Jump to content


- - - - -

Definitely Infected

Started by soulshine, Jul 11 2012 09:02 PM


22 replies to this topic

#1 soulshine

    New Member

  • Members
  • Pip
  • 12 posts

Posted 11 July 2012 - 09:02 PM

DDS:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Jowie at 21:54:40 on 2012-07-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3999.2388 [GMT -4:00]
.
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\explorer.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uSearch Bar =
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program

Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program

Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG

\AVG9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:

\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files

(x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files

(x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files

(x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files

(x86)\uTorrentControl2\prxtbuTor.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini

"C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant

\HPWAMain.exe
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer

\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce

"Software\CyberLink\PowerRecover"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support

\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --

windows-run
StartupFolder: C:\Users\Jowie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup

\Dropbox.lnk - C:\Users\Jowie\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program

Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program

Files\Rainmeter\Rainmeter.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program

Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program

Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:

\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32

-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32

-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32

-windows-i586.cab
TCP: DhcpNameServer = 66.79.51.85 66.79.78.47
TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3} : DhcpNameServer = 66.79.51.85 66.79.78.47
TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3}\35F657C6378696E656 : DhcpNameServer =

192.168.0.1 205.171.3.25
TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3}\74F6F646D616E6 : DhcpNameServer =

192.168.0.1
TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3}\D697177756374703331353 : DhcpNameServer =

192.168.0.1 205.171.3.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG

\AVG9\avgpp.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files

(x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files

\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG

\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:

\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files

(x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files

(x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files

(x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files

(x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant

\HPWAMain.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer

\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce

"Software\CyberLink\PowerRecover"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support

\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --

windows-run
SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files

(x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\system32\Drivers\AVGIDSwa.sys --> C:\Windows

\system32\Drivers\AVGIDSwa.sys [?]
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows

\system32\Drivers\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows

\system32\DRIVERS\avgfwd6a.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows

\system32\Drivers\avgtdia.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows

\system32\DRIVERS\vwififlt.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows

\system32\DRIVERS\enecir.sys [?]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS

\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
S1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows

\system32\Drivers\avgldx64.sys [?]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys

--> C:\Windows\system32\Drivers\avgmfx64.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\armsvc.exe [2012-1-3 63928]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository

\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
S2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-7-20 921952]
S2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-2 308136]
S2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin

\AVGIDSAgent.exe [2010-7-12 5897808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows

\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[2010-5-12 136176]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-

Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard

\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS

\sbapifs.sys [?]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy

\SDWinSec.exe [2011-1-25 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed

\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent

\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-7-12 132688]
S3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent

\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-7-12 35920]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys

--> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows

\system32\DRIVERS\clwvd.sys [?]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons

\Com4QLBEx.exe [2009-8-9 228408]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2010-5-12 136176]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers

\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS

\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows

\system32\drivers\mbam.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:

\Windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:

\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows

\system32\DRIVERS\motccgpfl.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows

\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys

--> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:

\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:

\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows

\system32\GameMon.des -service [?]
S3 pspdisp;pspdisp;C:\Windows\system32\DRIVERS\pspdisp_x64.sys --> C:\Windows\system32\DRIVERS

\pspdisp_x64.sys [?]
S3 PsSdk41;PsSdk41;\??\C:\Windows\system32\Drivers\pssdk41.sys --> C:\Windows\system32\Drivers

\pssdk41.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers

\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys -->

C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows

\system32\DRIVERS\Rt64win7.sys [?]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys

--> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers

\sbhips.sys [?]
S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS

\sbwtis.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS

\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS

\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows

\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers

\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys -->

C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe

--> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows

\system32\DRIVERS\wdcsam64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows

\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 Ad-Aware Service;Ad-Aware Service; [x]
S4 avgfws9;AVG Firewall; [x]
S4 MBAMService;MBAMService; [x]
S4 MotoHelper;MotoHelper Service; [x]
S4 SBAMSvc;Ad-Aware; [x]
.
=============== Created Last 30 ================
.
2012-07-12 00:37:51 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-07-12 00:30:57 21520 ----a-w- C:\Windows\DCEBoot64.exe
2012-07-12 00:30:34 129024 ----a-w- C:\Windows\RegBootClean64.exe
2012-07-12 00:13:57 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-07-11 14:13:03 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 11:24:35 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 11:24:33 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 11:24:33 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 11:24:31 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 11:24:31 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 11:24:31 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 01:42:31 -------- d-----w- C:\Users\Jowie\AppData\Local\adaware
2012-07-11 01:41:45 -------- d-----w- C:\ProgramData\Ad-Aware Browsing

Protection
2012-07-11 01:41:24 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-07-11 01:40:55 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-07-11 01:40:55 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-07-11 01:40:54 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-07-11 01:40:51 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-07-11 01:38:19 -------- d-----w- C:\Users\Jowie\AppData\Roaming\Ad-Aware

Antivirus
2012-07-10 14:59:21 -------- d-----w- C:\Users\Jowie\AppData\Local\MagicCamera
2012-07-10 14:59:06 -------- d-----w- C:\Program Files (x86)\Company
2012-07-10 14:59:03 15693038 ---ha-w- C:\Program Files\MagicCam.exe
2012-07-10 14:50:27 82432 ----a-w- C:\Windows\System32\HPMSWebcam.dll
2012-07-10 13:21:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender

\Definition Updates\{8AB62FD2-1839-467F-AB4E-84351BDB2E11}\mpengine.dll
2012-07-08 01:33:51 -------- d-----w- C:\Users\Jowie\AppData\Roaming\Trine2
2012-07-05 15:59:51 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-07-05 15:59:50 -------- d-----w- C:\Program Files (x86)\ffdshow
2012-07-05 14:52:27 -------- d-----w- C:\Users\Jowie\AppData\Roaming

\MotioninJoy
2012-07-05 14:52:25 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
2012-07-05 14:52:25 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2012-07-05 14:52:25 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2012-07-05 14:52:25 -------- d-----w- C:\Program Files\MotioninJoy
2012-06-21 22:58:43 -------- d-----w- C:\ProgramData\RELOADED
2012-06-21 22:56:59 -------- d-----w- C:\Program Files (x86)\The Walking Dead
2012-06-21 20:09:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 20:09:15 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 20:08:59 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 20:08:59 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-18 15:58:11 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-18 15:58:10 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-14 19:34:54 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 19:34:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 19:34:54 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 19:34:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-14 19:34:43 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 19:34:42 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 19:34:40 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 19:34:40 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-06-14 19:29:16 -------- d-----w- C:\Users\Jowie\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2012-07-11 22:31:47 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 22:31:47 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-18 15:55:14 772592 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-06-18 15:55:14 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-25 01:50:38 31344 ----a-w- C:\Windows\System32\drivers\cnnctfy2.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 21:55:57.87 ===============
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Jowie at 21:54:40 on 2012-07-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3999.2388 [GMT -4:00]
.
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\explorer.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uSearch Bar =
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program

Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program

Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG

\AVG9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:

\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files

(x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files

(x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files

(x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files

(x86)\uTorrentControl2\prxtbuTor.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini

"C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant

\HPWAMain.exe
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer

\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce

"Software\CyberLink\PowerRecover"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support

\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --

windows-run
StartupFolder: C:\Users\Jowie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup

\Dropbox.lnk - C:\Users\Jowie\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program

Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program

Files\Rainmeter\Rainmeter.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program

Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program

Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:

\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32

-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32

-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32

-windows-i586.cab
TCP: DhcpNameServer = 66.79.51.85 66.79.78.47
TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3} : DhcpNameServer = 66.79.51.85 66.79.78.47
TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3}\35F657C6378696E656 : DhcpNameServer =

192.168.0.1 205.171.3.25
TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3}\74F6F646D616E6 : DhcpNameServer =

192.168.0.1
TCP: Interfaces\{C2EEA041-F6D4-4661-BCFA-DAB1D41E08C3}\D697177756374703331353 : DhcpNameServer =

192.168.0.1 205.171.3.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG

\AVG9\avgpp.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files

(x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files

\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG

\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:

\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files

(x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files

(x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files

(x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP

\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files

(x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant

\HPWAMain.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer

\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce

"Software\CyberLink\PowerRecover"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support

\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --

windows-run
SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files

(x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\system32\Drivers\AVGIDSwa.sys --> C:\Windows

\system32\Drivers\AVGIDSwa.sys [?]
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows

\system32\Drivers\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows

\system32\DRIVERS\avgfwd6a.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows

\system32\Drivers\avgtdia.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows

\system32\DRIVERS\vwififlt.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows

\system32\DRIVERS\enecir.sys [?]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS

\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
S1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows

\system32\Drivers\avgldx64.sys [?]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys

--> C:\Windows\system32\Drivers\avgmfx64.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\armsvc.exe [2012-1-3 63928]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository

\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
S2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-7-20 921952]
S2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-2 308136]
S2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin

\AVGIDSAgent.exe [2010-7-12 5897808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows

\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[2010-5-12 136176]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-

Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard

\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS

\sbapifs.sys [?]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy

\SDWinSec.exe [2011-1-25 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed

\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent

\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-7-12 132688]
S3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent

\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-7-12 35920]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys

--> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows

\system32\DRIVERS\clwvd.sys [?]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons

\Com4QLBEx.exe [2009-8-9 228408]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2010-5-12 136176]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers

\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS

\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows

\system32\drivers\mbam.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:

\Windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:

\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows

\system32\DRIVERS\motccgpfl.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows

\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys

--> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:

\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:

\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows

\system32\GameMon.des -service [?]
S3 pspdisp;pspdisp;C:\Windows\system32\DRIVERS\pspdisp_x64.sys --> C:\Windows\system32\DRIVERS

\pspdisp_x64.sys [?]
S3 PsSdk41;PsSdk41;\??\C:\Windows\system32\Drivers\pssdk41.sys --> C:\Windows\system32\Drivers

\pssdk41.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers

\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys -->

C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows

\system32\DRIVERS\Rt64win7.sys [?]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys

--> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers

\sbhips.sys [?]
S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS

\sbwtis.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS

\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS

\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows

\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers

\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys -->

C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe

--> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows

\system32\DRIVERS\wdcsam64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows

\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 Ad-Aware Service;Ad-Aware Service; [x]
S4 avgfws9;AVG Firewall; [x]
S4 MBAMService;MBAMService; [x]
S4 MotoHelper;MotoHelper Service; [x]
S4 SBAMSvc;Ad-Aware; [x]
.
=============== Created Last 30 ================
.
2012-07-12 00:37:51 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-07-12 00:30:57 21520 ----a-w- C:\Windows\DCEBoot64.exe
2012-07-12 00:30:34 129024 ----a-w- C:\Windows\RegBootClean64.exe
2012-07-12 00:13:57 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-07-11 14:13:03 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 11:24:35 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 11:24:33 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 11:24:33 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 11:24:31 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 11:24:31 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 11:24:31 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 01:42:31 -------- d-----w- C:\Users\Jowie\AppData\Local\adaware
2012-07-11 01:41:45 -------- d-----w- C:\ProgramData\Ad-Aware Browsing

Protection
2012-07-11 01:41:24 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-07-11 01:40:55 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-07-11 01:40:55 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-07-11 01:40:54 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-07-11 01:40:51 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-07-11 01:38:19 -------- d-----w- C:\Users\Jowie\AppData\Roaming\Ad-Aware

Antivirus
2012-07-10 14:59:21 -------- d-----w- C:\Users\Jowie\AppData\Local\MagicCamera
2012-07-10 14:59:06 -------- d-----w- C:\Program Files (x86)\Company
2012-07-10 14:59:03 15693038 ---ha-w- C:\Program Files\MagicCam.exe
2012-07-10 14:50:27 82432 ----a-w- C:\Windows\System32\HPMSWebcam.dll
2012-07-10 13:21:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender

\Definition Updates\{8AB62FD2-1839-467F-AB4E-84351BDB2E11}\mpengine.dll
2012-07-08 01:33:51 -------- d-----w- C:\Users\Jowie\AppData\Roaming\Trine2
2012-07-05 15:59:51 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-07-05 15:59:50 -------- d-----w- C:\Program Files (x86)\ffdshow
2012-07-05 14:52:27 -------- d-----w- C:\Users\Jowie\AppData\Roaming

\MotioninJoy
2012-07-05 14:52:25 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
2012-07-05 14:52:25 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2012-07-05 14:52:25 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2012-07-05 14:52:25 -------- d-----w- C:\Program Files\MotioninJoy
2012-06-21 22:58:43 -------- d-----w- C:\ProgramData\RELOADED
2012-06-21 22:56:59 -------- d-----w- C:\Program Files (x86)\The Walking Dead
2012-06-21 20:09:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 20:09:15 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 20:08:59 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 20:08:59 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-18 15:58:11 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-18 15:58:10 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-14 19:34:54 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 19:34:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 19:34:54 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 19:34:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-14 19:34:43 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 19:34:42 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 19:34:40 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 19:34:40 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-06-14 19:29:16 -------- d-----w- C:\Users\Jowie\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2012-07-11 22:31:47 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 22:31:47 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-18 15:55:14 772592 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-06-18 15:55:14 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-25 01:50:38 31344 ----a-w- C:\Windows\System32\drivers\cnnctfy2.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 21:55:57.87 ===============

Attached Files


#2 MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,537 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 11 July 2012 - 09:13 PM

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.
Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:
http://forums.malwar...showtopic=97700

-----------------------------------

Then.........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 soulshine

    New Member

  • Members
  • Pip
  • 12 posts

Posted 11 July 2012 - 09:22 PM

RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User: Jowie [Admin rights]
Mode: Scan -- Date: 07/11/2012 22:21:00

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\n.) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\jowie\appdata\local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\jowie\appdata\local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\jowie\appdata\local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
--- User ---
[MBR] be19120960c790a0159d1587d2419653
[BSP] aa740c297d1409422a4ba86725722b84 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 225247 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461715456 | Size: 13027 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4 MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,537 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 11 July 2012 - 09:37 PM

Your computer is infected with a nasty rootkit. Please read the following information first.


Quote

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......
  • There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
  • There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
  • I strongly suggest you back up all of the important items on the system before we continue.

Please let me know you have read this and agree to it.


Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 soulshine

    New Member

  • Members
  • Pip
  • 12 posts

Posted 12 July 2012 - 08:43 AM

That does not sound good...


Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 12-07-2012 09:26:48
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-12-20] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2009-12-20] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2009-12-20] (Intel Corporation)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-07-21] ()
HKLM\...\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" [200560 2011-12-19] (GFI Software)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-30] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-30] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Jowie\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\Jowie\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Jowie\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1025320 2009-04-24] (SupportSoft, Inc.)
HKU\Jowie\...\Policies\system: [WallpaperStyle] 2
HKU\Jowie\...\Winlogon: [Shell] explorer.exe
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 66.79.51.85 66.79.78.47
AppInit_DLLs:
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Jowie\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-10] (Akamai Technologies, Inc)
2 avg9emc; "C:\Program Files (x86)\AVG\AVG9\avgemc.exe" [921952 2010-07-20] (AVG Technologies CZ, s.r.o.)
2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2010-12-02] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent [5897808 2010-07-12] (AVG Technologies CZ, s.r.o.)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [29976 2010-07-12] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriverw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [132688 2010-07-12] (AVG Technologies CZ, s.r.o. )
0 AVGIDSErHrw7a; C:\Windows\System32\Drivers\AVGIDSwa.sys [27216 2010-07-12] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilterw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [35920 2010-07-12] (AVG Technologies CZ, s.r.o. )
1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [269904 2010-07-12] (AVG Technologies CZ, s.r.o.)
1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [35536 2010-07-12] (AVG Technologies CZ, s.r.o.)
0 AvgRkx64; C:\Windows\System32\Drivers\AvgRkx64.sys [56008 2010-07-12] (AVG Technologies CZ, s.r.o.)
1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [317520 2010-07-12] (AVG Technologies CZ, s.r.o.)
3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [43456 2010-10-02] (http://libusb-win32.sourceforge.net)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 msloop; C:\Windows\System32\DRIVERS\loop.sys [7680 2009-07-13] (Microsoft Corporation)
3 NPF; C:\Windows\System32\Drivers\NPF.sys [40464 2007-11-06] (CACE Technologies)
3 pspdisp; C:\Windows\System32\DRIVERS\pspdisp_x64.sys [4608 2011-01-18] (JJS)
3 PsSdk41; C:\Windows\System32\Drivers\PsSdk41.sys [51776 2011-03-19] (microOLAP Technologies LTD)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [57976 2011-10-26] (GFI Software)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-11-25] (Duplex Secure Ltd.)
4 Ad-Aware Service; [x]
4 avgfws9; [x]
3 dump_wmimmc; \??\C:\GamesCampus\Legend of Edda\GameGuard\dump_wmimmc.sys [x]
4 eabfiltr; [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
4 MBAMService; [x]
4 MotoHelper; [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
4 SBAMSvc; [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
3 X6va001; \??\C:\Users\Jowie\AppData\Local\Temp\001C64C.tmp [x]
3 X6va003; \??\C:\Users\Jowie\AppData\Local\Temp\0039201.tmp [x]
3 X6va005; \??\C:\Users\Jowie\AppData\Local\Temp\0059148.tmp [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-11 18:21 - 2012-07-11 18:21 - 00003074 ____A C:\Users\Jowie\Desktop\RKreport[1].txt
2012-07-11 18:20 - 2012-07-11 18:20 - 01558016 ____A C:\Users\Jowie\Downloads\RogueKiller.exe
2012-07-11 18:19 - 2012-07-11 18:21 - 00000000 ____D C:\Users\Jowie\Desktop\RK_Quarantine
2012-07-11 17:56 - 2012-07-11 17:56 - 00025157 ____A C:\Users\Jowie\Desktop\DDS.txt
2012-07-11 17:56 - 2012-07-11 17:56 - 00016325 ____A C:\Users\Jowie\Desktop\Attach.txt
2012-07-11 17:53 - 2012-07-11 17:53 - 00002288 ____A C:\Users\Jowie\Documents\aswMBR.txt
2012-07-11 17:53 - 2012-07-11 17:53 - 00000512 ____A C:\Users\Jowie\Documents\MBR.dat
2012-07-11 17:33 - 2012-07-11 17:33 - 00607260 ____R (Swearware) C:\Users\Jowie\Downloads\dds.com
2012-07-11 16:45 - 2012-07-11 16:45 - 00189057 ____A C:\Users\Jowie\AppData\Local\census.cache
2012-07-11 16:44 - 2012-07-11 16:44 - 00131018 ____A C:\Users\Jowie\AppData\Local\ars.cache
2012-07-11 16:37 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-07-11 16:32 - 2012-07-11 16:32 - 00104544 ____A C:\Users\Jowie\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-11 16:32 - 2012-07-11 16:32 - 00000412 ____A C:\Windows\DCEBOOT.RST
2012-07-11 16:30 - 2012-07-11 16:31 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-07-11 16:30 - 2012-07-11 16:30 - 00021520 ____A C:\Windows\DCEBoot64.exe
2012-07-11 16:13 - 2012-07-11 16:13 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-07-11 16:10 - 2012-07-11 16:10 - 00001193 ____A C:\Users\Jowie\Documents\found vi.txt
2012-07-11 11:51 - 2012-07-12 05:25 - 00057229 ____A C:\Windows\WindowsUpdate.log
2012-07-11 06:26 - 2012-07-11 06:26 - 00000944 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2012-07-11 06:13 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 06:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 06:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 06:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 06:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 06:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 06:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 06:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 06:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 06:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 06:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 06:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 06:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 06:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 06:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 06:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 06:00 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 06:00 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 06:00 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 06:00 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 06:00 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 06:00 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 06:00 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 06:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 06:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 06:00 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 06:00 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 06:00 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 06:00 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 03:24 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 03:24 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 03:24 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 03:24 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 03:24 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 03:24 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 03:24 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 03:24 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 03:23 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 03:23 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 03:23 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 03:23 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 03:23 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 03:23 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 03:23 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 03:23 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 03:23 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 03:23 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 03:23 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 03:23 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-11 03:23 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-11 03:23 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-11 03:23 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-07-11 03:23 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-07-11 03:23 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-07-10 21:00 - 2012-07-10 21:00 - 00001188 ____A C:\Windows\SysWOW64\ServiceConfig.xml
2012-07-10 18:32 - 2012-07-10 18:32 - 00219476 ____A C:\Users\Jowie\Downloads\bookmarks-2012-07-10.json
2012-07-10 17:42 - 2012-07-10 17:42 - 00000000 ____D C:\Users\Jowie\AppData\Local\adaware
2012-07-10 17:41 - 2012-07-11 16:30 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-07-10 17:41 - 2011-12-19 08:44 - 00060536 ____A (GFI Software) C:\Windows\System32\Drivers\sbhips.sys
2012-07-10 17:40 - 2012-07-11 16:32 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-07-10 17:40 - 2011-12-19 09:21 - 00045936 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2012-07-10 17:40 - 2011-12-19 08:44 - 00256632 ____A (GFI Software) C:\Windows\System32\Drivers\SbFw.sys
2012-07-10 17:40 - 2011-09-29 08:16 - 00119416 ____A (GFI Software) C:\Windows\System32\Drivers\SbFwIm.sys
2012-07-10 17:38 - 2012-07-10 17:47 - 00000000 ____D C:\Users\Jowie\AppData\Roaming\Ad-Aware Antivirus
2012-07-10 06:59 - 2012-07-10 08:40 - 00000000 ____D C:\Program Files (x86)\Company
2012-07-10 06:59 - 2012-07-10 07:23 - 00000000 ____D C:\Users\Jowie\AppData\Local\MagicCamera
2012-07-10 06:59 - 2010-05-22 04:00 - 15693038 ___AH (ShiningMorning Inc. ) C:\Program Files\MagicCam.exe
2012-07-10 06:54 - 2012-07-10 06:54 - 00000000 ____D C:\Users\Jowie\Documents\Avatar
2012-07-10 06:50 - 2010-11-09 07:21 - 00082432 ____A (TODO: <Company name>) C:\Windows\System32\HPMSWebcam.dll
2012-07-09 18:21 - 2012-07-11 06:13 - 00000000 ____D C:\Users\Jowie\AppData\Roaming\vlc
2012-07-08 16:43 - 2012-07-08 16:44 - 00000000 ____D C:\Users\Jowie\Downloads\Healing Meditation Accelerate Healing and Recovery (Brain Wave Therapy)-Mantesh
2012-07-07 17:33 - 2012-07-07 17:33 - 00000000 ____D C:\Users\Jowie\AppData\Roaming\Trine2
2012-07-05 07:59 - 2012-07-05 07:59 - 00000000 ____D C:\Program Files (x86)\ffdshow
2012-07-05 07:59 - 2009-12-05 15:42 - 00085504 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-07-05 07:19 - 2012-07-05 07:20 - 00000000 ____D C:\Users\Jowie\Documents\N64
2012-07-05 06:57 - 2012-07-05 06:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-07-05 06:57 - 2012-07-05 06:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2012-07-05 06:52 - 2012-07-05 06:52 - 00000000 ____D C:\Users\Jowie\AppData\Roaming\MotioninJoy
2012-07-05 06:52 - 2012-07-05 06:52 - 00000000 ____D C:\Program Files\MotioninJoy
2012-07-05 06:52 - 2012-05-12 08:31 - 00121416 ____A (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys
2012-07-05 06:52 - 2011-12-07 15:42 - 00328712 ____A (Logitech Inc.) C:\Windows\System32\MijFrc.dll
2012-07-05 06:52 - 2011-12-07 15:42 - 00074960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xusb21.sys
2012-07-03 14:02 - 2012-07-03 14:20 - 00000000 ____D C:\Users\Jowie\Downloads\Support
2012-07-03 14:02 - 2012-03-02 19:09 - 00417377 ____A C:\Users\Jowie\Downloads\ModMiiSkin.exe
2012-07-03 14:02 - 2012-02-25 13:59 - 00144384 ____A C:\Users\Jowie\Downloads\ModMii.exe
2012-06-21 14:58 - 2012-06-21 14:58 - 00000000 ____D C:\Users\Jowie\Documents\Telltale Games
2012-06-21 14:58 - 2012-06-21 14:58 - 00000000 ____D C:\Users\All Users\RELOADED
2012-06-21 14:56 - 2012-06-21 14:58 - 00000000 ____D C:\Program Files (x86)\The Walking Dead
2012-06-21 12:09 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 12:09 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 12:09 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 12:09 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 12:09 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 12:09 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 12:09 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 12:08 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 12:08 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 13:00 - 2012-06-18 13:04 - 00000000 ____D C:\Users\Jowie\Downloads\Boktai Emulator Collection
2012-06-18 07:58 - 2012-06-18 07:57 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-18 07:58 - 2012-06-18 07:57 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-18 07:58 - 2012-06-18 07:57 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-18 07:57 - 2012-06-18 07:57 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-18 07:57 - 2012-06-18 07:57 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-18 07:55 - 2012-06-18 07:55 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-18 07:53 - 2012-06-18 07:53 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-06-18 07:53 - 2012-06-18 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-14 11:34 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 11:34 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 11:34 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 11:34 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-14 11:34 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 11:34 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 11:34 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 11:34 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 11:29 - 2012-06-14 11:29 - 00000000 ____D C:\Users\Jowie\AppData\Local\Macromedia


============ 3 Months Modified Files ========================

2012-07-12 05:25 - 2012-07-11 11:51 - 00057229 ____A C:\Windows\WindowsUpdate.log
2012-07-12 05:19 - 2009-07-13 20:45 - 00029840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-12 05:19 - 2009-07-13 20:45 - 00029840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-12 05:17 - 2009-07-13 21:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-12 05:16 - 2010-05-11 21:55 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-12 05:16 - 2010-05-11 21:55 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-12 05:12 - 2010-09-18 19:07 - 00000400 ____A C:\Windows\Tasks\AWC AutoSweep.job
2012-07-12 05:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-11 18:21 - 2012-07-11 18:21 - 00003074 ____A C:\Users\Jowie\Desktop\RKreport[1].txt
2012-07-11 18:20 - 2012-07-11 18:20 - 01558016 ____A C:\Users\Jowie\Downloads\RogueKiller.exe
2012-07-11 17:56 - 2012-07-11 17:56 - 00025157 ____A C:\Users\Jowie\Desktop\DDS.txt
2012-07-11 17:56 - 2012-07-11 17:56 - 00016325 ____A C:\Users\Jowie\Desktop\Attach.txt
2012-07-11 17:53 - 2012-07-11 17:53 - 00002288 ____A C:\Users\Jowie\Documents\aswMBR.txt
2012-07-11 17:53 - 2012-07-11 17:53 - 00000512 ____A C:\Users\Jowie\Documents\MBR.dat
2012-07-11 17:33 - 2012-07-11 17:33 - 00607260 ____R (Swearware) C:\Users\Jowie\Downloads\dds.com
2012-07-11 16:45 - 2012-07-11 16:45 - 00189057 ____A C:\Users\Jowie\AppData\Local\census.cache
2012-07-11 16:44 - 2012-07-11 16:44 - 00131018 ____A C:\Users\Jowie\AppData\Local\ars.cache
2012-07-11 16:32 - 2012-07-11 16:32 - 00104544 ____A C:\Users\Jowie\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-11 16:32 - 2012-07-11 16:32 - 00000412 ____A C:\Windows\DCEBOOT.RST
2012-07-11 16:31 - 2012-07-11 16:30 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-07-11 16:31 - 2012-04-01 14:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-11 16:30 - 2012-07-11 16:30 - 00021520 ____A C:\Windows\DCEBoot64.exe
2012-07-11 16:13 - 2012-07-11 16:13 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-07-11 16:10 - 2012-07-11 16:10 - 00001193 ____A C:\Users\Jowie\Documents\found vi.txt
2012-07-11 14:31 - 2012-04-01 14:56 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 14:31 - 2011-08-27 20:03 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 13:51 - 2010-09-18 19:07 - 00000412 ____A C:\Windows\Tasks\AWC Update.job
2012-07-11 06:26 - 2012-07-11 06:26 - 00000944 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2012-07-11 06:18 - 2009-07-13 20:45 - 00394016 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 06:05 - 2009-12-08 01:29 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 21:00 - 2012-07-10 21:00 - 00001188 ____A C:\Windows\SysWOW64\ServiceConfig.xml
2012-07-10 18:32 - 2012-07-10 18:32 - 00219476 ____A C:\Users\Jowie\Downloads\bookmarks-2012-07-10.json
2012-07-10 07:06 - 2012-02-14 16:53 - 00006144 ____A C:\Users\Jowie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-05 06:57 - 2012-07-05 06:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-07-05 06:57 - 2012-07-05 06:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2012-07-04 14:28 - 2012-01-10 09:32 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForJowie.job
2012-06-18 07:57 - 2012-06-18 07:58 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-18 07:57 - 2012-06-18 07:58 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-18 07:57 - 2012-06-18 07:58 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-18 07:57 - 2012-06-18 07:57 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-18 07:57 - 2012-06-18 07:57 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-18 07:55 - 2012-06-18 07:55 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-18 07:55 - 2012-05-19 21:05 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-18 07:55 - 2012-05-19 21:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-18 07:55 - 2012-05-19 21:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-18 07:55 - 2010-04-19 15:08 - 00687600 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-06-11 19:08 - 2012-07-11 06:13 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 03:24 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 03:24 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-11 03:24 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 03:24 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 03:23 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 03:24 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 03:24 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 03:23 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 23:37 - 2012-07-11 16:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-06-02 14:19 - 2012-06-21 12:09 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 12:09 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 12:09 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 12:09 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 12:09 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 12:09 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 12:09 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 12:08 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 12:08 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 06:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 06:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 06:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 06:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:05 - 2012-07-11 06:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:04 - 2012-07-11 06:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:04 - 2012-07-11 06:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:03 - 2012-07-11 06:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 06:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 06:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 06:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 06:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 06:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 06:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 06:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 06:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 06:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 06:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 06:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:25 - 2012-07-11 06:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:23 - 2012-07-11 06:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 06:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 06:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 06:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 06:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 06:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 06:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 06:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 03:23 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 03:23 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 03:23 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 03:23 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 03:23 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 03:23 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 03:23 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 03:23 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 03:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-28 07:00 - 2012-05-28 07:00 - 00104860 ____A C:\Users\Jowie\Downloads\MotoContacts.vcf
2012-05-28 06:58 - 2012-05-28 06:58 - 00105381 ____A C:\Users\Jowie\Downloads\MotoContacts.bak
2012-05-24 17:50 - 2012-05-24 17:50 - 00031344 ____A (Connectify) C:\Windows\System32\Drivers\cnnctfy2.sys
2012-05-14 07:12 - 2012-05-14 07:12 - 00000274 ____A C:\Users\Public\Documents\neople_uninstaller0.bat
2012-05-12 08:31 - 2012-07-05 06:52 - 00121416 ____A (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys
2012-05-04 03:06 - 2012-06-14 11:34 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-14 11:34 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 11:34 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-27 21:32 - 2012-06-14 11:34 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:55 - 2012-06-14 11:34 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-14 11:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-14 11:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-14 11:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-07-11 03:23 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-07-11 03:23 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-07-11 03:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-07-11 03:23 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-07-11 03:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-07-11 03:23 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-21 08:27 - 2010-07-25 22:10 - 00773482 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-18 17:04 - 2009-07-13 21:08 - 00032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts


ZeroAccess:
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\00000004.@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\201d3dde
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\00000004.@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\00000008.@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\000000cb.@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000000.@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000032.@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000064.@

ZeroAccess:
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\00000004.@
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\1afb2d56

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3999.19 MB
Available physical RAM: 3273.87 MB
Total Pagefile: 3997.34 MB
Available Pagefile: 3272.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:219.97 GB) (Free:28.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.17 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:12.72 GB) (Free:2.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (JOWIE) (Removable) (Total:3.72 GB) (Free:1.64 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3821 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 219 GB 200 MB
Partition 3 Primary 12 GB 220 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 219 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 12 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3821 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G JOWIE FAT32 Removable 3821 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-17 18:35

======================= End Of Log ==========================

#6 MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,537 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 July 2012 - 08:57 AM

services.exe is infected and has to be replaced:

Quote

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe


It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 soulshine

    New Member

  • Members
  • Pip
  • 12 posts

Posted 12 July 2012 - 09:33 AM

Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 2012-07-12 10:22:25
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#8 MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,537 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 July 2012 - 09:39 AM

OK, here you go......


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\00000004.@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\201d3dde
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\00000004.@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\00000008.@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\000000cb.@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000000.@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000032.@
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000064.@
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\00000004.@
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\1afb2d56
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 soulshine

    New Member

  • Members
  • Pip
  • 12 posts

Posted 12 July 2012 - 09:50 AM

I got these:


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
Ran by SYSTEM at 2012-07-12 10:46:58 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0} moved successfully.
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@ not found.
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L not found.
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U not found.
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\00000004.@ not found.
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\201d3dde not found.
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\00000004.@ not found.
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\00000008.@ not found.
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\000000cb.@ not found.
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000000.@ not found.
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000032.@ not found.
C:\Windows\Installer\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U\80000064.@ not found.
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0} moved successfully.
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\@ not found.
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L not found.
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\U not found.
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\00000004.@ not found.
C:\Users\Jowie\AppData\Local\{9f2f9835-ef13-315a-3d4f-ada7e6951cb0}\L\1afb2d56 not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

#10 MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,537 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 July 2012 - 09:53 AM

Good...Well Done.....Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 soulshine

    New Member

  • Members
  • Pip
  • 12 posts

Posted 12 July 2012 - 10:20 AM

I'm trying to disable Tea Timer from Spybot&Search, but this program wants me to run it on admin; however, when I click on right click I get this pop up Windows Installer installing and then my bottom tab..the start up menu freezes.

#12 MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,537 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 July 2012 - 10:28 AM

Will ComboFix run with it enabled?? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 soulshine

    New Member

  • Members
  • Pip
  • 12 posts

Posted 12 July 2012 - 10:30 AM

I haven't tried that..I was just making sure that I'm following the instructions. I know it said *may interfere...Let me run ComboFix now..

#14 soulshine

    New Member

  • Members
  • Pip
  • 12 posts

Posted 12 July 2012 - 11:20 AM 

ComboFix 12-07-12.02 - Jowie 07/12/2012  11:36:17.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3999.2693 [GMT -4:00]
Running from: c:\users\Jowie\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\program files (x86)\Extension Changer\extmain.exe
c:\users\Jowie\AppData\Roaming\chrtmp
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\windows\SysWow64\system
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-12 to 2012-07-12  )))))))))))))))))))))))))))))))
.
.
2012-07-12 17:03 . 2012-07-12 17:03 -------- d-----w- C:\FRST
2012-07-12 15:48 . 2012-07-12 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 00:37 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-07-12 00:30 . 2012-07-12 00:30 21520 ----a-w- c:\windows\DCEBoot64.exe
2012-07-12 00:30 . 2012-07-12 00:31 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-07-12 00:13 . 2012-07-12 00:13 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-07-11 14:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 14:00 . 2012-06-02 12:05 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-07-11 11:24 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:24 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:24 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 11:24 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 11:24 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 11:24 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 01:42 . 2012-07-11 01:42 -------- d-----w- c:\users\Jowie\AppData\Local\adaware
2012-07-11 01:41 . 2012-07-12 00:30 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-07-11 01:41 . 2011-12-19 16:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-07-11 01:40 . 2011-12-19 16:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-07-11 01:40 . 2011-09-29 16:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-07-11 01:40 . 2011-12-19 17:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-07-11 01:40 . 2012-07-12 00:32 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-07-11 01:38 . 2012-07-11 01:47 -------- d-----w- c:\users\Jowie\AppData\Roaming\Ad-Aware Antivirus
2012-07-10 14:59 . 2012-07-10 15:23 -------- d-----w- c:\users\Jowie\AppData\Local\MagicCamera
2012-07-10 14:59 . 2012-07-10 16:40 -------- d-----w- c:\program files (x86)\Company
2012-07-10 14:59 . 2010-05-22 12:00 15693038 ---ha-w- c:\program files\MagicCam.exe
2012-07-10 14:50 . 2010-11-09 15:21 82432 ----a-w- c:\windows\system32\HPMSWebcam.dll
2012-07-10 13:21 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AB62FD2-1839-467F-AB4E-84351BDB2E11}\mpengine.dll
2012-07-10 02:21 . 2012-07-11 14:13 -------- d-----w- c:\users\Jowie\AppData\Roaming\vlc
2012-07-08 01:33 . 2012-07-08 01:33 -------- d-----w- c:\users\Jowie\AppData\Roaming\Trine2
2012-07-05 15:59 . 2009-12-05 23:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-07-05 15:59 . 2012-07-05 15:59 -------- d-----w- c:\program files (x86)\ffdshow
2012-07-05 14:52 . 2012-07-05 14:52 -------- d-----w- c:\users\Jowie\AppData\Roaming\MotioninJoy
2012-07-05 14:52 . 2012-07-05 14:52 -------- d-----w- c:\program files\MotioninJoy
2012-07-05 14:52 . 2012-05-12 16:31 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-07-05 14:52 . 2011-12-07 23:42 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2012-07-05 14:52 . 2011-12-07 23:42 328712 ----a-w- c:\windows\system32\MijFrc.dll
2012-06-21 22:58 . 2012-06-21 22:58 -------- d-----w- c:\programdata\RELOADED
2012-06-21 22:56 . 2012-06-21 22:58 -------- d-----w- c:\program files (x86)\The Walking Dead
2012-06-21 20:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 20:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 20:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 20:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 20:09 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 20:09 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 20:09 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 20:08 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 20:08 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 15:58 . 2012-06-18 15:57 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-18 15:58 . 2012-06-18 15:57 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-18 15:55 . 2012-06-18 15:55 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-14 19:34 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 19:34 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 19:34 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 19:34 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 19:34 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 19:34 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 19:34 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-14 19:34 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 19:29 . 2012-06-14 19:29 -------- d-----w- c:\users\Jowie\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 22:31 . 2012-04-01 22:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 22:31 . 2011-08-28 04:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 15:55 . 2012-05-20 05:05 772592 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-18 15:55 . 2010-04-19 23:08 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-25 01:50 . 2012-05-25 01:50 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Jowie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jowie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-07-20 921952]
R2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-02 308136]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Legend of Edda\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2010-10-02 43456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 40464]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 pspdisp;pspdisp;c:\windows\system32\DRIVERS\pspdisp_x64.sys [2011-01-18 4608]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2011-03-19 51776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 X6va001;X6va001;c:\users\Jowie\AppData\Local\Temp\001C64C.tmp [x]
R3 X6va003;X6va003;c:\users\Jowie\AppData\Local\Temp\0039201.tmp [x]
R3 X6va005;X6va005;c:\users\Jowie\AppData\Local\Temp\0059148.tmp [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 Ad-Aware Service;Ad-Aware Service; [x]
R4 avgfws9;AVG Firewall; [x]
R4 MBAMService;MBAMService; [x]
R4 MotoHelper;MotoHelper Service; [x]
R4 SBAMSvc;Ad-Aware; [x]
S0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwa.sys [2010-07-12 27216]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-07-12 56008]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2010-07-12 29976]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-07-12 269904]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2010-07-12 35536]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2010-07-12 317520]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-07-12 132688]
S3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-07-12 35920]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-03 31088]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-20 139264]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ    Akamai
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 22:37]
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:31]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 05:55]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 05:55]
.
2012-07-04 c:\windows\Tasks\HPCeeScheduleForJowie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jowie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-09 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-20 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-20 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-20 365592]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2011-12-19 200560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 66.79.51.85 66.79.78.47
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
Toolbar-10 - (no file)
Notify-igfxcui - (no file)
Notify-WB - (no file)
Toolbar-10 - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ad-Aware Service]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgfws9]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMService]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MotoHelper]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SBAMSvc]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\Jowie\AppData\Local\Temp\001C64C.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Jowie\AppData\Local\Temp\0039201.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Jowie\AppData\Local\Temp\0059148.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2796638464-2314196172-2606727940-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):0a,b5,d9,b2,88,68,e2,0a,3f,61,d4,77,11,8c,ad,b5,2f,11,d3,e6,d1,
   09,d9,ee,a0,72,f1,ef,e5,08,1c,4a,29,9e,fa,d7,95,2b,af,42,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2796638464-2314196172-2606727940-1001_Classes\Wow6432Node\CLSID\{6cf5d877-0e07-476d-a14e-db46c1839e67}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000118
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2796638464-2314196172-2606727940-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):04,01,b1,2b,4a,ec,ae,84,ed,de,5a,6f,20,7f,47,04,1f,0d,65,f0,34,
   50,b9,4e,a6,8f,53,a5,82,93,48,21,64,f9,d8,4a,ea,eb,5d,c1,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2796638464-2314196172-2606727940-1001_Classes\Wow6432Node\CLSID\{fc7f584d-8f57-4c7b-ae82-9d4c047a2b38}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a3
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,85,b1,12,f9,90,dd,23,a1,00,5c,10,84,61,1a,f8,46,26,30,79,b8,99,75,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-07-12  12:12:05 - machine was rebooted
ComboFix-quarantined-files.txt  2012-07-12 16:11
.
Pre-Run: 30,552,686,592 bytes free
Post-Run: 30,371,545,088 bytes free
.
- - End Of File - - 1A04C335A68A49658396FEAAFF2C2DD7

#15 MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,537 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 July 2012 - 12:18 PM

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 soulshine

    New Member

  • Members
  • Pip
  • 12 posts

Posted 12 July 2012 - 01:23 PM

Detected none...I hope. When I click on a file, this windows installer shows up and just freezes my desktop. My mouse icon is on loading animation. But yea, my desktop is frozen right now.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.12.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jowie :: JOWIE-PC [administrator]
7/12/2012 2:13:27 PM
mbam-log-2012-07-12 (14-13-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220072
Time elapsed: 3 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#17 soulshine

    New Member

  • Members
  • Pip
  • 12 posts

Posted 12 July 2012 - 01:25 PM

My desktop freezes when I right click on a file..this windows installer shows up and nothing happens.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.12.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jowie :: JOWIE-PC [administrator]
7/12/2012 2:13:27 PM
mbam-log-2012-07-12 (14-13-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220072
Time elapsed: 3 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#18 MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,537 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 July 2012 - 01:54 PM

Have you rebooted the computer yet? If not please do so, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#19 soulshine

    New Member

  • Members
  • Pip
  • 12 posts

Posted 12 July 2012 - 04:51 PM

Yup, a lot of times. Should I do system restore, but would that bring back those nasty trojans?

#20 MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,537 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 July 2012 - 06:52 PM

Was it OK before you ran ComboFix?? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs
  5. Terms of Use