Jump to content

Rosie

Honorary Members
  • Posts

    30
  • Joined

  • Last visited

Everything posted by Rosie

  1. I finally got it back with chameleon, but that is the second time it happened this month. Thanks again. till next time, Bye!
  2. Hi Kevin, I just opened my Malwarebytes Premium and it said I did not have real time protection. Clicking on 'Fix Now" does nothing.
  3. You are welcome and your help is invaluable. The only thing that concerns me, and honestly I don't have a reference point for this, is that the cursor on a tab rotates counterclockwise sometimes for two revolutions. I know this is difficult, but how does measure optimal performance on one's personal PC? Is there a guide or standard for performance? I know I can do a speed teat, but that is only the modem's speed. And I know this sounds funny but I get suspicious of the effectiveness of my Avast when it never finds anything., Otherwise seems to be running smoothly. Good job! And finally, may I contact you in the future for the inevitable performance issues on this machine? Thanks so much, Kevin. yours, Rosie
  4. RSVP Re: the donation I sent to your email via PayPal. Thx
  5. Finally done! Awesome program. No wonder it took so long. It seems fairly comprehensive. So now I will post the logs, and until I hear from you I will see how performance has improved. Thanks for your great help. zoek-results.log zoek-results2015-05-17-201537.log
  6. Yes, and Zoek finally closed. But the log file did not open after reboot. Still searching
  7. I did everything per your instructions, but the Zoek scans [2] continue to generate script error boxes indicating scripting error at line 68 'file not found. "file:///C:/Users/Feb28/AppData/Local/Temp/zoekrun.hta" Zoek then stalls. Please advise. Thanks
  8. What about the PUM.DNS that RogueKiller finds but can't remove?
  9. No, it only works for a limited time. I'll remove all NCH. Could that be the only reason for PC's sluggish behavior?
  10. I kept getting a message that an extension I was using was not permitted. this was the only thing it found Antivirus Result Update ESET-NOD32 a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe 20150517
  11. Hi Kevin, hope this is right: DNSCHECK tool from F-Secure: ALL IS WELL, NO ISSUES FROM VIRUS TOTAL SHA256: 642e6161ae9c4597131161cacc7851b482dc12004dd27e78c3f27b74d18d3441 File name: prism.exe Detection ratio: 1 / 57 Analysis date: 2015-05-17 15:08:25 UTC ( 0 minutes ago ) 0 0 Analysis File detail Additional information Comments Votes Behavioural information Antivirus Result Update ESET-NOD32 a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe 20150517 ALYac 20150517 AVG 20150517 AVware 20150517 Ad-Aware 20150517 AegisLab 20150517 Agnitum 20150516 AhnLab-V3 20150517 Alibaba 20150517 Antiy-AVL 20150517 Avast 20150517 Avira 20150517 Baidu-International 20150517 BitDefender 20150517 Bkav 20150516 ByteHero 20150517 CAT-QuickHeal 20150516 CMC 20150513 ClamAV 20150517 Comodo 20150517 Cyren 20150517 DrWeb 20150517 Emsisoft 20150517 F-Prot 20150517 F-Secure 20150517 Fortinet 20150517 GData 20150517 Ikarus 20150517 Jiangmin 20150516 K7AntiVirus 20150517 K7GW 20150517 Kaspersky 20150517 Kingsoft 20150517 Malwarebytes 20150517 McAfee 20150517 McAfee-GW-Edition 20150517 MicroWorld-eScan 20150517 Microsoft 20150517 NANO-Antivirus 20150517 Norman 20150517 Panda 20150517 Qihoo-360 20150517 Rising 20150517 SUPERAntiSpyware 20150516 Sophos 20150517 Symantec 20150517 Tencent 20150517 TheHacker 20150515 TotalDefense 20150517 TrendMicro 20150517 TrendMicro-HouseCall 20150517 VBA32 20150515 VIPRE 20150517 ViRobot 20150517 Zillya 20150515 Zoner 20150515 nProtect 20150515
  12. Dearest Kevin, I just realized that I forgot to include the fact that I have a second external hard drive which I rarely, but occasionally turn on. Terribly sorry....is this a problem or will future anti-virus programs scan it successfully? Thanks!
  13. Good Morning, and Gracias! Fixlist: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02 Ran by Feb28 at 2015-05-17 05:35:12 Run:1Running from C:\Users\Feb28\DesktopLoaded Profiles: Feb28 & Justus (Available profiles: Feb28 & Justus)Boot Mode: Normal============================================== Content of fixlist:*****************StartHKLM\...\RunOnce: [] => [X]HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1ShortcutTarget: Dropbox.lnk -> C:\Users\Feb28\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-2467985793-1340154617-3576591315-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONS3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]C:\Users\Feb28\AppData\Local\Temp\dllnt_dump.dllC:\Users\Justus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7wshyw.dllEmptytemp:End***************** HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => value deleted successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\MemCheckBoxInRunDlg => value deleted successfully.C:\Users\Feb28\AppData\Roaming\Dropbox\bin\Dropbox.exe not found."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKU\S-1-5-21-2467985793-1340154617-3576591315-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.AppObserver => Service deleted successfully.C:\Users\Feb28\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.C:\Users\Justus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7wshyw.dll => Moved successfully.EmptyTemp: => Removed 55.4 MB temporary data. The system needed a reboot. ==== End of Fixlog 05:35:30 ==== RogueKiller: RogueKiller V10.6.3.0 [May 11 2015] by Adlice Software mail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Feb28 [Administrator]Started from : C:\Users\Feb28\Desktop\RogueKiller.exeMode : Scan -- Date : 05/17/2015 06:11:02 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 9 ¤¤¤[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.3.65 192.168.1.1 [-][uNITED STATES (US)][-] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.3.65 192.168.1.1 [-][uNITED STATES (US)][-] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.3.65 192.168.1.1 [-][uNITED STATES (US)][-] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BAE1ED5-3213-4E89-98A1-2C92911546DC} | DhcpNameServer : 192.168.0.1 205.171.3.65 192.168.1.1 [-][uNITED STATES (US)][-] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED1C8129-E7DE-4081-9E47-A139674FD959} | DhcpNameServer : 192.168.0.1 205.171.3.65 192.168.1.1 [-][uNITED STATES (US)][-] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7BAE1ED5-3213-4E89-98A1-2C92911546DC} | DhcpNameServer : 192.168.0.1 205.171.3.65 192.168.1.1 [-][uNITED STATES (US)][-] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ED1C8129-E7DE-4081-9E47-A139674FD959} | DhcpNameServer : 192.168.0.1 205.171.3.65 192.168.1.1 [-][uNITED STATES (US)][-] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7BAE1ED5-3213-4E89-98A1-2C92911546DC} | DhcpNameServer : 192.168.0.1 205.171.3.65 192.168.1.1 [-][uNITED STATES (US)][-] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ED1C8129-E7DE-4081-9E47-A139674FD959} | DhcpNameServer : 192.168.0.1 205.171.3.65 192.168.1.1 [-][uNITED STATES (US)][-] -> Found ¤¤¤ Tasks : 1 ¤¤¤[suspicious.Path] \NCH Software\PrismSevenDays -- C:\Users\Justus\AppData\Roaming\NCH Software\Program Files\Prism\Prism.exe (-sevendays) -> Found ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD10 01FAES-60Z2A0 SATA Disk Device +++++--- User ---[MBR] d056d727486952dd7e9ee2a1d667add2[bSP] 47f27b763a8c381bd02383bff523862e : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: Seagate BUP Slim BK USB Device +++++--- User ---[MBR] fad7dd6e7038590c7bd3af798d19c678[bSP] 7afb6a2d7abb0cd0a2403fa481b12045 : Empty MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKError reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) ============================================RKreport_SCN_03162015_082859.log - RKreport_DEL_03162015_083204.log - RKreport_DEL_03162015_083215.log - RKreport_DEL_03162015_083231.logRKreport_SCN_03192015_074337.log - RKreport_DEL_03192015_074439.log - RKreport_SCN_04132015_084112.log - RKreport_DEL_04132015_084219.logRKreport_DEL_04132015_084302.log - RKreport_SCN_04132015_084614.log - RKreport_DEL_04132015_084645.log - RKreport_SCN_04262015_163900.logRKreport_DEL_04262015_163944.log - RKreport_SCN_05082015_121622.log - RKreport_SCN_05082015_124421.log - RKreport_DEL_05082015_124535.logRKreport_SCN_05082015_124642.log - RKreport_DEL_05082015_124650.log - RKreport_DEL_05082015_124712.log - RKreport_DEL_05082015_124731.logRKreport_SCN_05082015_145452.log - RKreport_DEL_05082015_145547.log - RKreport_SCN_05082015_150026.log - RKreport_SCN_05082015_150255.logRKreport_SCN_05122015_145232.log - RKreport_SCN_05122015_145432.log - RKreport_SCN_05122015_150201.log - RKreport_DEL_05122015_150336.logRKreport_SCN_05122015_150826.log - RKreport_SCN_05172015_055421.log - RKreport_SCN_05172015_060611.log
  14. Darn....I'm so sorry. I had it and forgot. Sorry. \\Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/16/2015Scan Time: 12:02:27 PMLogfile: malwarebutes scan incl. rootkits.txtAdministrator: Yes Version: 2.01.6.1022Malware Database: v2015.05.16.04Rootkit Database: v2015.05.14.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Enabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Feb28 Scan Type: Threat ScanResult: CompletedObjects Scanned: 379537Time Elapsed: 11 min, 26 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  15. Dear Kevin, thanks again.....I have made the suggested corrections. I hope. If at first you don't succeed.... FRST.txt Addition.txt
  16. Hello and thank you for your support. I am an advanced windows 7 user who has been trying to remove infections from my computer for too long. Recently a program called RogueKiller [paid MalwareBytes finds nothing] has found continuing infections with the ever present PUM.DNS causing increasing sluggish behavior on PC. My paid MalwareBytes finds nothing. Logs attached FRST.txt Addition.txt
  17. Thanks for a moment of your time. I am in desperate need of your help. Desperate because my computer, a 64 bit Windows Home Premium OS, HP Pavillion has been made a client machine on an unknown network admin's domain. I have done a couple years worth of investigation...learning a lot as I proceed. And I have narrowed the Hack to the exploitation of my WIRED router-in this case a Netgear WNR1000v2, but the brand is irrelevant-using a script I found that contains a reference to a program called Dnsmasq and something called MICROSOFT WINDOWS RALLY PROGRAM among others which I will include at the bottom of this text. On Netgear utility app called Genie [which denies me permission to Wireless, ReadyShare and parental controls] I try to enter a password that control,using I get a message that says " The server 192.168.0.1 at WebAdmin request a password which is not the standard PW or the one I created.. I logged on today using an ethernet cable from modem directly to my pc, but the the Netgear router [unplugged and disconnected] app called Genie indicates that I am passing through the router????????? I have lost control of my computer and have not yet been able to regain it due to a lack of knowledge regarding this open code written by someone else. Please help me understand how to remove this control from my PC. I would be so very grateful. . I tried to attach the wordpad doc that I copied from the Notepad Script but was unsuccesful. Contains many references to unknown programs. So here are some selected keywords: Binary or Source code */...bpalogin.sourceforge.net bridge.sourceforge.net/....busybox-1.4.2...dnsmasq-2.39...iptables-1.3.5 http://www.microsoft...iupnpd-20070127... ftp://ftp.samba.org/.......udhcp-0.9.8 wireless-tools-29.pre1...datalib...detcable..dni-ripd...dns-ipupdate...Oray...detwan...led-control...net-util...radvd...telnetenable...[ap91-hostapd]... hostapd...Atheros...BSD/GPL...ap91-madwifi-11n-scripts]... madwifi... wlanlog...ap91-wpatalk]...hostapd...Kernel Modules...Linux-2.6.15... ag7240-enet ag7240-gpio...ipv6-cone...netfilter...dnirtsp...ftp alg...pptp drv...netgear-rejec...urlblock....ap91-madwifi-11n.
  18. Dear Mr. or Mrs. Deity, I'd like to thank you again for your assistance. However, today I managed to somehow convince the HP Tech center to replace my hard drive. But to answer a previous question I had updates turned off to avoid suspicious updates that didn't not always apply to Windows 7. I had been using J &K flash drives to store anti virus and anti spyware because my registry would somehow manage to substitute an archived or fake program for almost every program I tried to store on C:. L Drive is the big external Iomega hard drive with over 200 gigs of music, videos, documents etc. I also have two mp3 players which have been connected to the current OS. And I am very concerned about each of them being capable of reinfecting my new operating system. I have thought about using a cloud storage service to clean my files as I upload them, and then download them safely to my new hard drive. But I am not sure if and where this might work. Any suggestions you might have would be greatly appreciated. I have my music backed up on discs. Are they safe? Can documents be infected? Can flash drives be infected and disinfected? I would really hate to sacrifice my80 did collection of music or that manuscript that I've been working on for five years. Thanks again for your generosity. Rosie
  19. My apologies....I forgot to turn on my external Iomega. Once more with feeling... . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by FuBar at 7:00:46 on 2011-09-20 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2659 [GMT -6:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k netsvcs C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe J:\Panda USB Vaccine\USBVaccine.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Bing Bar BHO TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [Advanced SystemCare 4] K:\Advanced SystemCare 4\ASCTray.exe mRun: [Malwarebytes' Anti-Malware] "C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Users\FuBar\iTunesHelper.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A29970E0-D3ED-4DE6-8CB5-71282643B122} : DhcpNameServer = 192.168.2.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Bing Bar BHO TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [Malwarebytes' Anti-Malware] "C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Users\FuBar\iTunesHelper.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\FuBar\AppData\Roaming\Mozilla\Firefox\Profiles\j1mra0hk.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\FuBar\Mozilla Plugins\npitunes.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 MBAMService;MBAMService;C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-14 366152] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-2 1119768] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 AdvancedSystemCareService;Advanced SystemCare Service;K:\Advanced SystemCare 4\ASCService.exe --> K:\Advanced SystemCare 4\ASCService.exe [?] S3 GSBootSvc;GSBootSvc;C:\Windows\System32\GSBootSvc.exe --> C:\Windows\System32\GSBootSvc.exe [?] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-09-19 16:51:10 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAA95210-E229-4E70-B743-B041D1F2287F}\mpengine.dll 2011-09-19 01:05:13 -------- d-sh--w- C:\$RECYCLE.BIN 2011-09-18 18:30:00 98816 ----a-w- C:\Windows\sed.exe 2011-09-18 18:30:00 518144 ----a-w- C:\Windows\SWREG.exe 2011-09-18 18:30:00 256000 ----a-w- C:\Windows\PEV.exe 2011-09-18 18:30:00 208896 ----a-w- C:\Windows\MBR.exe 2011-09-17 14:37:21 -------- d-----w- C:\Program Files\Iomega 2011-09-17 14:36:33 -------- d-----w- C:\Windows\Downloaded Installations 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2011-09-17 13:21:26 -------- d-----w- C:\Users\FuBar\AppData\Local\Apple 2011-09-17 13:21:04 -------- d-----w- C:\Program Files\Bonjour 2011-09-17 13:21:04 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-09-16 15:33:07 -------- d-----w- C:\Program Files (x86)\NCH Software 2011-09-16 15:33:04 -------- d-----w- C:\Users\FuBar\AppData\Roaming\NCH Software 2011-09-16 15:23:57 -------- d-----w- C:\Program Files (x86)\WMA To MP3 Encoder 2011-09-16 13:47:04 -------- d-----w- C:\Users\FuBar\AppData\Roaming\Roxio Log Files 2011-09-16 08:43:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-09-16 08:43:44 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-09-16 08:36:40 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-09-16 08:36:40 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-09-16 08:36:40 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-09-16 08:33:42 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-09-16 08:27:08 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll 2011-09-16 08:27:08 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll 2011-09-16 08:27:08 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll 2011-09-16 08:27:08 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll 2011-09-16 08:27:08 212992 ----a-w- C:\Windows\System32\odbctrac.dll 2011-09-16 08:27:08 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll 2011-09-16 08:27:08 163840 ----a-w- C:\Windows\System32\odbccp32.dll 2011-09-16 08:27:08 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll 2011-09-16 08:27:08 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll 2011-09-16 08:27:08 106496 ----a-w- C:\Windows\System32\odbccu32.dll 2011-09-16 08:27:08 106496 ----a-w- C:\Windows\System32\odbccr32.dll 2011-09-16 08:22:16 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-09-16 08:22:16 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-09-16 08:22:16 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-09-16 08:05:38 3134464 ----a-w- C:\Windows\System32\win32k.sys 2011-09-16 08:04:06 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-09-16 08:04:06 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-09-16 08:04:06 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-09-16 08:04:06 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-09-16 08:04:06 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-09-16 07:55:08 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2011-09-16 07:55:08 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2011-09-16 07:53:59 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-09-16 07:53:59 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-09-16 07:52:46 461312 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-09-16 07:52:46 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-09-16 07:52:46 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-09-16 07:51:42 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys 2011-09-16 07:50:58 499712 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-09-16 07:49:13 861184 ----a-w- C:\Windows\System32\oleaut32.dll 2011-09-16 07:49:13 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-09-16 07:35:25 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-09-16 07:35:25 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-09-16 07:33:57 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2011-09-16 07:33:14 142336 ----a-w- C:\Windows\System32\poqexec.exe 2011-09-16 07:33:14 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe 2011-09-16 07:30:10 662528 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-09-16 07:30:10 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-09-16 07:28:56 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2011-09-16 07:28:56 31232 ----a-w- C:\Windows\System32\prevhost.exe 2011-09-16 07:28:10 2870272 ----a-w- C:\Windows\explorer.exe 2011-09-16 07:28:10 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe 2011-09-16 07:26:16 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2011-09-16 07:26:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2011-09-16 07:26:16 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll 2011-09-16 07:24:53 612352 ----a-w- C:\Windows\System32\vbscript.dll 2011-09-16 07:24:53 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-09-16 07:22:49 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-09-16 07:22:49 367104 ----a-w- C:\Windows\System32\atmfd.dll 2011-09-16 07:22:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-09-16 07:22:49 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-09-16 07:20:39 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe 2011-09-16 07:19:05 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2011-09-16 07:17:53 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2011-09-16 07:17:53 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2011-09-16 07:17:53 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2011-09-16 07:17:53 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2011-09-16 07:15:45 640896 ----a-w- C:\Windows\System32\winload.efi 2011-09-16 07:15:45 603976 ----a-w- C:\Windows\System32\winload.exe 2011-09-16 07:15:45 556928 ----a-w- C:\Windows\System32\winresume.efi 2011-09-16 07:15:45 518160 ----a-w- C:\Windows\System32\winresume.exe 2011-09-16 07:15:45 20352 ----a-w- C:\Windows\System32\kdusb.dll 2011-09-16 07:15:45 19328 ----a-w- C:\Windows\System32\kd1394.dll 2011-09-16 07:15:45 17792 ----a-w- C:\Windows\System32\kdcom.dll 2011-09-16 06:57:26 -------- d-----w- C:\Windows\SysWow64\Wat 2011-09-16 06:57:26 -------- d-----w- C:\Windows\System32\Wat 2011-09-16 05:30:02 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-09-16 05:30:02 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-09-16 05:28:43 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-09-16 05:28:43 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-09-16 05:28:43 1540608 ----a-w- C:\Windows\System32\DWrite.dll 2011-09-16 05:28:43 1135104 ----a-w- C:\Windows\System32\FntCache.dll 2011-09-16 05:28:43 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-09-16 05:26:23 3138048 ----a-w- C:\Windows\System32\mstscax.dll 2011-09-16 05:26:23 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll 2011-09-16 05:26:23 1097216 ----a-w- C:\Windows\System32\mstsc.exe 2011-09-16 05:26:23 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe 2011-09-16 05:24:26 961024 ----a-w- C:\Windows\System32\CPFilters.dll 2011-09-16 05:24:26 850432 ----a-w- C:\Windows\SysWow64\sbe.dll 2011-09-16 05:24:26 723968 ----a-w- C:\Windows\System32\EncDec.dll 2011-09-16 05:24:26 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll 2011-09-16 05:24:26 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2011-09-16 05:24:26 259072 ----a-w- C:\Windows\System32\mpg2splt.ax 2011-09-16 05:24:26 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax 2011-09-16 05:24:26 1118720 ----a-w- C:\Windows\System32\sbe.dll 2011-09-16 05:21:29 1739176 ----a-w- C:\Windows\System32\ntdll.dll 2011-09-16 05:21:29 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll 2011-09-16 05:16:08 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2011-09-16 05:16:08 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll 2011-09-16 05:16:08 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2011-09-16 05:16:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2011-09-16 05:16:08 144384 ----a-w- C:\Windows\System32\cdd.dll 2011-09-16 05:16:07 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll 2011-09-16 05:16:07 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2011-09-16 05:16:07 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll 2011-09-16 05:16:07 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll 2011-09-16 05:16:07 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll 2011-09-16 05:16:06 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2011-09-16 05:10:54 367104 ----a-w- C:\Windows\System32\wcncsvc.dll 2011-09-16 05:10:54 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll 2011-09-16 05:03:04 714752 ----a-w- C:\Windows\System32\kerberos.dll 2011-09-16 05:03:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll 2011-09-16 05:01:23 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2011-09-16 05:01:23 720896 ----a-w- C:\Windows\System32\odbc32.dll 2011-09-16 05:01:23 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll 2011-09-16 05:01:23 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2011-09-16 05:01:23 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2011-09-16 05:01:23 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2011-09-16 05:01:23 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2011-09-16 05:01:23 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2011-09-16 05:01:23 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2011-09-16 05:01:23 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2011-09-16 04:58:41 112000 ----a-w- C:\Windows\System32\consent.exe 2011-09-16 04:58:01 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe 2011-09-16 04:58:01 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe 2011-09-16 04:58:01 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll 2011-09-16 04:56:59 395776 ----a-w- C:\Windows\System32\webio.dll 2011-09-16 04:56:59 314368 ----a-w- C:\Windows\SysWow64\webio.dll 2011-09-16 04:56:05 285696 ----a-w- C:\Windows\System32\schtasks.exe 2011-09-16 04:56:04 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2011-09-16 04:56:04 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll 2011-09-16 04:56:04 473600 ----a-w- C:\Windows\System32\taskcomp.dll 2011-09-16 04:56:04 464384 ----a-w- C:\Windows\System32\taskeng.exe 2011-09-16 04:56:04 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll 2011-09-16 04:56:04 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe 2011-09-16 04:56:04 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe 2011-09-16 04:56:04 1169408 ----a-w- C:\Windows\System32\taskschd.dll 2011-09-16 04:56:04 1114624 ----a-w- C:\Windows\System32\schedsvc.dll 2011-09-16 04:54:04 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2011-09-16 04:54:04 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll 2011-09-16 04:47:28 552960 ----a-w- C:\Windows\System32\msdri.dll 2011-09-16 04:47:28 288256 ----a-w- C:\Windows\System32\MSNP.ax 2011-09-16 04:47:28 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax 2011-09-16 04:34:26 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll 2011-09-16 04:34:26 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll 2011-09-16 04:34:26 48960 ----a-w- C:\Windows\System32\netfxperf.dll 2011-09-16 04:34:26 444752 ----a-w- C:\Windows\System32\mscoree.dll 2011-09-16 04:34:26 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll 2011-09-16 04:34:26 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe 2011-09-16 04:34:26 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2011-09-16 04:34:26 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2011-09-16 04:34:25 320352 ----a-w- C:\Windows\System32\PresentationHost.exe 2011-09-16 04:34:25 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll 2011-09-16 04:28:34 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll 2011-09-16 04:28:34 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll 2011-09-16 04:26:12 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2011-09-16 03:59:46 27992 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe 2011-09-16 03:59:46 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys 2011-09-16 03:59:16 -------- d-----w- C:\Program Files (x86)\IObit 2011-09-16 03:53:23 -------- d-----w- C:\Users\FuBar\AppData\Roaming\IObit 2011-09-10 20:09:27 -------- d-----w- C:\ProgramData\Panda Security 2011-09-10 13:44:12 -------- d-----w- C:\Users\FuBar\AppData\Roaming\hpqLog 2011-09-10 13:43:55 -------- d-----w- C:\System.sav 2011-09-10 00:04:35 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2011-09-10 00:04:35 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2011-09-10 00:04:35 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2011-09-10 00:04:35 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2011-09-10 00:04:34 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2011-09-09 14:16:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-08 13:34:52 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-09-08 13:34:51 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-09-08 13:34:51 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA56368D-31E8-485B-91DC-1D456081CA77}\gapaengine.dll 2011-09-07 21:26:01 -------- d-----w- C:\Users\FuBar\AppData\Local\Microsoft_Corporation 2011-09-07 19:45:20 -------- d-----w- C:\Users\FuBar\AppData\Local\HuluDesktop 2011-09-07 19:24:20 -------- d-----w- C:\Users\FuBar\AppData\Local\ElevatedDiagnostics 2011-09-07 14:20:12 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-09-07 13:48:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2011-09-07 13:48:30 -------- d-----w- C:\Program Files\Microsoft Security Client 2011-09-07 06:16:08 -------- d-----w- C:\perflogs 2011-09-07 06:10:54 -------- d-----w- C:\Users\FuBar\AppData\Local\Diagnostics 2011-09-06 15:35:35 -------- d-----w- C:\Windows\pss 2011-09-04 14:12:05 -------- d-----w- C:\Users\FuBar\AppData\Roaming\Malwarebytes 2011-09-04 14:11:53 -------- d-----w- C:\ProgramData\Malwarebytes 2011-09-04 14:11:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-09-04 14:11:49 -------- d-----w- C:\Users\FuBar\Malwarebytes' Anti-Malware 2011-09-03 17:28:41 -------- d-----w- C:\Users\FuBar\AppData\Local\Windows Live Writer 2011-09-03 13:16:04 -------- d-----w- C:\Windows\System32\drivers\NISx64\1206000.01D 2011-09-02 13:17:12 -------- d-----w- C:\Users\FuBar\AppData\Local\ATI 2011-09-02 13:16:10 -------- d-----w- C:\Users\FuBar\AppData\Local\PDFC 2011-09-02 13:15:53 -------- d-----w- C:\Users\FuBar\AppData\Local\VirtualStore 2011-09-02 13:15:40 -------- d-----w- C:\Users\FuBar\AppData\Local\RemEngine 2011-09-02 06:30:57 52224 ----a-w- C:\Windows\System32\rtutils.dll 2011-09-02 06:30:57 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll 2011-09-02 06:30:45 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll 2011-09-02 06:29:27 148992 ----a-w- C:\Windows\System32\t2embed.dll 2011-09-02 06:29:27 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll 2011-09-02 06:29:02 410504 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2011-09-02 06:29:02 27016 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2011-09-02 06:29:02 2566144 ----a-w- C:\Windows\System32\esent.dll 2011-09-02 06:29:02 187264 ----a-w- C:\Windows\System32\drivers\storport.sys 2011-09-02 06:29:02 1686016 ----a-w- C:\Windows\SysWow64\esent.dll 2011-09-02 06:29:02 166280 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2011-09-02 06:29:02 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2011-09-02 06:29:02 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2011-09-02 06:29:02 107912 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2011-09-02 06:27:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2011-09-02 06:27:16 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-09-02 06:27:16 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-09-02 06:27:16 1446912 ----a-w- C:\Windows\System32\lsasrv.dll 2011-09-02 06:25:52 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll 2011-09-02 06:25:52 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll 2011-09-02 06:25:40 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe 2011-09-02 06:25:40 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe 2011-09-02 06:25:40 2085376 ----a-w- C:\Windows\System32\ole32.dll 2011-09-02 06:25:40 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll 2011-09-02 06:25:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys 2011-09-02 06:23:34 220672 ----a-w- C:\Windows\System32\wintrust.dll 2011-09-02 06:23:34 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll 2011-09-02 06:22:18 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-09-02 06:22:18 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-09-02 06:22:03 389632 ----a-w- C:\Windows\System32\winlogon.exe 2011-09-02 06:21:50 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2011-09-02 06:21:50 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2011-09-02 06:21:14 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys 2011-09-02 06:19:59 311808 ----a-w- C:\Windows\System32\msv1_0.dll 2011-09-02 06:19:59 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2011-09-02 06:19:27 46592 ----a-w- C:\Windows\System32\msasn1.dll 2011-09-02 06:19:27 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll 2011-09-02 06:18:58 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll 2011-09-02 06:18:58 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll 2011-09-02 06:17:50 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2011-09-02 06:17:50 100864 ----a-w- C:\Windows\System32\fontsub.dll 2011-09-02 06:17:29 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll 2011-09-02 06:17:29 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll 2011-09-02 06:17:16 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2011-09-02 06:17:16 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2011-09-02 06:17:16 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2011-09-02 06:17:16 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2011-09-02 06:16:16 558592 ----a-w- C:\Windows\System32\spoolsv.exe 2011-09-02 06:16:05 9728 ----a-w- C:\Windows\SysWow64\sscore.dll 2011-09-02 06:16:05 236032 ----a-w- C:\Windows\System32\srvsvc.dll 2011-09-02 06:16:02 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2011-09-02 06:15:54 633856 ----a-w- C:\Windows\System32\comctl32.dll 2011-09-02 06:15:54 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll 2011-09-02 06:15:43 -------- d-----w- C:\Windows\System32\drivers\NISx64 2011-09-02 06:15:42 30088 ----a-w- C:\Windows\System32\drivers\msahci.sys 2011-09-02 06:15:42 155528 ----a-w- C:\Windows\System32\drivers\ataport.sys 2011-09-02 06:15:13 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll 2011-09-02 06:15:13 1024512 ----a-w- C:\Windows\System32\wmpmde.dll 2011-09-02 06:14:51 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-09-02 06:14:51 224256 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-09-02 06:14:33 -------- d-----w- C:\Windows\en 2011-09-02 06:13:32 -------- d-----w- C:\Windows\PCHEALTH 2011-09-02 06:13:11 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2011-09-02 06:13:11 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2011-09-02 06:13:11 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2011-09-02 06:13:11 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2011-09-02 06:13:08 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll 2011-09-02 06:13:08 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll 2011-09-02 06:11:18 -------- d-----w- C:\Program Files (x86)\Microsoft 2011-09-02 06:11:14 -------- d-----w- C:\Program Files (x86)\MSN Toolbar 2011-09-02 06:10:16 -------- d-----w- C:\Program Files (x86)\K-NFB Reading Technology Inc 2011-09-02 06:09:43 -------- d-----w- C:\Windows\PRIndex 2011-09-02 06:09:24 -------- d-----w- C:\Program Files (x86)\Zinio Reader 4 2011-09-02 06:07:34 -------- d---a-w- C:\Program Files (x86)\Common Files\LS Getting Started 2011-09-02 06:04:44 55296 ----a-w- C:\Windows\System32\coinst.dll 2011-09-02 06:02:54 -------- d-----w- C:\ProgramData\WildTangent 2011-09-02 06:02:46 -------- d-----w- C:\ProgramData\PictureMover 2011-09-02 06:02:45 -------- d-----w- C:\Program Files (x86)\PictureMover 2011-09-02 06:02:24 20120360 ----a-w- C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe 2011-09-02 06:02:24 -------- d-----r- C:\Program Files (x86)\Online Services 2011-09-02 06:02:18 19464 ----a-w- C:\Windows\System32\pdfc_port.dll 2011-09-02 06:02:17 -------- d-----w- C:\Program Files (x86)\PDF Complete 2011-09-02 06:02:08 -------- d-----w- C:\ProgramData\PDFC 2011-09-02 06:02:06 -------- d-----w- C:\ProgramData\Uninstall 2011-09-02 06:01:35 -------- d-----w- C:\Program Files (x86)\Microsoft WSE 2011-09-02 06:01:22 -------- d-----w- C:\ProgramData\RoxioNow 2011-09-02 06:01:12 -------- d-----w- C:\Program Files (x86)\Roxio 2011-09-02 05:51:16 253952 ----a-w- C:\Windows\SysWow64\cPC_DMIRD.dll 2011-09-02 05:49:57 -------- d-----w- C:\ProgramData\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF} 2011-09-02 05:49:38 -------- d-----w- C:\Program Files (x86)\Hp 2011-09-02 05:48:22 327008 ----a-w- C:\Windows\System32\RaCoInstx.dll 2011-09-02 05:48:22 1002848 ----a-w- C:\Windows\System32\drivers\netr28x.sys 2011-09-02 05:47:18 -------- d-----w- C:\Program Files\ATI 2011-09-02 05:47:17 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2011-09-02 05:45:57 -------- d-----w- C:\Program Files (x86)\Realtek 2011-09-02 05:45:56 1251944 ----a-w- C:\Windows\RtlExUpd.dll 2011-09-02 05:45:56 -------- d--h--w- C:\Program Files (x86)\Temp 2011-09-02 05:45:55 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2011-09-02 05:45:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2011-09-02 05:45:55 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2011-09-02 05:45:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2011-09-02 05:45:55 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2011-09-02 05:45:55 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2011-09-02 05:45:55 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2011-09-02 05:45:55 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2011-09-02 05:41:12 -------- d-----w- C:\Program Files\hp 2011-09-02 05:38:46 -------- d-sh--w- C:\Windows\Installer 2011-09-02 05:35:19 -------- d-----w- C:\Windows\SysWow64\RTCOM 2011-09-02 05:35:19 -------- d-----w- C:\Program Files\Realtek 2011-09-02 05:35:18 0 ----a-w- C:\Windows\ativpsrm.bin . ==================== Find3M ==================== . 2011-09-16 08:20:09 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-09-16 08:20:09 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-09-16 08:20:09 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-09-16 08:20:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-09-16 08:20:08 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-09-16 08:20:08 482816 ----a-w- C:\Windows\System32\html.iec 2011-09-16 08:20:08 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-09-16 08:20:08 1197056 ----a-w- C:\Windows\System32\wininet.dll 2011-09-16 05:09:30 442880 ----a-w- C:\Windows\System32\winhttp.dll 2011-09-16 04:52:56 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2011-09-16 04:52:56 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2011-09-02 06:20:11 91648 ----a-w- C:\Windows\SysWow64\avifil32.dll 2011-08-19 07:07:46 293736 ----a-w- C:\Users\FuBar\iTunesOutlookAddIn.dll 2011-08-19 07:07:38 421736 ----a-w- C:\Users\FuBar\iTunesHelper.exe 2011-08-19 07:07:38 168296 ----a-w- C:\Users\FuBar\iTunesHelper.dll 2011-08-19 07:07:36 403304 ----a-w- C:\Users\FuBar\iTunesAdmin.dll 2011-08-19 07:07:32 9777000 ----a-w- C:\Users\FuBar\iTunes.exe 2011-08-19 07:07:24 19664232 ----a-w- C:\Users\FuBar\iTunes.dll 2011-08-19 07:07:20 792424 ----a-w- C:\Users\FuBar\gnsdk_sdkmanager.dll 2011-08-19 07:07:20 276328 ----a-w- C:\Users\FuBar\gnsdk_submit.dll 2011-08-19 07:07:20 2742120 ----a-w- C:\Users\FuBar\gnsdk_dsp.dll 2011-08-19 07:07:20 198504 ----a-w- C:\Users\FuBar\gnsdk_musicid.dll 2011-07-29 07:10:20 111904 ----a-w- C:\Users\FuBar\ITDetector.ocx 2011-07-12 17:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-07-12 17:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-07-12 17:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-07-12 17:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-07-12 17:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-07-12 17:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-07-12 17:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-07-12 17:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll 2011-07-06 00:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-07-06 00:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 7:01:26.73 =============== Attach.zip
  20. As Always, thanks for your time and volunteerism...And now, the DDS . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by FuBar at 7:00:46 on 2011-09-20 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2659 [GMT -6:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k netsvcs C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe J:\Panda USB Vaccine\USBVaccine.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Bing Bar BHO TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [Advanced SystemCare 4] K:\Advanced SystemCare 4\ASCTray.exe mRun: [Malwarebytes' Anti-Malware] "C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Users\FuBar\iTunesHelper.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A29970E0-D3ED-4DE6-8CB5-71282643B122} : DhcpNameServer = 192.168.2.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Bing Bar BHO TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [Malwarebytes' Anti-Malware] "C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Users\FuBar\iTunesHelper.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\FuBar\AppData\Roaming\Mozilla\Firefox\Profiles\j1mra0hk.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\FuBar\Mozilla Plugins\npitunes.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 MBAMService;MBAMService;C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-14 366152] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-2 1119768] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 AdvancedSystemCareService;Advanced SystemCare Service;K:\Advanced SystemCare 4\ASCService.exe --> K:\Advanced SystemCare 4\ASCService.exe [?] S3 GSBootSvc;GSBootSvc;C:\Windows\System32\GSBootSvc.exe --> C:\Windows\System32\GSBootSvc.exe [?] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-09-19 16:51:10 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAA95210-E229-4E70-B743-B041D1F2287F}\mpengine.dll 2011-09-19 01:05:13 -------- d-sh--w- C:\$RECYCLE.BIN 2011-09-18 18:30:00 98816 ----a-w- C:\Windows\sed.exe 2011-09-18 18:30:00 518144 ----a-w- C:\Windows\SWREG.exe 2011-09-18 18:30:00 256000 ----a-w- C:\Windows\PEV.exe 2011-09-18 18:30:00 208896 ----a-w- C:\Windows\MBR.exe 2011-09-17 14:37:21 -------- d-----w- C:\Program Files\Iomega 2011-09-17 14:36:33 -------- d-----w- C:\Windows\Downloaded Installations 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2011-09-17 13:21:26 -------- d-----w- C:\Users\FuBar\AppData\Local\Apple 2011-09-17 13:21:04 -------- d-----w- C:\Program Files\Bonjour 2011-09-17 13:21:04 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-09-16 15:33:07 -------- d-----w- C:\Program Files (x86)\NCH Software 2011-09-16 15:33:04 -------- d-----w- C:\Users\FuBar\AppData\Roaming\NCH Software 2011-09-16 15:23:57 -------- d-----w- C:\Program Files (x86)\WMA To MP3 Encoder 2011-09-16 13:47:04 -------- d-----w- C:\Users\FuBar\AppData\Roaming\Roxio Log Files 2011-09-16 08:43:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-09-16 08:43:44 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-09-16 08:36:40 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-09-16 08:36:40 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-09-16 08:36:40 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-09-16 08:33:42 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-09-16 08:27:08 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll 2011-09-16 08:27:08 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll 2011-09-16 08:27:08 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll 2011-09-16 08:27:08 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll 2011-09-16 08:27:08 212992 ----a-w- C:\Windows\System32\odbctrac.dll 2011-09-16 08:27:08 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll 2011-09-16 08:27:08 163840 ----a-w- C:\Windows\System32\odbccp32.dll 2011-09-16 08:27:08 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll 2011-09-16 08:27:08 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll 2011-09-16 08:27:08 106496 ----a-w- C:\Windows\System32\odbccu32.dll 2011-09-16 08:27:08 106496 ----a-w- C:\Windows\System32\odbccr32.dll 2011-09-16 08:22:16 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-09-16 08:22:16 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-09-16 08:22:16 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-09-16 08:05:38 3134464 ----a-w- C:\Windows\System32\win32k.sys 2011-09-16 08:04:06 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-09-16 08:04:06 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-09-16 08:04:06 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-09-16 08:04:06 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-09-16 08:04:06 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-09-16 07:55:08 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2011-09-16 07:55:08 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2011-09-16 07:53:59 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-09-16 07:53:59 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-09-16 07:52:46 461312 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-09-16 07:52:46 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-09-16 07:52:46 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-09-16 07:51:42 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys 2011-09-16 07:50:58 499712 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-09-16 07:49:13 861184 ----a-w- C:\Windows\System32\oleaut32.dll 2011-09-16 07:49:13 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-09-16 07:35:25 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-09-16 07:35:25 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-09-16 07:33:57 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2011-09-16 07:33:14 142336 ----a-w- C:\Windows\System32\poqexec.exe 2011-09-16 07:33:14 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe 2011-09-16 07:30:10 662528 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-09-16 07:30:10 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-09-16 07:28:56 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2011-09-16 07:28:56 31232 ----a-w- C:\Windows\System32\prevhost.exe 2011-09-16 07:28:10 2870272 ----a-w- C:\Windows\explorer.exe 2011-09-16 07:28:10 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe 2011-09-16 07:26:16 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2011-09-16 07:26:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2011-09-16 07:26:16 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll 2011-09-16 07:24:53 612352 ----a-w- C:\Windows\System32\vbscript.dll 2011-09-16 07:24:53 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-09-16 07:22:49 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-09-16 07:22:49 367104 ----a-w- C:\Windows\System32\atmfd.dll 2011-09-16 07:22:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-09-16 07:22:49 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-09-16 07:20:39 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe 2011-09-16 07:19:05 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2011-09-16 07:17:53 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2011-09-16 07:17:53 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2011-09-16 07:17:53 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2011-09-16 07:17:53 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2011-09-16 07:15:45 640896 ----a-w- C:\Windows\System32\winload.efi 2011-09-16 07:15:45 603976 ----a-w- C:\Windows\System32\winload.exe 2011-09-16 07:15:45 556928 ----a-w- C:\Windows\System32\winresume.efi 2011-09-16 07:15:45 518160 ----a-w- C:\Windows\System32\winresume.exe 2011-09-16 07:15:45 20352 ----a-w- C:\Windows\System32\kdusb.dll 2011-09-16 07:15:45 19328 ----a-w- C:\Windows\System32\kd1394.dll 2011-09-16 07:15:45 17792 ----a-w- C:\Windows\System32\kdcom.dll 2011-09-16 06:57:26 -------- d-----w- C:\Windows\SysWow64\Wat 2011-09-16 06:57:26 -------- d-----w- C:\Windows\System32\Wat 2011-09-16 05:30:02 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-09-16 05:30:02 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-09-16 05:28:43 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-09-16 05:28:43 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-09-16 05:28:43 1540608 ----a-w- C:\Windows\System32\DWrite.dll 2011-09-16 05:28:43 1135104 ----a-w- C:\Windows\System32\FntCache.dll 2011-09-16 05:28:43 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-09-16 05:26:23 3138048 ----a-w- C:\Windows\System32\mstscax.dll 2011-09-16 05:26:23 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll 2011-09-16 05:26:23 1097216 ----a-w- C:\Windows\System32\mstsc.exe 2011-09-16 05:26:23 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe 2011-09-16 05:24:26 961024 ----a-w- C:\Windows\System32\CPFilters.dll 2011-09-16 05:24:26 850432 ----a-w- C:\Windows\SysWow64\sbe.dll 2011-09-16 05:24:26 723968 ----a-w- C:\Windows\System32\EncDec.dll 2011-09-16 05:24:26 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll 2011-09-16 05:24:26 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2011-09-16 05:24:26 259072 ----a-w- C:\Windows\System32\mpg2splt.ax 2011-09-16 05:24:26 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax 2011-09-16 05:24:26 1118720 ----a-w- C:\Windows\System32\sbe.dll 2011-09-16 05:21:29 1739176 ----a-w- C:\Windows\System32\ntdll.dll 2011-09-16 05:21:29 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll 2011-09-16 05:16:08 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2011-09-16 05:16:08 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll 2011-09-16 05:16:08 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2011-09-16 05:16:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2011-09-16 05:16:08 144384 ----a-w- C:\Windows\System32\cdd.dll 2011-09-16 05:16:07 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll 2011-09-16 05:16:07 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2011-09-16 05:16:07 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll 2011-09-16 05:16:07 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll 2011-09-16 05:16:07 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll 2011-09-16 05:16:06 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2011-09-16 05:10:54 367104 ----a-w- C:\Windows\System32\wcncsvc.dll 2011-09-16 05:10:54 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll 2011-09-16 05:03:04 714752 ----a-w- C:\Windows\System32\kerberos.dll 2011-09-16 05:03:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll 2011-09-16 05:01:23 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2011-09-16 05:01:23 720896 ----a-w- C:\Windows\System32\odbc32.dll 2011-09-16 05:01:23 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll 2011-09-16 05:01:23 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2011-09-16 05:01:23 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2011-09-16 05:01:23 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2011-09-16 05:01:23 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2011-09-16 05:01:23 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2011-09-16 05:01:23 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2011-09-16 05:01:23 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2011-09-16 04:58:41 112000 ----a-w- C:\Windows\System32\consent.exe 2011-09-16 04:58:01 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe 2011-09-16 04:58:01 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe 2011-09-16 04:58:01 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll 2011-09-16 04:56:59 395776 ----a-w- C:\Windows\System32\webio.dll 2011-09-16 04:56:59 314368 ----a-w- C:\Windows\SysWow64\webio.dll 2011-09-16 04:56:05 285696 ----a-w- C:\Windows\System32\schtasks.exe 2011-09-16 04:56:04 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2011-09-16 04:56:04 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll 2011-09-16 04:56:04 473600 ----a-w- C:\Windows\System32\taskcomp.dll 2011-09-16 04:56:04 464384 ----a-w- C:\Windows\System32\taskeng.exe 2011-09-16 04:56:04 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll 2011-09-16 04:56:04 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe 2011-09-16 04:56:04 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe 2011-09-16 04:56:04 1169408 ----a-w- C:\Windows\System32\taskschd.dll 2011-09-16 04:56:04 1114624 ----a-w- C:\Windows\System32\schedsvc.dll 2011-09-16 04:54:04 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2011-09-16 04:54:04 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll 2011-09-16 04:47:28 552960 ----a-w- C:\Windows\System32\msdri.dll 2011-09-16 04:47:28 288256 ----a-w- C:\Windows\System32\MSNP.ax 2011-09-16 04:47:28 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax 2011-09-16 04:34:26 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll 2011-09-16 04:34:26 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll 2011-09-16 04:34:26 48960 ----a-w- C:\Windows\System32\netfxperf.dll 2011-09-16 04:34:26 444752 ----a-w- C:\Windows\System32\mscoree.dll 2011-09-16 04:34:26 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll 2011-09-16 04:34:26 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe 2011-09-16 04:34:26 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2011-09-16 04:34:26 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2011-09-16 04:34:25 320352 ----a-w- C:\Windows\System32\PresentationHost.exe 2011-09-16 04:34:25 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll 2011-09-16 04:28:34 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll 2011-09-16 04:28:34 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll 2011-09-16 04:26:12 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2011-09-16 03:59:46 27992 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe 2011-09-16 03:59:46 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys 2011-09-16 03:59:16 -------- d-----w- C:\Program Files (x86)\IObit 2011-09-16 03:53:23 -------- d-----w- C:\Users\FuBar\AppData\Roaming\IObit 2011-09-10 20:09:27 -------- d-----w- C:\ProgramData\Panda Security 2011-09-10 13:44:12 -------- d-----w- C:\Users\FuBar\AppData\Roaming\hpqLog 2011-09-10 13:43:55 -------- d-----w- C:\System.sav 2011-09-10 00:04:35 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2011-09-10 00:04:35 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2011-09-10 00:04:35 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2011-09-10 00:04:35 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2011-09-10 00:04:34 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2011-09-09 14:16:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-08 13:34:52 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-09-08 13:34:51 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-09-08 13:34:51 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA56368D-31E8-485B-91DC-1D456081CA77}\gapaengine.dll 2011-09-07 21:26:01 -------- d-----w- C:\Users\FuBar\AppData\Local\Microsoft_Corporation 2011-09-07 19:45:20 -------- d-----w- C:\Users\FuBar\AppData\Local\HuluDesktop 2011-09-07 19:24:20 -------- d-----w- C:\Users\FuBar\AppData\Local\ElevatedDiagnostics 2011-09-07 14:20:12 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-09-07 13:48:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2011-09-07 13:48:30 -------- d-----w- C:\Program Files\Microsoft Security Client 2011-09-07 06:16:08 -------- d-----w- C:\perflogs 2011-09-07 06:10:54 -------- d-----w- C:\Users\FuBar\AppData\Local\Diagnostics 2011-09-06 15:35:35 -------- d-----w- C:\Windows\pss 2011-09-04 14:12:05 -------- d-----w- C:\Users\FuBar\AppData\Roaming\Malwarebytes 2011-09-04 14:11:53 -------- d-----w- C:\ProgramData\Malwarebytes 2011-09-04 14:11:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-09-04 14:11:49 -------- d-----w- C:\Users\FuBar\Malwarebytes' Anti-Malware 2011-09-03 17:28:41 -------- d-----w- C:\Users\FuBar\AppData\Local\Windows Live Writer 2011-09-03 13:16:04 -------- d-----w- C:\Windows\System32\drivers\NISx64\1206000.01D 2011-09-02 13:17:12 -------- d-----w- C:\Users\FuBar\AppData\Local\ATI 2011-09-02 13:16:10 -------- d-----w- C:\Users\FuBar\AppData\Local\PDFC 2011-09-02 13:15:53 -------- d-----w- C:\Users\FuBar\AppData\Local\VirtualStore 2011-09-02 13:15:40 -------- d-----w- C:\Users\FuBar\AppData\Local\RemEngine 2011-09-02 06:30:57 52224 ----a-w- C:\Windows\System32\rtutils.dll 2011-09-02 06:30:57 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll 2011-09-02 06:30:45 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll 2011-09-02 06:29:27 148992 ----a-w- C:\Windows\System32\t2embed.dll 2011-09-02 06:29:27 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll 2011-09-02 06:29:02 410504 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2011-09-02 06:29:02 27016 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2011-09-02 06:29:02 2566144 ----a-w- C:\Windows\System32\esent.dll 2011-09-02 06:29:02 187264 ----a-w- C:\Windows\System32\drivers\storport.sys 2011-09-02 06:29:02 1686016 ----a-w- C:\Windows\SysWow64\esent.dll 2011-09-02 06:29:02 166280 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2011-09-02 06:29:02 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2011-09-02 06:29:02 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2011-09-02 06:29:02 107912 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2011-09-02 06:27:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2011-09-02 06:27:16 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-09-02 06:27:16 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-09-02 06:27:16 1446912 ----a-w- C:\Windows\System32\lsasrv.dll 2011-09-02 06:25:52 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll 2011-09-02 06:25:52 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll 2011-09-02 06:25:40 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe 2011-09-02 06:25:40 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe 2011-09-02 06:25:40 2085376 ----a-w- C:\Windows\System32\ole32.dll 2011-09-02 06:25:40 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll 2011-09-02 06:25:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys 2011-09-02 06:23:34 220672 ----a-w- C:\Windows\System32\wintrust.dll 2011-09-02 06:23:34 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll 2011-09-02 06:22:18 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-09-02 06:22:18 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-09-02 06:22:03 389632 ----a-w- C:\Windows\System32\winlogon.exe 2011-09-02 06:21:50 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2011-09-02 06:21:50 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2011-09-02 06:21:14 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys 2011-09-02 06:19:59 311808 ----a-w- C:\Windows\System32\msv1_0.dll 2011-09-02 06:19:59 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2011-09-02 06:19:27 46592 ----a-w- C:\Windows\System32\msasn1.dll 2011-09-02 06:19:27 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll 2011-09-02 06:18:58 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll 2011-09-02 06:18:58 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll 2011-09-02 06:17:50 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2011-09-02 06:17:50 100864 ----a-w- C:\Windows\System32\fontsub.dll 2011-09-02 06:17:29 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll 2011-09-02 06:17:29 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll 2011-09-02 06:17:16 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2011-09-02 06:17:16 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2011-09-02 06:17:16 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2011-09-02 06:17:16 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2011-09-02 06:16:16 558592 ----a-w- C:\Windows\System32\spoolsv.exe 2011-09-02 06:16:05 9728 ----a-w- C:\Windows\SysWow64\sscore.dll 2011-09-02 06:16:05 236032 ----a-w- C:\Windows\System32\srvsvc.dll 2011-09-02 06:16:02 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2011-09-02 06:15:54 633856 ----a-w- C:\Windows\System32\comctl32.dll 2011-09-02 06:15:54 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll 2011-09-02 06:15:43 -------- d-----w- C:\Windows\System32\drivers\NISx64 2011-09-02 06:15:42 30088 ----a-w- C:\Windows\System32\drivers\msahci.sys 2011-09-02 06:15:42 155528 ----a-w- C:\Windows\System32\drivers\ataport.sys 2011-09-02 06:15:13 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll 2011-09-02 06:15:13 1024512 ----a-w- C:\Windows\System32\wmpmde.dll 2011-09-02 06:14:51 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-09-02 06:14:51 224256 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-09-02 06:14:33 -------- d-----w- C:\Windows\en 2011-09-02 06:13:32 -------- d-----w- C:\Windows\PCHEALTH 2011-09-02 06:13:11 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2011-09-02 06:13:11 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2011-09-02 06:13:11 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2011-09-02 06:13:11 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2011-09-02 06:13:08 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll 2011-09-02 06:13:08 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll 2011-09-02 06:11:18 -------- d-----w- C:\Program Files (x86)\Microsoft 2011-09-02 06:11:14 -------- d-----w- C:\Program Files (x86)\MSN Toolbar 2011-09-02 06:10:16 -------- d-----w- C:\Program Files (x86)\K-NFB Reading Technology Inc 2011-09-02 06:09:43 -------- d-----w- C:\Windows\PRIndex 2011-09-02 06:09:24 -------- d-----w- C:\Program Files (x86)\Zinio Reader 4 2011-09-02 06:07:34 -------- d---a-w- C:\Program Files (x86)\Common Files\LS Getting Started 2011-09-02 06:04:44 55296 ----a-w- C:\Windows\System32\coinst.dll 2011-09-02 06:02:54 -------- d-----w- C:\ProgramData\WildTangent 2011-09-02 06:02:46 -------- d-----w- C:\ProgramData\PictureMover 2011-09-02 06:02:45 -------- d-----w- C:\Program Files (x86)\PictureMover 2011-09-02 06:02:24 20120360 ----a-w- C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe 2011-09-02 06:02:24 -------- d-----r- C:\Program Files (x86)\Online Services 2011-09-02 06:02:18 19464 ----a-w- C:\Windows\System32\pdfc_port.dll 2011-09-02 06:02:17 -------- d-----w- C:\Program Files (x86)\PDF Complete 2011-09-02 06:02:08 -------- d-----w- C:\ProgramData\PDFC 2011-09-02 06:02:06 -------- d-----w- C:\ProgramData\Uninstall 2011-09-02 06:01:35 -------- d-----w- C:\Program Files (x86)\Microsoft WSE 2011-09-02 06:01:22 -------- d-----w- C:\ProgramData\RoxioNow 2011-09-02 06:01:12 -------- d-----w- C:\Program Files (x86)\Roxio 2011-09-02 05:51:16 253952 ----a-w- C:\Windows\SysWow64\cPC_DMIRD.dll 2011-09-02 05:49:57 -------- d-----w- C:\ProgramData\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF} 2011-09-02 05:49:38 -------- d-----w- C:\Program Files (x86)\Hp 2011-09-02 05:48:22 327008 ----a-w- C:\Windows\System32\RaCoInstx.dll 2011-09-02 05:48:22 1002848 ----a-w- C:\Windows\System32\drivers\netr28x.sys 2011-09-02 05:47:18 -------- d-----w- C:\Program Files\ATI 2011-09-02 05:47:17 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2011-09-02 05:45:57 -------- d-----w- C:\Program Files (x86)\Realtek 2011-09-02 05:45:56 1251944 ----a-w- C:\Windows\RtlExUpd.dll 2011-09-02 05:45:56 -------- d--h--w- C:\Program Files (x86)\Temp 2011-09-02 05:45:55 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2011-09-02 05:45:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2011-09-02 05:45:55 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2011-09-02 05:45:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2011-09-02 05:45:55 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2011-09-02 05:45:55 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2011-09-02 05:45:55 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2011-09-02 05:45:55 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2011-09-02 05:41:12 -------- d-----w- C:\Program Files\hp 2011-09-02 05:38:46 -------- d-sh--w- C:\Windows\Installer 2011-09-02 05:35:19 -------- d-----w- C:\Windows\SysWow64\RTCOM 2011-09-02 05:35:19 -------- d-----w- C:\Program Files\Realtek 2011-09-02 05:35:18 0 ----a-w- C:\Windows\ativpsrm.bin . ==================== Find3M ==================== . 2011-09-16 08:20:09 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-09-16 08:20:09 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-09-16 08:20:09 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-09-16 08:20:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-09-16 08:20:08 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-09-16 08:20:08 482816 ----a-w- C:\Windows\System32\html.iec 2011-09-16 08:20:08 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-09-16 08:20:08 1197056 ----a-w- C:\Windows\System32\wininet.dll 2011-09-16 05:09:30 442880 ----a-w- C:\Windows\System32\winhttp.dll 2011-09-16 04:52:56 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2011-09-16 04:52:56 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2011-09-02 06:20:11 91648 ----a-w- C:\Windows\SysWow64\avifil32.dll 2011-08-19 07:07:46 293736 ----a-w- C:\Users\FuBar\iTunesOutlookAddIn.dll 2011-08-19 07:07:38 421736 ----a-w- C:\Users\FuBar\iTunesHelper.exe 2011-08-19 07:07:38 168296 ----a-w- C:\Users\FuBar\iTunesHelper.dll 2011-08-19 07:07:36 403304 ----a-w- C:\Users\FuBar\iTunesAdmin.dll 2011-08-19 07:07:32 9777000 ----a-w- C:\Users\FuBar\iTunes.exe 2011-08-19 07:07:24 19664232 ----a-w- C:\Users\FuBar\iTunes.dll 2011-08-19 07:07:20 792424 ----a-w- C:\Users\FuBar\gnsdk_sdkmanager.dll 2011-08-19 07:07:20 276328 ----a-w- C:\Users\FuBar\gnsdk_submit.dll 2011-08-19 07:07:20 2742120 ----a-w- C:\Users\FuBar\gnsdk_dsp.dll 2011-08-19 07:07:20 198504 ----a-w- C:\Users\FuBar\gnsdk_musicid.dll 2011-07-29 07:10:20 111904 ----a-w- C:\Users\FuBar\ITDetector.ocx 2011-07-12 17:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-07-12 17:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-07-12 17:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-07-12 17:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-07-12 17:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-07-12 17:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-07-12 17:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-07-12 17:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll 2011-07-06 00:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-07-06 00:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 7:01:26.73 =============== Attach.zip
  21. Simple instructions for a simple mind. BTW, I thought I had disabled MBAM but it was already running when I rebooted. Thank you for your help. Here is the ComboFix log: ComboFix 11-09-18.01 - FuBar 09/18/2011 12:32:16.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.3000 [GMT -6:00] Running from: c:\users\FuBar\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . /wow section - STAGE 4 Access is denied. . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Thumbs.db c:\windows\SysWow64\comct332.ocx . . ((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 ))))))))))))))))))))))))))))))) . . 2011-09-18 18:53 . 2011-09-18 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-18 15:26 . 2011-08-12 03:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E80BEF99-32E7-43FF-A7EF-BCE59D739B45}\mpengine.dll 2011-09-18 12:22 . 2011-09-18 12:22 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-09-17 14:59 . 2011-09-17 14:59 -------- d-----w- c:\programdata\IObit 2011-09-17 14:37 . 2011-09-17 14:37 -------- d-----w- c:\program files\Iomega 2011-09-17 14:36 . 2011-09-17 14:36 -------- d-----w- c:\windows\Downloaded Installations 2011-09-17 13:28 . 2011-09-17 13:28 -------- dc----w- c:\windows\system32\DRVSTORE 2011-09-17 13:28 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-09-17 13:21 . 2011-09-17 13:21 -------- d-----w- c:\program files (x86)\QuickTime 2011-09-17 13:21 . 2011-09-17 13:21 -------- d-----w- c:\program files (x86)\Apple Software Update 2011-09-17 13:21 . 2011-09-17 13:21 -------- d-----w- c:\program files\Common Files\Apple 2011-09-17 13:21 . 2011-09-17 13:21 -------- d-----w- c:\program files\Bonjour 2011-09-17 13:21 . 2011-09-17 13:21 -------- d-----w- c:\program files (x86)\Bonjour 2011-09-17 13:20 . 2011-09-17 13:28 -------- d-----w- c:\program files (x86)\Common Files\Apple 2011-09-17 13:20 . 2011-09-17 13:20 -------- d-----w- c:\programdata\Apple 2011-09-16 15:33 . 2011-09-16 15:33 -------- d-----w- c:\programdata\NCH Software 2011-09-16 15:33 . 2011-09-16 15:33 -------- d-----w- c:\program files (x86)\NCH Software 2011-09-16 15:23 . 2011-09-16 15:23 -------- d-----w- c:\program files (x86)\WMA To MP3 Encoder 2011-09-16 08:43 . 2011-09-16 08:43 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-09-16 08:43 . 2011-09-16 08:43 2048 ----a-w- c:\windows\system32\tzres.dll 2011-09-16 08:36 . 2011-09-16 08:36 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-09-16 08:36 . 2011-09-16 08:36 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-09-16 08:36 . 2011-09-16 08:36 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-09-16 08:33 . 2011-09-16 08:33 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-09-16 08:27 . 2011-09-16 08:27 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll 2011-09-16 08:27 . 2011-09-16 08:27 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll 2011-09-16 08:27 . 2011-09-16 08:27 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll 2011-09-16 08:27 . 2011-09-16 08:27 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll 2011-09-16 08:27 . 2011-09-16 08:27 212992 ----a-w- c:\windows\system32\odbctrac.dll 2011-09-16 08:27 . 2011-09-16 08:27 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll 2011-09-16 08:27 . 2011-09-16 08:27 163840 ----a-w- c:\windows\system32\odbccp32.dll 2011-09-16 08:27 . 2011-09-16 08:27 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll 2011-09-16 08:27 . 2011-09-16 08:27 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll 2011-09-16 08:27 . 2011-09-16 08:27 106496 ----a-w- c:\windows\system32\odbccu32.dll 2011-09-16 08:27 . 2011-09-16 08:27 106496 ----a-w- c:\windows\system32\odbccr32.dll 2011-09-16 08:22 . 2011-09-16 08:22 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-09-16 08:22 . 2011-09-16 08:22 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-09-16 08:22 . 2011-09-16 08:22 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-09-16 08:05 . 2011-09-16 08:05 3134464 ----a-w- c:\windows\system32\win32k.sys 2011-09-16 08:04 . 2011-09-16 08:04 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-09-16 08:04 . 2011-09-16 08:04 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-09-16 08:04 . 2011-09-16 08:04 404992 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-09-16 08:04 . 2011-09-16 08:04 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2011-09-16 08:04 . 2011-09-16 08:04 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-09-16 07:55 . 2011-09-16 07:55 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2011-09-16 07:55 . 2011-09-16 07:55 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2011-09-16 07:53 . 2011-09-16 07:53 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-09-16 07:53 . 2011-09-16 07:53 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-09-16 07:52 . 2011-09-16 07:52 461312 ----a-w- c:\windows\system32\drivers\srv.sys 2011-09-16 07:52 . 2011-09-16 07:52 399872 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-09-16 07:52 . 2011-09-16 07:52 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-09-16 07:51 . 2011-09-16 07:51 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-09-16 07:50 . 2011-09-16 07:50 499712 ----a-w- c:\windows\system32\drivers\afd.sys 2011-09-16 07:49 . 2011-09-16 07:49 861184 ----a-w- c:\windows\system32\oleaut32.dll 2011-09-16 07:49 . 2011-09-16 07:49 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-09-16 07:35 . 2011-09-16 07:35 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-16 07:35 . 2011-09-16 07:35 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-09-16 07:33 . 2011-09-16 07:33 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-09-16 07:33 . 2011-09-16 07:33 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-09-16 07:33 . 2011-09-16 07:33 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2011-09-16 07:30 . 2011-09-16 07:30 662528 ----a-w- c:\windows\system32\XpsPrint.dll 2011-09-16 07:30 . 2011-09-16 07:30 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-09-16 07:28 . 2011-09-16 07:28 31232 ----a-w- c:\windows\SysWow64\prevhost.exe 2011-09-16 07:28 . 2011-09-16 07:28 31232 ----a-w- c:\windows\system32\prevhost.exe 2011-09-16 07:28 . 2011-09-16 07:28 2870272 ----a-w- c:\windows\explorer.exe 2011-09-16 07:28 . 2011-09-16 07:28 2614784 ----a-w- c:\windows\SysWow64\explorer.exe 2011-09-16 07:26 . 2011-09-16 07:26 30208 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-09-16 07:26 . 2011-09-16 07:26 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe 2011-09-16 07:26 . 2011-09-16 07:26 182272 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-09-16 07:24 . 2011-09-16 07:24 612352 ----a-w- c:\windows\system32\vbscript.dll 2011-09-16 07:24 . 2011-09-16 07:24 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-09-16 07:22 . 2011-09-16 07:22 46080 ----a-w- c:\windows\system32\atmlib.dll 2011-09-16 07:22 . 2011-09-16 07:22 367104 ----a-w- c:\windows\system32\atmfd.dll 2011-09-16 07:22 . 2011-09-16 07:22 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-09-16 07:22 . 2011-09-16 07:22 294912 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-09-16 07:20 . 2011-09-16 07:20 267776 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-09-16 07:19 . 2011-09-16 07:19 90624 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-09-16 07:17 . 2011-09-16 07:17 1395712 ----a-w- c:\windows\system32\mfc42.dll 2011-09-16 07:17 . 2011-09-16 07:17 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2011-09-16 07:17 . 2011-09-16 07:17 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll 2011-09-16 07:17 . 2011-09-16 07:17 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll 2011-09-16 07:15 . 2011-09-16 07:15 640896 ----a-w- c:\windows\system32\winload.efi 2011-09-16 07:15 . 2011-09-16 07:15 603976 ----a-w- c:\windows\system32\winload.exe 2011-09-16 07:15 . 2011-09-16 07:15 556928 ----a-w- c:\windows\system32\winresume.efi 2011-09-16 07:15 . 2011-09-16 07:15 518160 ----a-w- c:\windows\system32\winresume.exe 2011-09-16 07:15 . 2011-09-16 07:15 20352 ----a-w- c:\windows\system32\kdusb.dll 2011-09-16 07:15 . 2011-09-16 07:15 19328 ----a-w- c:\windows\system32\kd1394.dll 2011-09-16 07:15 . 2011-09-16 07:15 17792 ----a-w- c:\windows\system32\kdcom.dll 2011-09-16 06:57 . 2011-09-16 06:57 -------- d-----w- c:\windows\SysWow64\Wat 2011-09-16 06:57 . 2011-09-16 06:57 -------- d-----w- c:\windows\system32\Wat 2011-09-16 05:30 . 2011-09-16 05:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-09-16 05:30 . 2011-09-16 05:30 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2011-09-16 05:28 . 2011-09-16 05:28 902656 ----a-w- c:\windows\system32\d2d1.dll 2011-09-16 05:28 . 2011-09-16 05:28 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-09-16 05:28 . 2011-09-16 05:28 1540608 ----a-w- c:\windows\system32\DWrite.dll 2011-09-16 05:28 . 2011-09-16 05:28 1135104 ----a-w- c:\windows\system32\FntCache.dll 2011-09-16 05:28 . 2011-09-16 05:28 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-09-16 05:26 . 2011-09-16 05:26 3138048 ----a-w- c:\windows\system32\mstscax.dll 2011-09-16 05:26 . 2011-09-16 05:26 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll 2011-09-16 05:26 . 2011-09-16 05:26 1097216 ----a-w- c:\windows\system32\mstsc.exe 2011-09-16 05:26 . 2011-09-16 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe 2011-09-16 05:24 . 2011-09-16 05:24 961024 ----a-w- c:\windows\system32\CPFilters.dll 2011-09-16 05:24 . 2011-09-16 05:24 850432 ----a-w- c:\windows\SysWow64\sbe.dll 2011-09-16 05:24 . 2011-09-16 05:24 723968 ----a-w- c:\windows\system32\EncDec.dll 2011-09-16 05:24 . 2011-09-16 05:24 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2011-09-16 05:24 . 2011-09-16 05:24 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-09-16 05:24 . 2011-09-16 05:24 259072 ----a-w- c:\windows\system32\mpg2splt.ax 2011-09-16 05:24 . 2011-09-16 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2011-09-16 05:24 . 2011-09-16 05:24 1118720 ----a-w- c:\windows\system32\sbe.dll 2011-09-16 05:21 . 2011-09-16 05:21 1739176 ----a-w- c:\windows\system32\ntdll.dll 2011-09-16 05:21 . 2011-09-16 05:21 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll 2011-09-16 05:16 . 2011-09-16 05:16 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-09-16 05:16 . 2011-09-16 05:16 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-09-16 05:16 . 2011-09-16 05:16 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-09-16 05:16 . 2011-09-16 05:16 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2011-09-16 05:16 . 2011-09-16 05:16 144384 ----a-w- c:\windows\system32\cdd.dll 2011-09-16 05:16 . 2011-09-16 05:16 229888 ----a-w- c:\windows\system32\XpsRasterService.dll 2011-09-16 05:16 . 2011-09-16 05:16 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2011-09-16 05:16 . 2011-09-16 05:16 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll 2011-09-16 05:16 . 2011-09-16 05:16 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll 2011-09-16 05:16 . 2011-09-16 05:16 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll 2011-09-16 05:16 . 2011-09-16 05:16 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2011-09-16 05:10 . 2011-09-16 05:10 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2011-09-16 05:10 . 2011-09-16 05:10 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2011-09-16 05:03 . 2011-09-16 05:03 714752 ----a-w- c:\windows\system32\kerberos.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-16 08:25 . 2011-09-16 08:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-09-16 04:52 . 2011-09-16 04:52 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2011-09-16 04:52 . 2011-09-16 04:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2011-09-03 12:12 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-08-19 07:07 . 2011-08-19 07:07 293736 ----a-w- c:\users\FuBar\iTunesOutlookAddIn.dll 2011-08-19 07:07 . 2011-08-19 07:07 421736 ----a-w- c:\users\FuBar\iTunesHelper.exe 2011-08-19 07:07 . 2011-08-19 07:07 168296 ----a-w- c:\users\FuBar\iTunesHelper.dll 2011-08-19 07:07 . 2011-08-19 07:07 403304 ----a-w- c:\users\FuBar\iTunesAdmin.dll 2011-08-19 07:07 . 2011-08-19 07:07 9777000 ----a-w- c:\users\FuBar\iTunes.exe 2011-08-19 07:07 . 2011-08-19 07:07 19664232 ----a-w- c:\users\FuBar\iTunes.dll 2011-08-19 07:07 . 2011-08-19 07:07 792424 ----a-w- c:\users\FuBar\gnsdk_sdkmanager.dll 2011-08-19 07:07 . 2011-08-19 07:07 276328 ----a-w- c:\users\FuBar\gnsdk_submit.dll 2011-08-19 07:07 . 2011-08-19 07:07 2742120 ----a-w- c:\users\FuBar\gnsdk_dsp.dll 2011-08-19 07:07 . 2011-08-19 07:07 198504 ----a-w- c:\users\FuBar\gnsdk_musicid.dll 2011-07-29 07:10 . 2011-07-29 07:10 111904 ----a-w- c:\users\FuBar\ITDetector.ocx 2011-07-12 17:34 . 2011-07-12 17:34 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 17:34 . 2011-07-12 17:34 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 17:34 . 2011-07-12 17:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 17:34 . 2011-07-12 17:34 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-12 17:20 . 2011-07-12 17:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-07-12 17:20 . 2011-07-12 17:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-07-12 17:20 . 2011-07-12 17:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-07-12 17:20 . 2011-07-12 17:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-07-06 00:37 . 2011-07-06 00:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-07-06 00:37 . 2011-07-06 00:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 4"="k:\advanced systemcare 4\ASCTray.exe" [2011-08-09 417112] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 5471104] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888] "iTunesHelper"="c:\users\FuBar\iTunesHelper.exe" [2011-08-19 421736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GSBoot] @="Driver Group" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GSBootSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] R2 MBAMService;MBAMService;c:\users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] R3 GSBoot;GSBoot;c:\windows\system32\Drivers\GSBoot.sys [x] R3 GSBootSvc;GSBootSvc;c:\windows\System32\GSBootSvc.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 QPCopyEngine;QPCopyEngine;c:\program files\Iomega\QuikProtect\QpMonitor.exe [2010-06-24 394544] R3 QsFsFltr;QsFsFltr;c:\windows\system32\DRIVERS\QsFsFltr.sys [x] R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 33184] R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 21328] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-07-11 20336] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdvancedSystemCareService;Advanced SystemCare Service;k:\advanced systemcare 4\ASCService.exe [2011-08-09 328536] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-20 820568] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "QuiKProtect"="c:\program files\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\FuBar\AppData\Roaming\Mozilla\Firefox\Profiles\j1mra0hk.default\ FF - prefs.js: network.proxy.type - 0 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,a0,05,a1,dc,70,4d,49,87,c9,78,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,a0,05,a1,dc,70,4d,49,87,c9,78,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . k:\advanced systemcare 4\PMonitor.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe j:\panda usb vaccine\USBVaccine.exe . ************************************************************************** . Completion time: 2011-09-18 12:57:36 - machine was rebooted ComboFix-quarantined-files.txt 2011-09-18 18:57 . Pre-Run: 955,063,336,960 bytes free Post-Run: 954,826,727,424 bytes free . - - End Of File - - F46CA6A4B5B9AC6A9D09CA5EAEB6374D
  22. Hi, and THANK YOU SO MUCH for your assistance in resoving this longstanding infection. Since January of 2011 when I took my machine to an "authorized HP It guy, I have been trying to eradicate his presence by any means possible with little success. I took my Compag to an IT guy for cleaning and other minor issues in January and I believe he installed Symantec Endpoint Protection [without my permission, as an entry point into my system.Symantec Endpoint stopped working and restarted on its own and I mark that as the beginning of my 7 month odyssey. I also think he installed a wireless adapter card which went unnoticed until HP replaced my Compaq with this Pavillion which I now use. That was approximately three months ago but as soon as I connected and booted my external Iomega hard drive, my new computer was reinfected. The symptoms of this take over are too numerous too mention, but I will hit the highlights. I am convinced my computer was turned into a bot or at least used as a client computer on a virtual network because I am always on a group policy without certain administrative rights. When I allow updates [which I am not presently] I always receive updates for Windows Server 2008 R2 and I still have Hyper-V Client Migration files. I have reformatted BOTH computers between ten and fifteen times but never results in a clean wipe as several identifiable files always turn up as in A SYSTEM.SAV folder under C:. I have used almost every paid anti virus under the sun and have seen the registry substitute archive, inherently vulnerable instances of the same. Neither Malware Bytes Pro, nor Security Essentials or Norton 360 ever find anything. SuperAntiSpyware at least finds 150+cookies including ones called SQLITE In fact, knowing I could always reinstall all necessary files from my HP discs, I have gone to the registry and deleted everything that didn't look right in an effort to delete registry infection so that I could really do a format. But I discovered that the ons I really needed to delete...ie. 'user profiles' could not be deleted. I noticed that I have previously posted about this some months ago. My apologies but hardware failure and infections have prevented me from returning. I also apologize for accidentally posting the first half of this accidentally. Please help me do this right. I am rather desperate to regain control of my computer and peripherals. Ark.txt results in no text. Can't find 'Attach.txt". Probably a script blocker, but I don't know how to fix it. SORRY! Plus my apologies for the partial accidental posting that resulted from user incompetence. Thanks again for your support. First the Defogger Failure... defogger_disable by jpshortstuff (23.02.10.1) Log created at 08:54 on 04/09/2011 (FuBar) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- MBAM Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7715 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 9/14/2011 11:39:51 AM mbam-log-2011-09-14 (11-39-51).txt Scan type: Quick scan Objects scanned: 172793 Time elapsed: 1 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by FuBar at 11:41:47 on 2011-09-14 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2547 [GMT -6:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe J:\Panda USB Vaccine\USBVaccine.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Users\FuBar\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\explorer.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mWinlogon: Userinit=userinit.exe, BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun: [Malwarebytes' Anti-Malware] "C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A29970E0-D3ED-4DE6-8CB5-71282643B122} : DhcpNameServer = 192.168.2.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [Malwarebytes' Anti-Malware] "C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\FuBar\AppData\Roaming\Mozilla\Firefox\Profiles\j1mra0hk.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 SASDIFSV;SASDIFSV;C:\Users\FuBar\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Users\FuBar\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 MBAMService;MBAMService;C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-14 366152] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-2 1119768] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S3 GSBoot;GSBoot;C:\Windows\system32\Drivers\GSBoot.sys --> C:\Windows\system32\Drivers\GSBoot.sys [?] S3 GSBootSvc;GSBootSvc;C:\Windows\System32\GSBootSvc.exe --> C:\Windows\System32\GSBootSvc.exe [?] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] . =============== Created Last 30 ================ . 2011-09-14 14:42:36 709968 ----a-w- C:\Windows\isRS-000.tmp 2011-09-14 14:09:58 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3A23D437-3BC2-4F64-AB5C-06648C41D7CA}\mpengine.dll 2011-09-11 13:56:13 111168 ----a-r- C:\Windows\System32\GSBootSvc.exe 2011-09-11 13:54:22 -------- d-----w- C:\ProgramData\Geek Squad 2011-09-10 20:09:27 -------- d-----w- C:\ProgramData\Panda Security 2011-09-10 13:44:12 -------- d-----w- C:\Users\FuBar\AppData\Roaming\hpqLog 2011-09-10 13:43:55 -------- d--h--w- C:\System.sav 2011-09-10 13:43:44 -------- d-----w- C:\Users\FuBar\AppData\Roaming\WinBatch 2011-09-10 00:04:35 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2011-09-10 00:04:35 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2011-09-10 00:04:35 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2011-09-10 00:04:35 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2011-09-10 00:04:34 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2011-09-09 14:16:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-09 11:44:11 -------- d-----w- C:\Users\FuBar\AppData\Roaming\SUPERAntiSpyware.com 2011-09-09 11:44:11 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2011-09-08 13:34:52 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-09-08 13:34:51 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-09-08 13:34:51 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA56368D-31E8-485B-91DC-1D456081CA77}\gapaengine.dll 2011-09-07 21:26:01 -------- d-----w- C:\Users\FuBar\AppData\Local\Microsoft_Corporation 2011-09-07 19:45:20 -------- d-----w- C:\Users\FuBar\AppData\Local\HuluDesktop 2011-09-07 19:44:49 -------- d-----w- C:\Users\FuBar\AppData\Roaming\NewspaperDirect 2011-09-07 19:24:20 -------- d-----w- C:\Users\FuBar\AppData\Local\ElevatedDiagnostics 2011-09-07 14:20:12 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-09-07 13:48:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2011-09-07 13:48:30 -------- d-----w- C:\Program Files\Microsoft Security Client 2011-09-07 06:16:08 -------- d-----w- C:\perflogs 2011-09-07 06:10:54 -------- d-----w- C:\Users\FuBar\AppData\Local\Diagnostics 2011-09-06 15:35:35 -------- d-----w- C:\Windows\pss 2011-09-04 14:12:05 -------- d-----w- C:\Users\FuBar\AppData\Roaming\Malwarebytes 2011-09-04 14:11:53 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-09-04 14:11:53 -------- d-----w- C:\ProgramData\Malwarebytes 2011-09-04 14:11:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-09-04 14:11:49 -------- d-----w- C:\Users\FuBar\Malwarebytes' Anti-Malware 2011-09-03 17:28:43 -------- d-----w- C:\Users\FuBar\AppData\Roaming\Windows Live Writer 2011-09-03 17:28:41 -------- d-----w- C:\Users\FuBar\AppData\Local\Windows Live Writer 2011-09-03 13:36:29 -------- d-----w- C:\Users\FuBar\AppData\Roaming\HpUpdate 2011-09-03 13:16:04 -------- d-----w- C:\Windows\System32\drivers\NISx64\1206000.01D 2011-09-02 13:17:12 -------- d-----w- C:\Users\FuBar\AppData\Local\ATI 2011-09-02 13:17:10 -------- d-----w- C:\Users\FuBar\AppData\Roaming\PictureMover 2011-09-02 13:16:10 -------- d-----w- C:\Users\FuBar\AppData\Local\PDFC 2011-09-02 13:15:53 -------- d-----w- C:\Users\FuBar\AppData\Local\VirtualStore 2011-09-02 13:15:40 -------- d-----w- C:\Users\FuBar\AppData\Local\RemEngine 2011-09-02 06:30:57 52224 ----a-w- C:\Windows\System32\rtutils.dll 2011-09-02 06:30:57 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll 2011-09-02 06:30:45 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll 2011-09-02 06:28:49 3123712 ----a-w- C:\Windows\System32\win32k.sys 2011-09-02 06:28:36 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-09-02 06:28:36 3955080 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-09-02 06:28:36 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-09-02 06:28:09 612352 ----a-w- C:\Windows\System32\vbscript.dll 2011-09-02 06:28:09 427520 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-09-02 06:26:49 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-09-02 06:26:49 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-09-02 06:26:49 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-09-02 06:26:38 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-09-02 06:26:38 366080 ----a-w- C:\Windows\System32\atmfd.dll 2011-09-02 06:26:38 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-09-02 06:26:38 293888 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-09-02 06:25:52 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll 2011-09-02 06:25:52 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll 2011-09-02 06:25:40 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe 2011-09-02 06:25:40 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe 2011-09-02 06:25:40 2085376 ----a-w- C:\Windows\System32\ole32.dll 2011-09-02 06:25:40 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll 2011-09-02 06:25:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys 2011-09-02 06:23:55 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-09-02 06:23:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-09-02 06:23:44 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-09-02 06:23:44 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-09-02 06:23:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-09-02 06:23:44 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-09-02 06:23:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-09-02 06:23:34 220672 ----a-w- C:\Windows\System32\wintrust.dll 2011-09-02 06:23:34 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll 2011-09-02 06:22:18 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-09-02 06:22:18 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-09-02 06:22:03 389632 ----a-w- C:\Windows\System32\winlogon.exe 2011-09-02 06:22:03 2870272 ----a-w- C:\Windows\explorer.exe 2011-09-02 06:22:03 2614272 ----a-w- C:\Windows\SysWow64\explorer.exe 2011-09-02 06:21:50 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2011-09-02 06:21:50 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2011-09-02 06:21:14 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys 2011-09-02 06:19:59 311808 ----a-w- C:\Windows\System32\msv1_0.dll 2011-09-02 06:19:59 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2011-09-02 06:19:27 46592 ----a-w- C:\Windows\System32\msasn1.dll 2011-09-02 06:19:27 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll 2011-09-02 06:18:58 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll 2011-09-02 06:18:58 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll 2011-09-02 06:17:50 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2011-09-02 06:17:50 100864 ----a-w- C:\Windows\System32\fontsub.dll 2011-09-02 06:17:29 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll 2011-09-02 06:17:29 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll 2011-09-02 06:17:16 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2011-09-02 06:17:16 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2011-09-02 06:17:16 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2011-09-02 06:17:16 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2011-09-02 06:15:54 633856 ----a-w- C:\Windows\System32\comctl32.dll 2011-09-02 06:15:54 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll 2011-09-02 06:15:43 -------- d-----w- C:\Windows\System32\drivers\NISx64 2011-09-02 06:15:42 30088 ----a-w- C:\Windows\System32\drivers\msahci.sys 2011-09-02 06:15:42 155528 ----a-w- C:\Windows\System32\drivers\ataport.sys 2011-09-02 06:15:13 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll 2011-09-02 06:15:13 1024512 ----a-w- C:\Windows\System32\wmpmde.dll 2011-09-02 06:14:51 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-09-02 06:14:51 224256 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-09-02 06:14:33 -------- d-----w- C:\Windows\en 2011-09-02 06:12:58 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll 2011-09-02 06:11:18 -------- d-----w- C:\Program Files (x86)\Microsoft 2011-09-02 06:11:14 -------- d-----w- C:\Program Files (x86)\MSN Toolbar 2011-09-02 06:10:16 -------- d-----w- C:\Program Files (x86)\K-NFB Reading Technology Inc 2011-09-02 06:09:54 -------- d-----w- C:\Program Files (x86)\Kobo 2011-09-02 06:09:43 -------- d-----w- C:\Windows\PRIndex 2011-09-02 06:09:24 -------- d-----w- C:\Program Files (x86)\Zinio Reader 4 2011-09-02 06:07:34 -------- d---a-w- C:\Program Files (x86)\Common Files\LS Getting Started 2011-09-02 06:04:44 55296 ----a-w- C:\Windows\System32\coinst.dll 2011-09-02 06:02:59 -------- d-----w- C:\Program Files (x86)\HP Games 2011-09-02 06:02:54 -------- d-----w- C:\ProgramData\WildTangent 2011-09-02 06:02:46 -------- d-----w- C:\ProgramData\PictureMover 2011-09-02 06:02:45 -------- d-----w- C:\Program Files (x86)\PictureMover 2011-09-02 06:02:24 20120360 ----a-w- C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe 2011-09-02 06:02:24 -------- d-----r- C:\Program Files (x86)\Online Services 2011-09-02 06:02:18 19464 ----a-w- C:\Windows\System32\pdfc_port.dll 2011-09-02 06:02:17 -------- d-----w- C:\Program Files (x86)\PDF Complete 2011-09-02 06:02:08 -------- d-----w- C:\ProgramData\PDFC 2011-09-02 06:02:06 -------- d-----w- C:\ProgramData\Uninstall 2011-09-02 06:01:35 -------- d-----w- C:\Program Files (x86)\Microsoft WSE 2011-09-02 06:01:22 -------- d-----w- C:\ProgramData\RoxioNow 2011-09-02 06:01:12 -------- d-----w- C:\Program Files (x86)\Roxio 2011-09-02 05:51:16 253952 ----a-w- C:\Windows\SysWow64\cPC_DMIRD.dll 2011-09-02 05:49:57 -------- d-----w- C:\ProgramData\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF} 2011-09-02 05:49:38 -------- d-----w- C:\Program Files (x86)\Hp 2011-09-02 05:48:22 327008 ----a-w- C:\Windows\System32\RaCoInstx.dll 2011-09-02 05:48:22 1002848 ----a-w- C:\Windows\System32\drivers\netr28x.sys 2011-09-02 05:47:18 -------- d-----w- C:\Program Files\ATI 2011-09-02 05:47:17 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2011-09-02 05:45:57 -------- d-----w- C:\Program Files (x86)\Realtek 2011-09-02 05:45:56 1251944 ----a-w- C:\Windows\RtlExUpd.dll 2011-09-02 05:45:56 -------- d--h--w- C:\Program Files (x86)\Temp 2011-09-02 05:45:55 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2011-09-02 05:45:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2011-09-02 05:45:55 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2011-09-02 05:45:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2011-09-02 05:45:55 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2011-09-02 05:45:55 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2011-09-02 05:45:55 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2011-09-02 05:45:55 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2011-09-02 05:41:12 -------- d-----w- C:\Program Files\hp 2011-09-02 05:38:46 -------- d-sh--w- C:\Windows\Installer 2011-09-02 05:35:19 -------- d-----w- C:\Windows\SysWow64\RTCOM 2011-09-02 05:35:19 -------- d-----w- C:\Program Files\Realtek 2011-09-02 05:35:18 0 ----a-w- C:\Windows\ativpsrm.bin . ==================== Find3M ==================== . 2011-09-02 06:27:57 961024 ----a-w- C:\Windows\System32\CPFilters.dll 2011-09-02 06:27:57 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll 2011-09-02 06:27:57 552960 ----a-w- C:\Windows\System32\msdri.dll 2011-09-02 06:27:57 288256 ----a-w- C:\Windows\System32\MSNP.ax 2011-09-02 06:27:57 258560 ----a-w- C:\Windows\System32\mpg2splt.ax 2011-09-02 06:27:57 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax 2011-09-02 06:27:57 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax 2011-09-02 06:27:40 1736608 ----a-w- C:\Windows\System32\ntdll.dll 2011-09-02 06:27:40 1289528 ----a-w- C:\Windows\SysWow64\ntdll.dll 2011-09-02 06:27:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2011-09-02 06:27:16 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-09-02 06:27:16 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-09-02 06:27:16 1446912 ----a-w- C:\Windows\System32\lsasrv.dll 2011-09-02 06:23:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-09-02 06:16:42 978432 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-09-02 06:15:02 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2011-09-02 06:15:02 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2011-09-02 06:13:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-09-02 06:13:57 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-09-02 06:13:43 1877504 ----a-w- C:\Windows\System32\msxml3.dll 2011-09-02 06:13:43 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll 2011-09-02 06:13:33 982600 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2011-09-02 06:13:33 144384 ----a-w- C:\Windows\System32\cdd.dll . ============= FINISH: 11:42:12.15 ===============
  23. Hi, and THANK YOU SO MUCH for your assistance in resoving this longstanding infection. Since January of 2011 when I took my machine to an "authorized HP It guy, I have been trying to eradicate his presence by any means possible with little success. I took my Compag to an IT guy for cleaning and other minor issues in January and I believe he installed Symantec Endpoint Protection [without my permission, as an entrypoint into my system. I also think he installed a wireless adapter card which went unnoticed until HP replaced my Compaq with this Pavillion which I now use. That was approximately three months ago but as soon as I connected and booted my external Iomega hard drive, my new computer was reinfected. The symptoms of this take over are too numerous too mention, but I will hit the highlights. I am convinced my computer was turned into a bot or at least used as a client computer on a virtual network because I am always on a group policy without certain administrative rights. When I allow updates [which I am not presently] I always receive updates for Windows Server 2008 R2 and I still have Hyper-V Client Migration files. I have reformatted BOTH computers between ten and fifteen times but never reults in a clean wipe as several identifiable files always turn up as in A SYSTEM.SAV folder under C:. I have used almost every paid anti virus under the sun and have seen the registry substitute archive, inherently vulnerable instances of the same. Neither Malware Bytes Pro, nor Security Essentials or Norton 360 ever find anything. SuperAntiSpyware at least finds 150+cookies including ones called SQLITE In fact, knowing I could always reinstall all necessary files from my HP discs, I have gone to the registry and deleted everything that didn't look right in an effort to delete registry infection so that I could really do a format. But I discovered that the ons I really needed to delete...ie. 'user profiles' could not be deleted
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.