Jump to content

Recommended Posts

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33

Run by user at 11:49:57 on 2012-08-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8150.6081 [GMT 10:00]

.

AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\splwow64.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.smh.com.au/

uSearch Bar = Preserve

mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’&barid={FA9DCDB2-C719-11E1-97D9-8C89A57C9312}

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

mRun: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"

mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5D0811D1-5ACF-4419-932C-2B1341B16021} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{F593D424-A03E-4603-8C93-ECA27F6CF897} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

BHO-X64: SWEETIE - No File

TB-X64: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

mRun-x64: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"

mRun-x64: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o7dadfa8.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - SweetIM Search

FF - prefs.js: browser.startup.homepage - hxxp://www.smh.com.au/|http://www.brisbanetimes.com.au/?gclid=CJ3ItfnL77ACFUyHpAod9S6nuw|http://www.abc.net.au/news/?WT.svl=news

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10005&q=

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS [?]

R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\N360x64\0308000.029\BHDrvx64.sys --> C:\Windows\system32\Drivers\N360x64\0308000.029\BHDrvx64.sys [?]

R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\N360x64\0308000.029\ccHPx64.sys --> C:\Windows\system32\Drivers\N360x64\0308000.029\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120710.001\IDSviA64.sys [2012-7-10 509088]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-30 655944]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2012-7-11 117640]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-18 2656536]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\N360x64\0308000.029\SYMNDISV.SYS --> C:\Windows\system32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-3 257696]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-3 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-02 01:39:08 -------- d-----w- C:\Users\user\AppData\Local\{E644B044-EB6E-43FB-A2C8-A32227224689}

2012-08-02 01:38:57 -------- d-----w- C:\Users\user\AppData\Local\{211E1806-DAC1-481D-9FC5-1C3EC8C9568F}

2012-08-01 11:26:26 -------- d-----w- C:\Users\user\AppData\Local\{68D4BBD5-AB8B-436C-9A7B-95D30229242A}

2012-08-01 11:26:15 -------- d-----w- C:\Users\user\AppData\Local\{E44693BB-FA77-4B42-8D33-F9ACDC95AB00}

2012-08-01 00:00:01 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-07-31 23:36:02 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-07-31 23:36:00 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19723469-2A81-4D64-9F49-55B6720AE787}\mpengine.dll

2012-07-31 23:25:52 -------- d-----w- C:\Users\user\AppData\Local\{AFFF6090-2366-4050-9403-39083FE2BAF8}

2012-07-31 23:25:41 -------- d-----w- C:\Users\user\AppData\Local\{90EF65B8-BECF-42F5-A552-81BD0A3E6774}

2012-07-31 01:50:40 -------- d-----w- C:\Users\user\AppData\Local\{5447EC19-9D52-49D9-8ADB-C1F5FCD9335A}

2012-07-31 01:50:29 -------- d-----w- C:\Users\user\AppData\Local\{82F08354-4277-400F-A1B5-6E2E33D0A6F8}

2012-07-30 12:45:45 -------- d-----w- C:\Users\user\AppData\Local\{04BEA6B6-DD50-4598-BD95-4A8ABAA08314}

2012-07-30 12:45:34 -------- d-----w- C:\Users\user\AppData\Local\{EF9E695E-234B-498A-98D1-96B473DC4D5C}

2012-07-30 08:07:58 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes

2012-07-30 08:07:53 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-30 08:07:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-30 08:07:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-29 22:04:06 -------- d-----w- C:\Users\user\AppData\Local\{70530222-2FE9-4F2F-B680-C09023AEEF95}

2012-07-29 22:03:56 -------- d-----w- C:\Users\user\AppData\Local\{562D8565-0EC9-4D3A-85ED-E79E79A688BC}

2012-07-29 08:52:44 -------- d-----w- C:\Users\user\AppData\Local\{59A5BAB2-7F6F-448B-9E7D-4AB588FB7AE8}

2012-07-29 08:52:33 -------- d-----w- C:\Users\user\AppData\Local\{7D007EBB-3D38-4658-BADD-2447BD9CA00A}

2012-07-28 22:21:33 -------- d-----w- C:\Users\user\AppData\Local\{36467903-3944-41F9-8E49-E67175F08CA6}

2012-07-28 22:21:23 -------- d-----w- C:\Users\user\AppData\Local\{64664D35-CFEF-4DAB-B553-9FCB08B7AA48}

2012-07-28 00:08:46 -------- d-----w- C:\Users\user\AppData\Local\{7CC6756C-BC53-48BA-A546-08AA73317F91}

2012-07-28 00:08:36 -------- d-----w- C:\Users\user\AppData\Local\{44D699E0-85F2-48B4-BA4F-4D45BC4C6F29}

2012-07-27 19:29:10 -------- d-----w- C:\Users\user\AppData\Local\{4614A3B5-64A4-417E-9879-45B2CB02BBFC}

2012-07-27 19:29:00 -------- d-----w- C:\Users\user\AppData\Local\{7FB5E491-BF5D-4D03-8970-D2C7CAEF1A18}

2012-07-27 00:15:37 -------- d-----w- C:\Users\user\AppData\Local\{01308563-2CCF-4E22-842F-F01B590EA8F3}

2012-07-27 00:15:27 -------- d-----w- C:\Users\user\AppData\Local\{1D711E81-5676-4D9C-BBE4-3A81E2CE38A6}

2012-07-26 04:04:48 -------- d-----w- C:\Users\user\AppData\Roaming\SpeedMaxPc

2012-07-26 04:04:48 -------- d-----w- C:\Users\user\AppData\Roaming\DriverCure

2012-07-26 04:04:40 -------- d-----w- C:\ProgramData\SpeedMaxPc

2012-07-26 03:50:35 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-07-26 03:50:35 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-07-26 02:04:23 -------- d-----w- C:\Users\user\AppData\Local\{DF8E8FF7-D222-4DB0-ADF5-F13DF4FCEE25}

2012-07-26 02:04:13 -------- d-----w- C:\Users\user\AppData\Local\{3F6B9603-F627-49CF-9361-BB52FE2A7FB0}

2012-07-25 11:19:02 -------- d-----w- C:\Users\user\AppData\Local\{8B024990-8909-443A-B8B1-1847D619F307}

2012-07-25 11:18:52 -------- d-----w- C:\Users\user\AppData\Local\{C683D269-4999-40D5-8C82-227400618FEC}

2012-07-25 07:15:12 -------- d-----r- C:\Program Files (x86)\Skype

2012-07-24 22:42:43 -------- d-----w- C:\Users\user\AppData\Local\{AB844C5A-19B1-459F-994D-1156D290C0CF}

2012-07-24 22:42:33 -------- d-----w- C:\Users\user\AppData\Local\{B20273C4-E030-4024-8768-A9AEC87BF2B2}

2012-07-24 01:27:40 -------- d-----w- C:\Users\user\AppData\Local\{D922892D-2DB7-4764-A859-EA4DAD6FC67F}

2012-07-24 01:27:30 -------- d-----w- C:\Users\user\AppData\Local\{4C5CA308-77B3-4839-82AE-574513F5C25C}

2012-07-23 12:47:36 -------- d-----w- C:\Users\user\AppData\Local\{1D35A7F6-6B32-43AC-AC15-03E6C404C6AE}

2012-07-23 12:47:25 -------- d-----w- C:\Users\user\AppData\Local\{A75047D6-7FAC-4DE9-B88E-D13B573D540F}

2012-07-22 22:16:29 -------- d-----w- C:\Users\user\AppData\Local\{6CCEECF1-8B30-4000-AD34-45D372610C96}

2012-07-22 22:16:18 -------- d-----w- C:\Users\user\AppData\Local\{BF855C68-27E6-4D90-A309-804D90314E78}

2012-07-22 02:35:37 -------- d-----w- C:\Users\user\AppData\Local\{68F1BA1F-68F4-44DD-B9E3-0A67CA5B7058}

2012-07-22 02:35:27 -------- d-----w- C:\Users\user\AppData\Local\{2634FE2C-8C5B-4005-8B51-518214610499}

2012-07-21 10:54:09 -------- d-----w- C:\Users\user\AppData\Local\{1C0A3556-2059-4155-B1F0-DC24D21570DB}

2012-07-21 10:53:58 -------- d-----w- C:\Users\user\AppData\Local\{E7E20337-E464-465F-9C2C-480C534FC435}

2012-07-20 21:51:46 -------- d-----w- C:\Users\user\AppData\Local\{95D0C43B-365F-450C-9B7F-8F2C3020AB40}

2012-07-20 21:51:36 -------- d-----w- C:\Users\user\AppData\Local\{0B54C053-6423-4E6F-AEF1-B73E8F1C55E0}

2012-07-20 11:07:56 -------- d-----w- C:\Program Files (x86)\NCH Software

2012-07-20 11:07:53 -------- d-----w- C:\Users\user\AppData\Roaming\NCH Software

2012-07-20 03:41:31 -------- d-----w- C:\Users\user\AppData\Roaming\Wondershare Video Converter Ultimate

2012-07-20 03:41:26 -------- d-----w- C:\Users\user\AppData\Local\Wondershare

2012-07-20 03:41:26 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare

2012-07-20 03:41:19 892928 ----a-w- C:\Windows\SysWow64\iconv.dll

2012-07-20 03:41:19 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax

2012-07-20 03:41:19 496640 ----a-w- C:\Windows\SysWow64\xvid.ax

2012-07-20 03:41:16 -------- d-----w- C:\Program Files (x86)\Wondershare

2012-07-20 02:42:27 -------- d-----w- C:\Users\user\AppData\Local\{F8E04AFC-4CDF-4AC5-A502-409A47ECE23D}

2012-07-20 02:42:16 -------- d-----w- C:\Users\user\AppData\Local\{DFCC997B-5422-4C9A-9CBE-ED6697696B99}

2012-07-20 01:58:23 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{24A484A3-EF28-4097-A584-09BFA6595BF2}\mpengine.dll

2012-07-20 01:14:06 -------- d-----w- C:\Users\user\AppData\Roaming\WinFF

2012-07-20 01:14:04 -------- d-----w- C:\Program Files (x86)\WinFF

2012-07-20 00:15:36 -------- d-----w- C:\Users\user\AppData\Local\{5DA24A53-E1F5-421F-94D6-B5AD19BB77A1}

2012-07-20 00:15:25 -------- d-----w- C:\Users\user\AppData\Local\{BD706DC0-F159-4C7E-AAEE-B89586C6189B}

2012-07-19 11:10:58 -------- d-----w- C:\Users\user\AppData\Local\{579399C4-4C83-4967-84C5-99F4E920AA52}

2012-07-19 11:10:47 -------- d-----w- C:\Users\user\AppData\Local\{38556939-90D0-4364-B7C1-E777BB462AFD}

2012-07-18 22:00:55 -------- d-----w- C:\Users\user\AppData\Local\{20AE13A5-D146-4725-AFDA-B51DE071310C}

2012-07-18 22:00:44 -------- d-----w- C:\Users\user\AppData\Local\{12F87AD0-6E5A-4069-8765-01054DD61511}

2012-07-18 00:23:39 -------- d-----w- C:\Users\user\AppData\Local\{4BA929D7-5D83-4B1A-ACF5-0A4C4655C054}

2012-07-18 00:23:29 -------- d-----w- C:\Users\user\AppData\Local\{998B9529-0F15-4420-9A3A-BEEC7D08A8F0}

2012-07-17 03:23:56 -------- d-----w- C:\Users\user\AppData\Local\{D48ED45B-7AD8-483D-98F6-8D14E7FC89EA}

2012-07-17 03:23:45 -------- d-----w- C:\Users\user\AppData\Local\{18EDC849-719B-40AD-AE24-E645EC6ABFA3}

2012-07-17 01:39:59 -------- d-----w- C:\Users\user\AppData\Local\{5BBDD7DF-798F-465F-BD89-EDAEE8384DBB}

2012-07-16 21:29:46 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-16 06:36:11 -------- d-----w- C:\Users\user\AppData\Local\{8FC84CFE-223B-4F8B-B8A5-410ADDA54B68}

2012-07-16 06:36:00 -------- d-----w- C:\Users\user\AppData\Local\{41ABE075-8E69-467F-8FEE-F58554C02650}

2012-07-16 04:18:31 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-07-16 04:18:31 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-07-16 04:18:31 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-07-16 03:28:31 -------- d-----w- C:\Program Files (x86)\Convar

2012-07-16 03:07:19 -------- d-----w- C:\Users\user\AppData\Local\{69589E90-7020-4132-83ED-BD627BA60A95}

2012-07-15 13:37:04 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-15 12:54:49 -------- d-----w- C:\Users\user\AppData\Local\{A57FE3F9-9D0C-4180-9F31-C04CD05D04DA}

2012-07-15 12:54:38 -------- d-----w- C:\Users\user\AppData\Local\{B20490E7-6396-413C-BA22-FAEB728AC311}

2012-07-15 12:54:38 -------- d-----w- C:\Users\user\AppData\Local\{0DFAC95B-0D50-468B-9F7E-7269BCA296B4}

2012-07-15 12:24:39 -------- d-----w- C:\Users\user\AppData\Local\{B6991750-AA3E-4C59-BA3F-392B56C4C310}

2012-07-15 12:24:28 -------- d-----w- C:\Users\user\AppData\Local\{A50E2868-0D47-47BE-BCDE-FDA3327AB727}

2012-07-14 22:51:32 -------- d-----w- C:\Users\user\AppData\Local\{BB107D81-B9DA-4488-B349-19C4EE63F7D1}

2012-07-14 22:51:21 -------- d-----w- C:\Users\user\AppData\Local\{61208B4E-6B2B-4CF1-B753-5CA331C50551}

2012-07-14 00:52:16 -------- d-----w- C:\Users\user\AppData\Local\{20BCF21C-1C86-4AEB-889B-FD0E5F0D12F7}

2012-07-14 00:52:04 -------- d-----w- C:\Users\user\AppData\Local\{D62FC15E-8CAE-4BE5-BB4F-9A6810812770}

2012-07-14 00:52:04 -------- d-----w- C:\Users\user\AppData\Local\{02996222-0F56-4215-8058-0FDCC25ACEEE}

2012-07-13 23:09:03 -------- d-----w- C:\Users\user\PDF Documents

2012-07-13 11:44:19 -------- d-----w- C:\Users\user\AppData\Local\{712D84D5-4DA8-4DF4-BD16-EA361B133E64}

2012-07-13 11:44:08 -------- d-----w- C:\Users\user\AppData\Local\{02090D48-A1CE-4F57-A478-46C7EB3170C1}

2012-07-12 23:02:22 -------- d-----w- C:\Users\user\AppData\Local\{84AE7E9E-EFAA-4A19-B1A7-1BDA3C623711}

2012-07-12 23:02:12 -------- d-----w- C:\Users\user\AppData\Local\{53E5010A-C4A3-4B33-BBF9-3A1C90D55829}

2012-07-12 11:01:45 -------- d-----w- C:\Users\user\AppData\Local\{07D022D3-FC69-4248-949B-60C97244C7E6}

2012-07-12 11:01:34 -------- d-----w- C:\Users\user\AppData\Local\{6E8F1012-09E5-469C-824D-3F2F5F4C794B}

2012-07-11 23:01:08 -------- d-----w- C:\Users\user\AppData\Local\{8BE5CA59-1A9F-4096-9FBE-4CB9DC94B4A3}

2012-07-11 23:00:57 -------- d-----w- C:\Users\user\AppData\Local\{F8C77D7D-118A-4F88-B54B-D8F1F8D048A7}

2012-07-11 22:11:38 -------- d-----w- C:\ProgramData\Symantec

2012-07-11 11:28:21 -------- d-----w- C:\Users\user\AppData\Roaming\Windows Live Writer

2012-07-11 11:28:21 -------- d-----w- C:\Users\user\AppData\Local\Windows Live Writer

2012-07-11 11:00:32 -------- d-----w- C:\Users\user\AppData\Local\{77143638-0AC1-4F5A-8F9C-56516C8969E3}

2012-07-11 11:00:06 -------- d-----w- C:\Users\user\AppData\Local\{B164D511-4100-46EE-9285-F388901A062D}

2012-07-11 10:59:55 -------- d-----w- C:\Users\user\AppData\Local\{CE706BB8-8417-4B08-875F-A59E0465AC10}

2012-07-11 10:58:31 -------- d-----w- C:\Windows\en

2012-07-11 10:53:48 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2012-07-11 10:53:48 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2012-07-11 10:53:46 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2012-07-11 10:53:46 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-07-11 10:46:37 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6fc7ca7e1cd5f5205\DSETUP.dll

2012-07-11 10:46:37 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6fc7ca7e1cd5f5205\DXSETUP.exe

2012-07-11 10:46:37 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6fc7ca7e1cd5f5205\dsetup32.dll

2012-07-11 10:46:31 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6a57a6eb1cd5f5204\DXSETUP.exe

2012-07-11 10:46:31 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6a57a6eb1cd5f5204\dsetup32.dll

2012-07-11 10:46:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6a57a6eb1cd5f5204\DSETUP.dll

2012-07-11 10:45:50 -------- d-----w- C:\Users\user\AppData\Local\Windows Live

2012-07-11 08:29:28 583296 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\cchpx64.sys

2012-07-11 08:29:28 56880 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\symndisv.sys

2012-07-11 08:29:28 476720 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\srtsp64.sys

2012-07-11 08:29:28 44080 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\symndis.sys

2012-07-11 08:29:28 43568 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\symids.sys

2012-07-11 08:29:28 402992 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\SymEFA64.sys

2012-07-11 08:29:28 334384 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\BHDrvx64.sys

2012-07-11 08:29:28 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\srtspx64.sys

2012-07-11 08:29:28 278576 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\symtdi.sys

2012-07-11 08:29:28 120880 ----a-w- C:\Windows\System32\drivers\N360x64\0308000.029\symfw.sys

2012-07-11 08:29:20 -------- d-----w- C:\Windows\System32\drivers\N360x64\0308000.029

2012-07-11 06:52:35 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-07-11 06:28:23 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-07-11 06:28:23 31280 ----a-r- C:\Windows\System32\drivers\SymIMV.sys

2012-07-11 06:28:23 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll

2012-07-11 06:28:23 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll

2012-07-11 06:28:20 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-07-11 06:28:20 -------- d-----w- C:\Program Files\Symantec

2012-07-11 06:28:20 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2012-07-11 06:27:47 -------- d-----w- C:\Windows\System32\drivers\N360x64

2012-07-11 06:27:46 -------- d-----w- C:\Program Files (x86)\Norton 360

2012-07-11 06:27:39 -------- d-----w- C:\ProgramData\Norton

2012-07-11 06:27:36 -------- d-----w- C:\ProgramData\NortonInstaller

2012-07-11 06:27:36 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2012-07-11 06:22:57 -------- d-----w- C:\ProgramData\Symantec Temporary Files

2012-07-10 21:55:45 -------- d-----w- C:\ProgramData\AMD

2012-07-10 21:55:44 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-07-10 21:55:42 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-07-10 21:54:09 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-10 21:52:25 -------- d-----w- C:\AMD

2012-07-10 10:44:07 -------- d-----w- C:\Users\user\AppData\Roaming\CD-LabelPrint

2012-07-10 10:43:21 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenuEX

2012-07-10 10:43:18 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2

2012-07-10 10:43:18 -------- d--h--w- C:\ProgramData\CanonEPP

2012-07-10 10:43:15 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter

2012-07-10 10:42:18 -------- d-----w- C:\ProgramData\CanonIJPLM

2012-07-10 10:41:53 -------- d-----w- C:\ProgramData\CanonIJMSetup

2012-07-10 10:41:28 -------- d-----w- C:\Program Files\Common Files\CANON

2012-07-10 10:41:21 -------- d-----w- C:\ProgramData\CanonIJWSpt

2012-07-10 10:39:52 -------- d-----w- C:\Program Files\Canon

2012-07-10 10:38:46 37376 ----a-w- C:\Windows\System32\CNMN6UI.DLL

2012-07-10 10:38:46 -------- d-----w- C:\Windows\System32\STRING

2012-07-10 10:38:45 327680 ----a-w- C:\Windows\System32\CNMN6PPM.DLL

2012-07-10 10:38:04 -------- d-----w- C:\Program Files (x86)\Canon

2012-07-09 22:55:29 -------- d-----w- C:\Windows\System32\SPReview

2012-07-09 22:54:36 -------- d-----w- C:\Windows\System32\EventProviders

2012-07-09 09:25:25 -------- d-----w- C:\Program Files\SmartPCFixer

2012-07-09 06:16:55 3650560 ----a-w- C:\Windows\System32\MSVidCtl.dll

2012-07-09 06:14:59 646144 ----a-w- C:\Windows\SysWow64\SearchFolder.dll

2012-07-09 06:13:59 210944 ----a-w- C:\Windows\System32\ncsi.dll

2012-07-09 06:12:47 378880 ----a-w- C:\Windows\System32\msinfo32.exe

2012-07-09 06:11:59 98816 ----a-w- C:\Windows\SysWow64\Robocopy.exe

2012-07-09 06:10:59 45568 ----a-w- C:\Windows\SysWow64\g711codc.ax

2012-07-09 06:09:53 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2012-07-09 06:09:53 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2012-07-09 06:09:52 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2012-07-08 13:28:08 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-07-08 13:27:50 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-07-08 04:19:45 -------- d-----w- C:\Windows\SysWow64\Wat

2012-07-08 04:19:45 -------- d-----w- C:\Windows\System32\Wat

2012-07-08 02:39:49 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-07-08 02:39:49 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-07-08 02:39:49 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-07-08 02:39:49 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-07-08 02:39:49 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-07-08 02:39:49 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-07-08 02:39:49 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-07-08 02:04:38 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-07-08 02:04:38 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-07-07 23:20:59 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2012-07-07 23:20:59 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe

2012-07-07 23:20:58 850944 ----a-w- C:\Windows\SysWow64\sbe.dll

2012-07-07 23:20:58 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2012-07-07 23:20:58 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2012-07-07 23:20:58 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2012-07-07 23:20:58 1118720 ----a-w- C:\Windows\System32\sbe.dll

2012-07-07 23:18:48 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2012-07-07 23:18:47 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-07-07 23:18:47 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-07-07 23:18:46 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2012-07-07 23:18:45 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2012-07-07 23:18:13 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2012-07-07 23:18:13 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-07-07 23:18:05 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2012-07-07 23:18:04 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2012-07-07 23:18:04 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2012-07-07 23:18:04 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2012-07-07 23:17:09 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-07-07 23:17:09 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-07-07 23:17:09 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-07-07 23:15:44 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-07-07 23:14:31 642944 ----a-w- C:\Windows\System32\winload.efi

2012-07-07 23:13:47 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2012-07-07 23:12:59 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-07-07 23:12:57 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-07-07 23:12:57 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-07-07 23:12:57 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-07-07 23:12:45 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-07-07 23:12:45 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-07-07 23:04:54 77312 ----a-w- C:\Windows\System32\packager.dll

2012-07-07 23:04:54 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-07-07 00:41:38 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-07-07 00:41:38 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-07-07 00:41:38 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-07-07 00:38:20 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-07-07 00:38:10 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-07-07 00:38:01 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-07-07 00:38:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-07-06 23:48:41 -------- d-----w- C:\Program Files (x86)\Ffmpeg For Audacity

2012-07-06 22:44:00 -------- dc----w- C:\Users\user\AppData\Local\MigWiz

2012-07-06 22:40:51 -------- d-----w- C:\Program Files (x86)\Audacity

2012-07-06 08:10:17 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-07-06 08:10:13 336208 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-07-06 03:23:38 -------- d-----w- C:\ProgramData\SweetIM

2012-07-06 03:23:38 -------- d-----w- C:\Program Files (x86)\SweetIM

2012-07-06 03:23:26 327749 ----a-w- C:\Windows\SysWow64\drvc.dll

2012-07-06 03:23:26 121344 --sha-r- C:\Windows\SysWow64\TAKDSDecoder.ax

2012-07-06 03:23:26 107520 --sha-r- C:\Windows\SysWow64\TAKDSDecoder.dll

2012-07-06 03:22:28 -------- d-----w- C:\Program Files (x86)\eRightSoft

2012-07-06 03:20:55 -------- d-----w- C:\Program Files (x86)\Vstplugins

2012-07-06 03:20:45 -------- d-----w- C:\Program Files (x86)\Sony

2012-07-06 03:19:42 -------- d-----w- C:\Program Files (x86)\Sony Setup

2012-07-06 02:11:01 14604 ----a-w- C:\Windows\SysWow64\drivers\pfc.sys

2012-07-06 02:10:59 344064 ----a-r- C:\Windows\SysWow64\msvcr70.dll

2012-07-06 02:09:00 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2012-07-06 02:09:00 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2012-07-06 02:09:00 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2012-07-06 02:09:00 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2012-07-06 02:08:59 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2012-07-06 02:08:57 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2012-07-06 02:08:57 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2012-07-06 00:46:13 -------- d-----w- C:\Program Files (x86)\DVDlab

2012-07-06 00:43:44 -------- d-----w- C:\Program Files (x86)\AC3 Converter

2012-07-06 00:20:03 -------- d-----w- C:\Users\user\AppData\Roaming\Simple Sudoku

2012-07-06 00:20:02 -------- d-----w- C:\Program Files (x86)\Simple Sudoku

2012-07-06 00:18:37 -------- d-----w- C:\ffmpeggui03c

2012-07-06 00:10:44 306688 ----a-w- C:\Windows\IsUninst.exe

2012-07-05 23:49:28 719872 ----a-w- C:\Windows\SysWow64\devil.dll

2012-07-05 23:49:28 70656 ----a-w- C:\Windows\SysWow64\yv12vfw.dll

2012-07-05 23:49:28 70656 ----a-w- C:\Windows\SysWow64\i420vfw.dll

2012-07-05 23:49:28 369152 ----a-w- C:\Windows\SysWow64\avisynth.dll

2012-07-05 23:49:28 32256 ----a-w- C:\Windows\SysWow64\AVSredirect.dll

2012-07-05 23:49:28 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5

2012-07-05 02:09:19 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C7245CE-A60C-4D60-9A32-06ABDC4BBDEF}\gapaengine.dll

2012-07-04 01:06:04 -------- d-----w- C:\Windows\TempC9EF7BF8-BCD3-F1EA-B26A-B2CF72310FED-Signatures

2012-07-04 01:05:59 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-07-03 12:13:07 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-07-03 12:13:05 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-07-03 12:13:05 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-07-03 12:13:05 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-07-03 12:13:05 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-07-03 12:07:10 4126880 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-07-03 11:27:41 -------- d-----w- C:\Users\user\AppData\Local\Macromedia

2012-07-03 11:27:17 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2012-07-31 23:15:10 60 ----a-w- C:\Windows\wpd99.drv

2012-07-09 23:01:56 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-07-09 23:01:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-07-03 12:07:11 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-28 01:20:46 40448 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll

2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll

2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll

2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll

2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe

2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll

2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll

2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-06-11 03:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 03:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 03:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 03:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 03:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 03:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 03:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-11 03:48:34 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-06-11 03:48:30 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-06-07 00:29:34 2266624 ----a-w- C:\Windows\System32\pdfmona64.dll

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 02:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-10 06:35:16 43520 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-05-10 06:35:16 29184 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2010-01-06 14:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll

.

============= FINISH: 11:50:29.94 ===============

DDS.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.