S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett- Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard \Shared\HPDrvMntSvc.exe [2011-3-28 94264] S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] S2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS \sbapifs.sys [?] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy \SDWinSec.exe [2011-1-25 1153368] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed \Flash\FlashPlayerUpdateService.exe [2012-4-1 250056] S3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent \Driver\Platform_WIN764\AVGIDSDriver.sys [2010-7-12 132688] S3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent \Driver\Platform_WIN764\AVGIDSFilter.sys [2010-7-12 35920] S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?] S3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows \system32\DRIVERS\clwvd.sys [?] S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons \Com4QLBEx.exe [2009-8-9 228408] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update \GoogleUpdate.exe [2010-5-12 136176] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers \IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS \libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?] S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows \system32\drivers\mbam.sys [?] S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C: \Windows\system32\Drivers\motoandroid.sys [?] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C: \Windows\system32\DRIVERS\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows \system32\DRIVERS\motccgpfl.sys [?] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows \system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?] S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C: \Windows\system32\DRIVERS\motusbdevice.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C: \Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows \system32\GameMon.des -service [?] S3 pspdisp;pspdisp;C:\Windows\system32\DRIVERS\pspdisp_x64.sys --> C:\Windows\system32\DRIVERS \pspdisp_x64.sys [?] S3 PsSdk41;PsSdk41;\??\C:\Windows\system32\Drivers\pssdk41.sys --> C:\Windows\system32\Drivers \pssdk41.sys [?] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers \rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows \system32\DRIVERS\Rt64win7.sys [?] S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?] S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers \sbhips.sys [?] S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS \sbwtis.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS \VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS \VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows \system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers \tsusbflt.sys [?] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows \system32\DRIVERS\wdcsam64.sys [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows \system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S4 Ad-Aware Service;Ad-Aware Service; [x] S4 avgfws9;AVG Firewall; [x] S4 MBAMService;MBAMService; [x] S4 MotoHelper;MotoHelper Service; [x] S4 SBAMSvc;Ad-Aware; [x] . =============== Created Last 30 ================ . 2012-07-12 00:37:51 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys 2012-07-12 00:30:57 21520 ----a-w- C:\Windows\DCEBoot64.exe 2012-07-12 00:30:34 129024 ----a-w- C:\Windows\RegBootClean64.exe 2012-07-12 00:13:57 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys 2012-07-11 14:13:03 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 11:24:35 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 11:24:33 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-11 11:24:33 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-11 11:24:31 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-11 11:24:31 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2012-07-11 11:24:31 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-07-11 01:42:31 -------- d-----w- C:\Users\Jowie\AppData\Local\adaware 2012-07-11 01:41:45 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2012-07-11 01:41:24 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys 2012-07-11 01:40:55 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys 2012-07-11 01:40:55 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys 2012-07-11 01:40:54 45936 ----a-w- C:\Windows\System32\sbbd.exe 2012-07-11 01:40:51 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus 2012-07-11 01:38:19 -------- d-----w- C:\Users\Jowie\AppData\Roaming\Ad-Aware Antivirus 2012-07-10 14:59:21 -------- d-----w- C:\Users\Jowie\AppData\Local\MagicCamera 2012-07-10 14:59:06 -------- d-----w- C:\Program Files (x86)\Company 2012-07-10 14:59:03 15693038 ---ha-w- C:\Program Files\MagicCam.exe 2012-07-10 14:50:27 82432 ----a-w- C:\Windows\System32\HPMSWebcam.dll 2012-07-10 13:21:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender \Definition Updates\{8AB62FD2-1839-467F-AB4E-84351BDB2E11}\mpengine.dll 2012-07-08 01:33:51 -------- d-----w- C:\Users\Jowie\AppData\Roaming\Trine2 2012-07-05 15:59:51 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll 2012-07-05 15:59:50 -------- d-----w- C:\Program Files (x86)\ffdshow 2012-07-05 14:52:27 -------- d-----w- C:\Users\Jowie\AppData\Roaming \MotioninJoy 2012-07-05 14:52:25 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys 2012-07-05 14:52:25 328712 ----a-w- C:\Windows\System32\MijFrc.dll 2012-07-05 14:52:25 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys 2012-07-05 14:52:25 -------- d-----w- C:\Program Files\MotioninJoy 2012-06-21 22:58:43 -------- d-----w- C:\ProgramData\RELOADED 2012-06-21 22:56:59 -------- d-----w- C:\Program Files (x86)\The Walking Dead 2012-06-21 20:09:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 20:09:15 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 20:08:59 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 20:08:59 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-18 15:58:11 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-06-18 15:58:10 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-06-14 19:34:54 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-14 19:34:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-14 19:34:54 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-14 19:34:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-14 19:34:43 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-14 19:34:42 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-14 19:34:40 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-14 19:34:40 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-06-14 19:29:16 -------- d-----w- C:\Users\Jowie\AppData\Local\Macromedia . ==================== Find3M ==================== . 2012-07-11 22:31:47 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 22:31:47 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-18 15:55:14 772592 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-06-18 15:55:14 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-25 01:50:38 31344 ----a-w- C:\Windows\System32\drivers\cnnctfy2.sys 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 21:55:57.87 =============== . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0 Run by Jowie at 21:54:40 on 2012-07-11 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3999.2388 [GMT -4:00] . AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Opera\opera.exe C:\Windows\explorer.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb uSearch Bar = mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = <local> uURLSearchHooks: H - No File uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP \Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG \AVG9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C: \PROGRA~2\SPYBOT~1\SDHelper.dll BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP \Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP \Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant \HPWAMain.exe mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer \MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamgui.exe" /starttray mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support \APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" -- windows-run StartupFolder: C:\Users\Jowie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \Dropbox.lnk - C:\Users\Jowie\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe uPolicies-system: WallpaperStyle = 2 mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) dPolicies-system: WallpaperStyle = 2 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C: \PROGRA~2\MICROS~4\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C: \PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C: \PROGRA~2\SPYBOT~1\SDHelper.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32 -windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32 -windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32 -windows-i586.cab TCP: DhcpNameServer = 66.79.51.85 66.79.78.47 TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3} : DhcpNameServer = 66.79.51.85 66.79.78.47 TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3}\35F657C6378696E656 : DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3}\74F6F646D616E6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3}\D697177756374703331353 : DhcpNameServer = 192.168.0.1 205.171.3.25 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG \AVG9\avgpp.dll SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files \LightScribe\LSRunOnce.exe" BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP \Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG \AVG9\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C: \PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO-X64: uTorrentControl2 - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP \Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant \HPWAMain.exe mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer \MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamgui.exe" /starttray mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support \APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" -- windows-run SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\system32\Drivers\AVGIDSwa.sys --> C:\Windows \system32\Drivers\AVGIDSwa.sys [?] R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows \system32\Drivers\avgrkx64.sys [?] R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows \system32\DRIVERS\avgfwd6a.sys [?] R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows \system32\Drivers\avgtdia.sys [?] R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?] R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows \system32\DRIVERS\vwififlt.sys [?] R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows \system32\DRIVERS\enecir.sys [?] R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS \SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?] S1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows \system32\Drivers\avgldx64.sys [?] S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM \1.0\armsvc.exe [2012-1-3 63928] S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository \stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600] S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] S2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-7-20 921952] S2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-2 308136] S2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin \AVGIDSAgent.exe [2010-7-12 5897808] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows \Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows \Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-12 136176] S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett- Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard \Shared\HPDrvMntSvc.exe [2011-3-28 94264] S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] S2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS \sbapifs.sys [?] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy \SDWinSec.exe [2011-1-25 1153368] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed \Flash\FlashPlayerUpdateService.exe [2012-4-1 250056] S3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent \Driver\Platform_WIN764\AVGIDSDriver.sys [2010-7-12 132688] S3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent \Driver\Platform_WIN764\AVGIDSFilter.sys [2010-7-12 35920] S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?] S3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows \system32\DRIVERS\clwvd.sys [?] S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons \Com4QLBEx.exe [2009-8-9 228408] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update \GoogleUpdate.exe [2010-5-12 136176] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers \IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS \libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?] S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows \system32\drivers\mbam.sys [?] S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C: \Windows\system32\Drivers\motoandroid.sys [?] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C: \Windows\system32\DRIVERS\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows \system32\DRIVERS\motccgpfl.sys [?] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows \system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?] S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C: \Windows\system32\DRIVERS\motusbdevice.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C: \Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows \system32\GameMon.des -service [?] S3 pspdisp;pspdisp;C:\Windows\system32\DRIVERS\pspdisp_x64.sys --> C:\Windows\system32\DRIVERS \pspdisp_x64.sys [?] S3 PsSdk41;PsSdk41;\??\C:\Windows\system32\Drivers\pssdk41.sys --> C:\Windows\system32\Drivers \pssdk41.sys [?] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers \rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows \system32\DRIVERS\Rt64win7.sys [?] S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?] S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers \sbhips.sys [?] S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS \sbwtis.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS \VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS \VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows \system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers \tsusbflt.sys [?] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows \system32\DRIVERS\wdcsam64.sys [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows \system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S4 Ad-Aware Service;Ad-Aware Service; [x] S4 avgfws9;AVG Firewall; [x] S4 MBAMService;MBAMService; [x] S4 MotoHelper;MotoHelper Service; [x] S4 SBAMSvc;Ad-Aware; [x] . =============== Created Last 30 ================ . 2012-07-12 00:37:51 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys 2012-07-12 00:30:57 21520 ----a-w- C:\Windows\DCEBoot64.exe 2012-07-12 00:30:34 129024 ----a-w- C:\Windows\RegBootClean64.exe 2012-07-12 00:13:57 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys 2012-07-11 14:13:03 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 11:24:35 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 11:24:33 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-11 11:24:33 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-11 11:24:31 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-11 11:24:31 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2012-07-11 11:24:31 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-07-11 01:42:31 -------- d-----w- C:\Users\Jowie\AppData\Local\adaware 2012-07-11 01:41:45 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2012-07-11 01:41:24 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys 2012-07-11 01:40:55 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys 2012-07-11 01:40:55 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys 2012-07-11 01:40:54 45936 ----a-w- C:\Windows\System32\sbbd.exe 2012-07-11 01:40:51 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus 2012-07-11 01:38:19 -------- d-----w- C:\Users\Jowie\AppData\Roaming\Ad-Aware Antivirus 2012-07-10 14:59:21 -------- d-----w- C:\Users\Jowie\AppData\Local\MagicCamera 2012-07-10 14:59:06 -------- d-----w- C:\Program Files (x86)\Company 2012-07-10 14:59:03 15693038 ---ha-w- C:\Program Files\MagicCam.exe 2012-07-10 14:50:27 82432 ----a-w- C:\Windows\System32\HPMSWebcam.dll 2012-07-10 13:21:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender \Definition Updates\{8AB62FD2-1839-467F-AB4E-84351BDB2E11}\mpengine.dll 2012-07-08 01:33:51 -------- d-----w- C:\Users\Jowie\AppData\Roaming\Trine2 2012-07-05 15:59:51 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll 2012-07-05 15:59:50 -------- d-----w- C:\Program Files (x86)\ffdshow 2012-07-05 14:52:27 -------- d-----w- C:\Users\Jowie\AppData\Roaming \MotioninJoy 2012-07-05 14:52:25 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys 2012-07-05 14:52:25 328712 ----a-w- C:\Windows\System32\MijFrc.dll 2012-07-05 14:52:25 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys 2012-07-05 14:52:25 -------- d-----w- C:\Program Files\MotioninJoy 2012-06-21 22:58:43 -------- d-----w- C:\ProgramData\RELOADED 2012-06-21 22:56:59 -------- d-----w- C:\Program Files (x86)\The Walking Dead 2012-06-21 20:09:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 20:09:15 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 20:08:59 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 20:08:59 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-18 15:58:11 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-06-18 15:58:10 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-06-14 19:34:54 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-14 19:34:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-14 19:34:54 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-14 19:34:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-14 19:34:43 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-14 19:34:42 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-14 19:34:40 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-14 19:34:40 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-06-14 19:29:16 -------- d-----w- C:\Users\Jowie\AppData\Local\Macromedia . ==================== Find3M ==================== . 2012-07-11 22:31:47 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 22:31:47 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-18 15:55:14 772592 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-06-18 15:55:14 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-25 01:50:38 31344 ----a-w- C:\Windows\System32\drivers\cnnctfy2.sys 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 21:55:57.87 =============== Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.