BobBarwick

Members

View Profile See their activity

Posts
2
Joined
August 1, 2012
Last visited
August 4, 2012

Reputation

0 Neutral

I'm Infected

BobBarwick posted a topic in Resolved Malware Removal Logs

. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33 Run by user at 11:49:57 on 2012-08-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8150.6081 [GMT 10:00] . AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\splwow64.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\DllHost.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.smh.com.au/ uSearch Bar = Preserve mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’&barid={FA9DCDB2-C719-11E1-97D9-8C89A57C9312} uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe mRun: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{5D0811D1-5ACF-4419-932C-2B1341B16021} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{F593D424-A03E-4603-8C93-ECA27F6CF897} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO-X64: Canon Easy-WebPrint EX BHO - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll BHO-X64: SWEETIE - No File TB-X64: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe mRun-x64: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun-x64: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" mRun-x64: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o7dadfa8.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.smh.com.au/|http://www.brisbanetimes.com.au/?gclid=CJ3ItfnL77ACFUyHpAod9S6nuw|http://www.abc.net.au/news/?WT.svl=news FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10005&q= FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS [?] R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\N360x64\0308000.029\BHDrvx64.sys --> C:\Windows\system32\Drivers\N360x64\0308000.029\BHDrvx64.sys [?] R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\N360x64\0308000.029\ccHPx64.sys --> C:\Windows\system32\Drivers\N360x64\0308000.029\ccHPx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120710.001\IDSviA64.sys [2012-7-10 509088] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-30 655944] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2012-7-11 117640] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-18 2656536] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\N360x64\0308000.029\SYMNDISV.SYS --> C:\Windows\system32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-3 257696] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-3 113120] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-08-02 01:39:08 -------- d-----w- C:\Users\user\AppData\Local\{E644B044-EB6E-43FB-A2C8-A32227224689} 2012-08-02 01:38:57 -------- d-----w- C:\Users\user\AppData\Local\{211E1806-DAC1-481D-9FC5-1C3EC8C9568F} 2012-08-01 11:26:26 -------- d-----w- C:\Users\user\AppData\Local\{68D4BBD5-AB8B-436C-9A7B-95D30229242A} 2012-08-01 11:26:15 -------- d-----w- C:\Users\user\AppData\Local\{E44693BB-FA77-4B42-8D33-F9ACDC95AB00} 2012-08-01 00:00:01 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2012-07-31 23:36:02 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-07-31 23:36:00 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19723469-2A81-4D64-9F49-55B6720AE787}\mpengine.dll 2012-07-31 23:25:52 -------- d-----w- C:\Users\user\AppData\Local\{AFFF6090-2366-4050-9403-39083FE2BAF8} 2012-07-31 23:25:41 -------- d-----w- C:\Users\user\AppData\Local\{90EF65B8-BECF-42F5-A552-81BD0A3E6774} 2012-07-31 01:50:40 -------- d-----w- C:\Users\user\AppData\Local\{5447EC19-9D52-49D9-8ADB-C1F5FCD9335A} 2012-07-31 01:50:29 -------- d-----w- C:\Users\user\AppData\Local\{82F08354-4277-400F-A1B5-6E2E33D0A6F8} 2012-07-30 12:45:45 -------- d-----w- C:\Users\user\AppData\Local\{04BEA6B6-DD50-4598-BD95-4A8ABAA08314} 2012-07-30 12:45:34 -------- d-----w- C:\Users\user\AppData\Local\{EF9E695E-234B-498A-98D1-96B473DC4D5C} 2012-07-30 08:07:58 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes 2012-07-30 08:07:53 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-30 08:07:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-30 08:07:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-29 22:04:06 -------- d-----w- C:\Users\user\AppData\Local\{70530222-2FE9-4F2F-B680-C09023AEEF95} 2012-07-29 22:03:56 -------- d-----w- C:\Users\user\AppData\Local\{562D8565-0EC9-4D3A-85ED-E79E79A688BC} 2012-07-29 08:52:44 -------- d-----w- C:\Users\user\AppData\Local\{59A5BAB2-7F6F-448B-9E7D-4AB588FB7AE8} 2012-07-29 08:52:33 -------- d-----w- C:\Users\user\AppData\Local\{7D007EBB-3D38-4658-BADD-2447BD9CA00A} 2012-07-28 22:21:33 -------- d-----w- C:\Users\user\AppData\Local\{36467903-3944-41F9-8E49-E67175F08CA6} 2012-07-28 22:21:23 -------- d-----w- C:\Users\user\AppData\Local\{64664D35-CFEF-4DAB-B553-9FCB08B7AA48} 2012-07-28 00:08:46 -------- d-----w- C:\Users\user\AppData\Local\{7CC6756C-BC53-48BA-A546-08AA73317F91} 2012-07-28 00:08:36 -------- d-----w- C:\Users\user\AppData\Local\{44D699E0-85F2-48B4-BA4F-4D45BC4C6F29} 2012-07-27 19:29:10 -------- d-----w- C:\Users\user\AppData\Local\{4614A3B5-64A4-417E-9879-45B2CB02BBFC} 2012-07-27 19:29:00 -------- d-----w- C:\Users\user\AppData\Local\{7FB5E491-BF5D-4D03-8970-D2C7CAEF1A18} 2012-07-27 00:15:37 -------- d-----w- C:\Users\user\AppData\Local\{01308563-2CCF-4E22-842F-F01B590EA8F3} 2012-07-27 00:15:27 -------- d-----w- C:\Users\user\AppData\Local\{1D711E81-5676-4D9C-BBE4-3A81E2CE38A6} 2012-07-26 04:04:48 -------- d-----w- C:\Users\user\AppData\Roaming\SpeedMaxPc 2012-07-26 04:04:48 -------- d-----w- C:\Users\user\AppData\Roaming\DriverCure 2012-07-26 04:04:40 -------- d-----w- C:\ProgramData\SpeedMaxPc 2012-07-26 03:50:35 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-07-26 03:50:35 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-26 02:04:23 -------- d-----w- C:\Users\user\AppData\Local\{DF8E8FF7-D222-4DB0-ADF5-F13DF4FCEE25} 2012-07-26 02:04:13 -------- d-----w- C:\Users\user\AppData\Local\{3F6B9603-F627-49CF-9361-BB52FE2A7FB0} 2012-07-25 11:19:02 -------- d-----w- C:\Users\user\AppData\Local\{8B024990-8909-443A-B8B1-1847D619F307} 2012-07-25 11:18:52 -------- d-----w- C:\Users\user\AppData\Local\{C683D269-4999-40D5-8C82-227400618FEC} 2012-07-25 07:15:12 -------- d-----r- C:\Program Files (x86)\Skype 2012-07-24 22:42:43 -------- d-----w- C:\Users\user\AppData\Local\{AB844C5A-19B1-459F-994D-1156D290C0CF} 2012-07-24 22:42:33 -------- d-----w- C:\Users\user\AppData\Local\{B20273C4-E030-4024-8768-A9AEC87BF2B2} 2012-07-24 01:27:40 -------- d-----w- C:\Users\user\AppData\Local\{D922892D-2DB7-4764-A859-EA4DAD6FC67F} 2012-07-24 01:27:30 -------- d-----w- C:\Users\user\AppData\Local\{4C5CA308-77B3-4839-82AE-574513F5C25C} 2012-07-23 12:47:36 -------- d-----w- C:\Users\user\AppData\Local\{1D35A7F6-6B32-43AC-AC15-03E6C404C6AE} 2012-07-23 12:47:25 -------- d-----w- C:\Users\user\AppData\Local\{A75047D6-7FAC-4DE9-B88E-D13B573D540F} 2012-07-22 22:16:29 -------- d-----w- C:\Users\user\AppData\Local\{6CCEECF1-8B30-4000-AD34-45D372610C96} 2012-07-22 22:16:18 -------- d-----w- C:\Users\user\AppData\Local\{BF855C68-27E6-4D90-A309-804D90314E78} 2012-07-22 02:35:37 -------- d-----w- C:\Users\user\AppData\Local\{68F1BA1F-68F4-44DD-B9E3-0A67CA5B7058} 2012-07-22 02:35:27 -------- d-----w- C:\Users\user\AppData\Local\{2634FE2C-8C5B-4005-8B51-518214610499} 2012-07-21 10:54:09 -------- d-----w- C:\Users\user\AppData\Local\{1C0A3556-2059-4155-B1F0-DC24D21570DB} 2012-07-21 10:53:58 -------- d-----w- C:\Users\user\AppData\Local\{E7E20337-E464-465F-9C2C-480C534FC435} 2012-07-20 21:51:46 -------- d-----w- C:\Users\user\AppData\Local\{95D0C43B-365F-450C-9B7F-8F2C3020AB40} 2012-07-20 21:51:36 -------- d-----w- C:\Users\user\AppData\Local\{0B54C053-6423-4E6F-AEF1-B73E8F1C55E0} 2012-07-20 11:07:56 -------- d-----w- C:\Program Files (x86)\NCH Software 2012-07-20 11:07:53 -------- d-----w- C:\Users\user\AppData\Roaming\NCH Software 2012-07-20 03:41:31 -------- d-----w- C:\Users\user\AppData\Roaming\Wondershare Video Converter Ultimate 2012-07-20 03:41:26 -------- d-----w- C:\Users\user\AppData\Local\Wondershare 2012-07-20 03:41:26 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare 2012-07-20 03:41:19 892928 ----a-w- C:\Windows\SysWow64\iconv.dll 2012-07-20 03:41:19 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax 2012-07-20 03:41:19 496640 ----a-w- C:\Windows\SysWow64\xvid.ax 2012-07-20 03:41:16 -------- d-----w- C:\Program Files (x86)\Wondershare 2012-07-20 02:42:27 -------- d-----w- C:\Users\user\AppData\Local\{F8E04AFC-4CDF-4AC5-A502-409A47ECE23D} 2012-07-20 02:42:16 -------- d-----w- C:\Users\user\AppData\Local\{DFCC997B-5422-4C9A-9CBE-ED6697696B99} 2012-07-20 01:58:23 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{24A484A3-EF28-4097-A584-09BFA6595BF2}\mpengine.dll 2012-07-20 01:14:06 -------- d-----w- C:\Users\user\AppData\Roaming\WinFF 2012-07-20 01:14:04 -------- d-----w- C:\Program Files (x86)\WinFF 2012-07-20 00:15:36 -------- d-----w- C:\Users\user\AppData\Local\{5DA24A53-E1F5-421F-94D6-B5AD19BB77A1} 2012-07-20 00:15:25 -------- d-----w- C:\Users\user\AppData\Local\{BD706DC0-F159-4C7E-AAEE-B89586C6189B} 2012-07-19 11:10:58 -------- d-----w- C:\Users\user\AppData\Local\{579399C4-4C83-4967-84C5-99F4E920AA52} 2012-07-19 11:10:47 -------- d-----w- C:\Users\user\AppData\Local\{38556939-90D0-4364-B7C1-E777BB462AFD} 2012-07-18 22:00:55 -------- d-----w- C:\Users\user\AppData\Local\{20AE13A5-D146-4725-AFDA-B51DE071310C} 2012-07-18 22:00:44 -------- d-----w- C:\Users\user\AppData\Local\{12F87AD0-6E5A-4069-8765-01054DD61511} 2012-07-18 00:23:39 -------- d-----w- C:\Users\user\AppData\Local\{4BA929D7-5D83-4B1A-ACF5-0A4C4655C054} 2012-07-18 00:23:29 -------- d-----w- C:\Users\user\AppData\Local\{998B9529-0F15-4420-9A3A-BEEC7D08A8F0} 2012-07-17 03:23:56 -------- d-----w- C:\Users\user\AppData\Local\{D48ED45B-7AD8-483D-98F6-8D14E7FC89EA} 2012-07-17 03:23:45 -------- d-----w- C:\Users\user\AppData\Local\{18EDC849-719B-40AD-AE24-E645EC6ABFA3} 2012-07-17 01:39:59 -------- d-----w- C:\Users\user\AppData\Local\{5BBDD7DF-798F-465F-BD89-EDAEE8384DBB} 2012-07-16 21:29:46 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-16 06:36:11 -------- d-----w- C:\Users\user\AppData\Local\{8FC84CFE-223B-4F8B-B8A5-410ADDA54B68} 2012-07-16 06:36:00 -------- d-----w- C:\Users\user\AppData\Local\{41ABE075-8E69-467F-8FEE-F58554C02650} 2012-07-16 04:18:31 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-07-16 04:18:31 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-07-16 04:18:31 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2012-07-16 03:28:31 -------- d-----w- C:\Program Files (x86)\Convar 2012-07-16 03:07:19 -------- d-----w- C:\Users\user\AppData\Local\{69589E90-7020-4132-83ED-BD627BA60A95} 2012-07-15 13:37:04 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-15 12:54:49 -------- d-----w- C:\Users\user\AppData\Local\{A57FE3F9-9D0C-4180-9F31-C04CD05D04DA} 2012-07-15 12:54:38 -------- d-----w- C:\Users\user\AppData\Local\{B20490E7-6396-413C-BA22-FAEB728AC311} 2012-07-15 12:54:38 -------- d-----w- C:\Users\user\AppData\Local\{0DFAC95B-0D50-468B-9F7E-7269BCA296B4} 2012-07-15 12:24:39 -------- d-----w- C:\Users\user\AppData\Local\{B6991750-AA3E-4C59-BA3F-392B56C4C310} 2012-07-15 12:24:28 -------- d-----w- C:\Users\user\AppData\Local\{A50E2868-0D47-47BE-BCDE-FDA3327AB727} 2012-07-14 22:51:32 -------- d-----w- C:\Users\user\AppData\Local\{BB107D81-B9DA-4488-B349-19C4EE63F7D1} 2012-07-14 22:51:21 -------- d-----w- C:\Users\user\AppData\Local\{61208B4E-6B2B-4CF1-B753-5CA331C50551} 2012-07-14 00:52:16 -------- d-----w- C:\Users\user\AppData\Local\{20BCF21C-1C86-4AEB-889B-FD0E5F0D12F7} 2012-07-14 00:52:04 -------- d-----w- C:\Users\user\AppData\Local\{D62FC15E-8CAE-4BE5-BB4F-9A6810812770} 2012-07-14 00:52:04 -------- d-----w- C:\Users\user\AppData\Local\{02996222-0F56-4215-8058-0FDCC25ACEEE} 2012-07-13 23:09:03 -------- d-----w- C:\Users\user\PDF Documents 2012-07-13 11:44:19 -------- d-----w- C:\Users\user\AppData\Local\{712D84D5-4DA8-4DF4-BD16-EA361B133E64} 2012-07-13 11:44:08 -------- d-----w- C:\Users\user\AppData\Local\{02090D48-A1CE-4F57-A478-46C7EB3170C1} 2012-07-12 23:02:22 -------- d-----w- C:\Users\user\AppData\Local\{84AE7E9E-EFAA-4A19-B1A7-1BDA3C623711} 2012-07-12 23:02:12 -------- d-----w- C:\Users\user\AppData\Local\{53E5010A-C4A3-4B33-BBF9-3A1C90D55829} 2012-07-12 11:01:45 -------- d-----w- C:\Users\user\AppData\Local\{07D022D3-FC69-4248-949B-60C97244C7E6} 2012-07-12 11:01:34 -------- d-----w- C:\Users\user\AppData\Local\{6E8F1012-09E5-469C-824D-3F2F5F4C794B} 2012-07-11 23:01:08 -------- d-----w- C:\Users\user\AppData\Local\{8BE5CA59-1A9F-4096-9FBE-4CB9DC94B4A3} 2012-07-11 23:00:57 -------- d-----w- C:\Users\user\AppData\Local\{F8C77D7D-118A-4F88-B54B-D8F1F8D048A7} 2012-07-11 22:11:38 -------- d-----w- C:\ProgramData\Symantec 2012-07-11 11:28:21 -------- d-----w- C:\Users\user\AppData\Roaming\Windows Live Writer 2012-07-11 11:28:21 -------- d-----w- C:\Users\user\AppData\Local\Windows Live Writer 2012-07-11 11:00:32 -------- d-----w- C:\Users\user\AppData\Local\{77143638-0AC1-4F5A-8F9C-56516C8969E3} 2012-07-11 11:00:06 -------- d-----w- C:\Users\user\AppData\Local\{B164D511-4100-46EE-9285-F388901A062D} 2012-07-11 10:59:55 -------- d-----w- C:\Users\user\AppData\Local\{CE706BB8-8417-4B08-875F-A59E0465AC10} 2012-07-11 10:58:31 -------- d-----w- C:\Windows\en 2012-07-11 10:53:48 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2012-07-11 10:53:48 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2012-07-11 10:53:46 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2012-07-11 10:53:46 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2012-07-11 10:46:37 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6fc7ca7e1cd5f5205\DSETUP.dll 2012-07-11 10:46:37 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6fc7ca7e1cd5f5205\DXSETUP.exe 2012-07-11 10:46:37 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6fc7ca7e1cd5f5205\dsetup32.dll 2012-07-11 10:46:31 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6a57a6eb1cd5f5204\DXSETUP.exe 2012-07-11 10:46:31 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6a57a6eb1cd5f5204\dsetup32.dll 2012-07-11 10:46:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6a57a6eb1cd5f5204\DSETUP.dll 2012-07-11 10:45:50 -------- d-----w- C:\Users\user\AppData\Local\Windows Live 2012-07-11 08:29:28 583296 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\cchpx64.sys 2012-07-11 08:29:28 56880 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\symndisv.sys 2012-07-11 08:29:28 476720 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\srtsp64.sys 2012-07-11 08:29:28 44080 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\symndis.sys 2012-07-11 08:29:28 43568 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\symids.sys 2012-07-11 08:29:28 402992 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\SymEFA64.sys 2012-07-11 08:29:28 334384 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\BHDrvx64.sys 2012-07-11 08:29:28 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\srtspx64.sys 2012-07-11 08:29:28 278576 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\symtdi.sys 2012-07-11 08:29:28 120880 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\symfw.sys 2012-07-11 08:29:20 -------- d-----w- C:\Windows\System32\drivers\N360x64\0308000.029 2012-07-11 06:52:35 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2012-07-11 06:28:23 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-07-11 06:28:23 31280 ----a-r- C:\Windows\System32\drivers\SymIMV.sys 2012-07-11 06:28:23 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll 2012-07-11 06:28:23 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll 2012-07-11 06:28:20 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-07-11 06:28:20 -------- d-----w- C:\Program Files\Symantec 2012-07-11 06:28:20 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2012-07-11 06:27:47 -------- d-----w- C:\Windows\System32\drivers\N360x64 2012-07-11 06:27:46 -------- d-----w- C:\Program Files (x86)\Norton 360 2012-07-11 06:27:39 -------- d-----w- C:\ProgramData\Norton 2012-07-11 06:27:36 -------- d-----w- C:\ProgramData\NortonInstaller 2012-07-11 06:27:36 -------- d-----w- C:\Program Files (x86)\NortonInstaller 2012-07-11 06:22:57 -------- d-----w- C:\ProgramData\Symantec Temporary Files 2012-07-10 21:55:45 -------- d-----w- C:\ProgramData\AMD 2012-07-10 21:55:44 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-07-10 21:55:42 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-07-10 21:54:09 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-07-10 21:52:25 -------- d-----w- C:\AMD 2012-07-10 10:44:07 -------- d-----w- C:\Users\user\AppData\Roaming\CD-LabelPrint 2012-07-10 10:43:21 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenuEX 2012-07-10 10:43:18 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2 2012-07-10 10:43:18 -------- d--h--w- C:\ProgramData\CanonEPP 2012-07-10 10:43:15 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter 2012-07-10 10:42:18 -------- d-----w- C:\ProgramData\CanonIJPLM 2012-07-10 10:41:53 -------- d-----w- C:\ProgramData\CanonIJMSetup 2012-07-10 10:41:28 -------- d-----w- C:\Program Files\Common Files\CANON 2012-07-10 10:41:21 -------- d-----w- C:\ProgramData\CanonIJWSpt 2012-07-10 10:39:52 -------- d-----w- C:\Program Files\Canon 2012-07-10 10:38:46 37376 ----a-w- C:\Windows\System32\CNMN6UI.DLL 2012-07-10 10:38:46 -------- d-----w- C:\Windows\System32\STRING 2012-07-10 10:38:45 327680 ----a-w- C:\Windows\System32\CNMN6PPM.DLL 2012-07-10 10:38:04 -------- d-----w- C:\Program Files (x86)\Canon 2012-07-09 22:55:29 -------- d-----w- C:\Windows\System32\SPReview 2012-07-09 22:54:36 -------- d-----w- C:\Windows\System32\EventProviders 2012-07-09 09:25:25 -------- d-----w- C:\Program Files\SmartPCFixer 2012-07-09 06:16:55 3650560 ----a-w- C:\Windows\System32\MSVidCtl.dll 2012-07-09 06:14:59 646144 ----a-w- C:\Windows\SysWow64\SearchFolder.dll 2012-07-09 06:13:59 210944 ----a-w- C:\Windows\System32\ncsi.dll 2012-07-09 06:12:47 378880 ----a-w- C:\Windows\System32\msinfo32.exe 2012-07-09 06:11:59 98816 ----a-w- C:\Windows\SysWow64\Robocopy.exe 2012-07-09 06:10:59 45568 ----a-w- C:\Windows\SysWow64\g711codc.ax 2012-07-09 06:09:53 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2012-07-09 06:09:53 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll 2012-07-09 06:09:52 244736 ----a-w- C:\Windows\System32\sqmapi.dll 2012-07-08 13:28:08 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-07-08 13:27:50 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-07-08 04:19:45 -------- d-----w- C:\Windows\SysWow64\Wat 2012-07-08 04:19:45 -------- d-----w- C:\Windows\System32\Wat 2012-07-08 02:39:49 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-07-08 02:39:49 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-07-08 02:39:49 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-07-08 02:39:49 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-07-08 02:39:49 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-07-08 02:39:49 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-07-08 02:39:49 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-07-08 02:04:38 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-07-08 02:04:38 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-07-07 23:20:59 961024 ----a-w- C:\Windows\System32\CPFilters.dll 2012-07-07 23:20:59 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe 2012-07-07 23:20:58 850944 ----a-w- C:\Windows\SysWow64\sbe.dll 2012-07-07 23:20:58 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll 2012-07-07 23:20:58 259072 ----a-w- C:\Windows\System32\mpg2splt.ax 2012-07-07 23:20:58 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax 2012-07-07 23:20:58 1118720 ----a-w- C:\Windows\System32\sbe.dll 2012-07-07 23:18:48 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2012-07-07 23:18:47 515584 ----a-w- C:\Windows\System32\timedate.cpl 2012-07-07 23:18:47 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2012-07-07 23:18:46 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2012-07-07 23:18:45 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2012-07-07 23:18:13 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2012-07-07 23:18:13 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2012-07-07 23:18:05 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2012-07-07 23:18:04 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2012-07-07 23:18:04 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2012-07-07 23:18:04 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2012-07-07 23:17:09 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-07-07 23:17:09 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-07-07 23:17:09 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-07-07 23:15:44 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-07-07 23:14:31 642944 ----a-w- C:\Windows\System32\winload.efi 2012-07-07 23:13:47 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2012-07-07 23:12:59 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-07-07 23:12:57 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-07-07 23:12:57 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-07-07 23:12:57 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-07-07 23:12:45 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-07-07 23:12:45 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-07-07 23:04:54 77312 ----a-w- C:\Windows\System32\packager.dll 2012-07-07 23:04:54 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-07-07 00:41:38 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-07-07 00:41:38 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-07-07 00:41:38 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-07-07 00:38:20 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-07-07 00:38:10 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-07-07 00:38:01 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-07-07 00:38:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-07-06 23:48:41 -------- d-----w- C:\Program Files (x86)\Ffmpeg For Audacity 2012-07-06 22:44:00 -------- dc----w- C:\Users\user\AppData\Local\MigWiz 2012-07-06 22:40:51 -------- d-----w- C:\Program Files (x86)\Audacity 2012-07-06 08:10:17 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2012-07-06 08:10:13 336208 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-07-06 03:23:38 -------- d-----w- C:\ProgramData\SweetIM 2012-07-06 03:23:38 -------- d-----w- C:\Program Files (x86)\SweetIM 2012-07-06 03:23:26 327749 ----a-w- C:\Windows\SysWow64\drvc.dll 2012-07-06 03:23:26 121344 --sha-r- C:\Windows\SysWow64\TAKDSDecoder.ax 2012-07-06 03:23:26 107520 --sha-r- C:\Windows\SysWow64\TAKDSDecoder.dll 2012-07-06 03:22:28 -------- d-----w- C:\Program Files (x86)\eRightSoft 2012-07-06 03:20:55 -------- d-----w- C:\Program Files (x86)\Vstplugins 2012-07-06 03:20:45 -------- d-----w- C:\Program Files (x86)\Sony 2012-07-06 03:19:42 -------- d-----w- C:\Program Files (x86)\Sony Setup 2012-07-06 02:11:01 14604 ----a-w- C:\Windows\SysWow64\drivers\pfc.sys 2012-07-06 02:10:59 344064 ----a-r- C:\Windows\SysWow64\msvcr70.dll 2012-07-06 02:09:00 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2012-07-06 02:09:00 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2012-07-06 02:09:00 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2012-07-06 02:09:00 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2012-07-06 02:08:59 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2012-07-06 02:08:57 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2012-07-06 02:08:57 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2012-07-06 00:46:13 -------- d-----w- C:\Program Files (x86)\DVDlab 2012-07-06 00:43:44 -------- d-----w- C:\Program Files (x86)\AC3 Converter 2012-07-06 00:20:03 -------- d-----w- C:\Users\user\AppData\Roaming\Simple Sudoku 2012-07-06 00:20:02 -------- d-----w- C:\Program Files (x86)\Simple Sudoku 2012-07-06 00:18:37 -------- d-----w- C:\ffmpeggui03c 2012-07-06 00:10:44 306688 ----a-w- C:\Windows\IsUninst.exe 2012-07-05 23:49:28 719872 ----a-w- C:\Windows\SysWow64\devil.dll 2012-07-05 23:49:28 70656 ----a-w- C:\Windows\SysWow64\yv12vfw.dll 2012-07-05 23:49:28 70656 ----a-w- C:\Windows\SysWow64\i420vfw.dll 2012-07-05 23:49:28 369152 ----a-w- C:\Windows\SysWow64\avisynth.dll 2012-07-05 23:49:28 32256 ----a-w- C:\Windows\SysWow64\AVSredirect.dll 2012-07-05 23:49:28 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5 2012-07-05 02:09:19 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C7245CE-A60C-4D60-9A32-06ABDC4BBDEF}\gapaengine.dll 2012-07-04 01:06:04 -------- d-----w- C:\Windows\TempC9EF7BF8-BCD3-F1EA-B26A-B2CF72310FED-Signatures 2012-07-04 01:05:59 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-07-03 12:13:07 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-07-03 12:13:05 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-07-03 12:13:05 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-07-03 12:13:05 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-07-03 12:13:05 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-07-03 12:07:10 4126880 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-07-03 11:27:41 -------- d-----w- C:\Users\user\AppData\Local\Macromedia 2012-07-03 11:27:17 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-07-31 23:15:10 60 ----a-w- C:\Windows\wpd99.drv 2012-07-09 23:01:56 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-07-09 23:01:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-07-03 12:07:11 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-28 01:20:46 40448 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll 2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll 2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll 2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll 2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe 2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll 2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll 2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-06-11 03:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-06-11 03:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-06-11 03:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-06-11 03:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-06-11 03:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-06-11 03:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll 2012-06-11 03:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-06-11 03:48:34 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2012-06-11 03:48:30 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-06-07 00:29:34 2266624 ----a-w- C:\Windows\System32\pdfmona64.dll 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-31 02:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-05-10 06:35:16 43520 ----a-w- C:\Windows\System32\kdbsdk64.dll 2012-05-10 06:35:16 29184 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2010-01-06 14:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll . ============= FINISH: 11:50:29.94 =============== DDS.txt
I'm Infected

BobBarwick posted a topic in Malwarebytes for Windows Support Forum

DDS.txt

Sign In

BobBarwick

Posts

Joined

Last visited

Reputation

I'm Infected

I'm Infected

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information