Jump to content

HaterOfAdware

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I will be doing the reformat then. It'll probably be a day or two beforee everyone in my family has the chance to backup their personal files. Do you want me to inform you whenever I've done the reinstall?
  2. Even though I'll likely reformat anyway, I went ahead and did the steps for removal. Malwarebytes didn't find anything after I ran the others. Here are my results, let me know if this changes anything, and thanks again for your hep: # AdwCleaner v2.003 - Logfile created 10/04/2012 at 22:30:05 # Updated 23/09/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Blevins - BLEVINS-PC # Boot Mode : Normal # Running from : C:\Users\Blevins\Desktop\Adware stuff\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Blevins\AppData\LocalLow\Toolbar4 ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898 Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-21-986089495-3072770436-38177354-1001\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default-1348990963794 [Profil par défaut] File : C:\Users\Blevins\AppData\Roaming\Mozilla\Firefox\Profiles\61fkxzme.default-1348990963794\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [9257 octets] - [03/10/2012 21:49:33] AdwCleaner[s1].txt - [10107 octets] - [04/10/2012 22:30:05] ########## EOF - C:\AdwCleaner[s1].txt - [10168 octets] ########## Rkill 2.4.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html Program started at: 10/04/2012 10:34:02 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Explorer Policy Removed: NoActiveDesktopChanges [HKLM] Backup Registry file created at: C:\Users\Blevins\Desktop\rkill\rkill-10-04-2012-10-34-07.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * ALERT: ZEROACCESS rootkit symptoms found! * HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack] * C:\$Recycle.Bin\S-1-5-21-986089495-3072770436-38177354-1000\$a266d56a0c264f22c1f18e7befd6f896\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-21-986089495-3072770436-38177354-1000\$a266d56a0c264f22c1f18e7befd6f896\@ [ZA File] * C:\$Recycle.Bin\S-1-5-21-986089495-3072770436-38177354-1000\$a266d56a0c264f22c1f18e7befd6f896\L\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-21-986089495-3072770436-38177354-1000\$a266d56a0c264f22c1f18e7befd6f896\U\ [ZA Dir] Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 10/04/2012 10:34:14 PM Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s) Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.05.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Blevins :: BLEVINS-PC [administrator] 10/4/2012 10:36:31 PM mbam-log-2012-10-04 (22-36-31).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 513192 Time elapsed: 1 hour(s), 47 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. I don't use this PC for banking, but I do use it for online purchases and email, as well as gaming. Is it still recommended that I reformat? If so, is it alright if I backup my personal files (save games, word files, pictures, etc) to my external data drive and leave that alone, or does that need to be reformatted as well?
  4. Note that the ~$ware.doc file appears to have disappeared from the desktop now, even though hidden files are still set to visible.....
  5. All done. I deleted all Java but the newest, as I do use it. I did not find "Search Coupons" in the programs list. Interestingly, when I set all hidden files to display, I saw a word doc named ~$ware on the deaktop. Is that significant? It sounds suspicious...... Also, TDSSKiller found nothing and so did not generate a report. Here are the reports from the other two: # AdwCleaner v2.003 - Logfile created 10/03/2012 at 21:49:33 # Updated 23/09/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Blevins - BLEVINS-PC # Boot Mode : Normal # Running from : C:\Users\Blevins\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\Blevins\AppData\LocalLow\Toolbar4 ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1 Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898 Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} Key Found : HKLM\SOFTWARE\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default-1348990963794 [Profil par défaut] File : C:\Users\Blevins\AppData\Roaming\Mozilla\Firefox\Profiles\61fkxzme.default-1348990963794\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [9168 octets] - [03/10/2012 21:49:33] ########## EOF - C:\AdwCleaner[R1].txt - [9228 octets] ########## RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Website: http://tigzy.geeksto...roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Blevins [Admin rights] Mode : Scan -- Date : 10/03/2012 21:54:04 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 11 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : wmpmic ("C:\Windows\System32\rundll32.exe" "C:\Users\Blevins\AppData\Roaming\wmpmic.dll",init_mmx_flags) -> FOUND [RUN][bLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry_THXCfg (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> FOUND [RUN][bLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry_EptMon (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-986089495-3072770436-38177354-1000[...]\Run : wmpmic ("C:\Windows\System32\rundll32.exe" "C:\Users\Blevins\AppData\Roaming\wmpmic.dll",init_mmx_flags) -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-986089495-3072770436-38177354-1000\$a266d56a0c264f22c1f18e7befd6f896\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-986089495-3072770436-38177354-1000\$a266d56a0c264f22c1f18e7befd6f896\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-986089495-3072770436-38177354-1000\$a266d56a0c264f22c1f18e7befd6f896\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-986089495-3072770436-38177354-1000\$a266d56a0c264f22c1f18e7befd6f896\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST31000524AS +++++ --- User --- [MBR] d18823b563af2a07b701e140ee7c6b3b [bSP] 2d25f8a362051c9cdfd1128b8b5cbdbf : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13568 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27869184 | Size: 940260 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  6. So, recently I started getting my Google and Yahoo links redirected when I opened them in a new window. It happens about 1/3 of the time. It appears to happen only in Firefox, not IE. I tried all the steps of resetting Firefox and removing cookies and add-ons, but it keeps coming back. I ran Malwarebytes when this first started and I also ran Malwarebytes just now. I updated in Safe Mode With Networking, then shut down and restarted in full Safe Mode just to be sure. No infections were found. I installed a redirect blocker add-on to Firefox, and it seems to be working but I don't want to leave whatever this is in my system. Oh, this has been going on for between 7-12 days I think. At first I thought it was problems with the websites, then I figured if I waited a few days Malwarebytes would be updated to fix it. Now I'm contacting you all. Here's the DDS stuff (I wasn't sure which part of McAfee was the Script Blocker, so I shut it all down when I ran the program. It's normally up): . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2 Run by Blevins at 1:56:37 on 2012-10-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6534 [GMT -7:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Windows\system32\atieclxx.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\mfevtps.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\notepad.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ww2.cox.com/myconnection/arizona/home.cox mStart Page = hxxp://search.coupons.com/ mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626233021.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TBSB07898 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [wmpmic] "C:\Windows\System32\rundll32.exe" "C:\Users\Blevins\AppData\Roaming\wmpmic.dll",init_mmx_flags mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot StartupFolder: C:\Users\Blevins\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 172.16.0.1 TCP: Interfaces\{0E202E70-4BCB-4752-9D6E-8F3E498104D5} : DhcpNameServer = 172.16.0.1 TCP: Interfaces\{76991D54-D520-42E3-BB98-C9A1B6F526AA} : DhcpNameServer = 172.16.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO-X64: Canon Easy-WebPrint EX BHO - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626233021.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll BHO-X64: TBSB07898 - No File BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB-X64: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Blevins\AppData\Roaming\Mozilla\Firefox\Profiles\61fkxzme.default-1348990963794\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Blevins\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-31 13592] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-29 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-29 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-29 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-3-29 199272] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-3-29 210584] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-15 1258856] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-31 1692480] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-15 250288] S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 114144] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-09-22 10:38:51 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-09-16 10:22:18 -------- d-----w- C:\Users\Blevins\AppData\Roaming\NVIDIA 2012-09-15 08:00:06 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-09-15 08:00:06 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-09-15 08:00:06 6198120 ----a-w- C:\Windows\System32\nvcpl.dll 2012-09-15 08:00:06 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-09-15 08:00:06 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-09-15 08:00:06 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-09-15 08:00:06 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-09-15 07:58:19 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-09-15 07:55:56 -------- d-----w- C:\NVIDIA 2012-09-14 12:49:12 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-09-13 08:56:54 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-09-13 08:56:54 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-09-12 10:19:37 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs 2012-09-11 11:28:16 -------- d-----w- C:\Users\Blevins\AppData\Roaming\Ad-Aware Antivirus 2012-09-11 07:39:08 -------- d-----r- C:\Program Files (x86)\Skype 2012-09-11 07:37:05 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll 2012-09-11 07:36:57 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared 2012-09-11 07:36:53 150736 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll 2012-09-11 07:36:51 129176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll 2012-09-08 11:30:57 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll 2012-09-08 11:30:57 266720 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\components\browsercomps.dll 2012-09-08 11:30:57 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll 2012-09-05 23:57:08 -------- d-----w- C:\ProgramData\225932FD16A4C19BCDC3199BF875F002 2012-09-05 23:56:49 -------- d-----w- C:\Users\Blevins\AppData\Local\{54C1A0CC-F7B5-11E1-8270-B8AC6F996F26} . ==================== Find3M ==================== . 2012-09-22 10:38:46 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-22 10:38:46 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-20 23:27:09 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-20 23:27:09 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-11 07:36:48 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-09-11 07:36:48 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-09-08 00:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-30 17:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-08-22 08:28:35 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-22 08:28:32 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-08-22 08:28:32 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-14 07:11:14 71680 ----a-w- C:\Windows\System32\frapsv64.dll 2012-08-14 07:11:12 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll 2012-07-28 05:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-07-28 05:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-07-28 05:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-07-28 05:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-07-28 05:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-07-28 05:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll 2012-07-28 05:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll 2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll 2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll 2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe 2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll 2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll 2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-07-25 22:51:44 28104 ----a-w- C:\Windows\System32\xfcodec64.dll . ============= FINISH: 1:57:08.92 =============== Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.