Jump to content

Hijacked by IT Criminal


Rosie

Recommended Posts

Hi, and THANK YOU SO MUCH for your assistance in resoving this longstanding infection. Since January of 2011 when I took my machine to an "authorized HP It guy, I have been trying to eradicate his presence by any means possible with little success.

I took my Compag to an IT guy for cleaning and other minor issues in January and I believe he installed Symantec Endpoint Protection [without my permission, as an entry point into my system.Symantec Endpoint stopped working and restarted on its own and I mark that as the beginning of my 7 month odyssey. I also think he installed a wireless adapter card which went unnoticed until HP replaced my Compaq with this Pavillion which I now use. That was approximately three months ago but as soon as I connected and booted my external Iomega hard drive, my new computer was reinfected.

The symptoms of this take over are too numerous too mention, but I will hit the highlights. I am convinced my computer was turned into a bot or at least used as a client computer on a virtual network because I am always on a group policy without certain administrative rights. When I allow updates [which I am not presently] I always receive updates for Windows Server 2008 R2 and I still have Hyper-V Client Migration files.

I have reformatted BOTH computers between ten and fifteen times but never results in a clean wipe as several identifiable files always turn up as in A SYSTEM.SAV folder under C:.

I have used almost every paid anti virus under the sun and have seen the registry substitute archive, inherently vulnerable instances of the same. Neither Malware Bytes Pro, nor Security Essentials or Norton 360 ever find anything. SuperAntiSpyware at least finds 150+cookies including ones called SQLITE In fact, knowing I could always reinstall all necessary files from my HP discs, I have gone to the registry and deleted everything that didn't look right in an effort to delete registry infection so that I could really do a format. But I discovered that the ons I really needed to delete...ie. 'user profiles' could not be deleted.

I noticed that I have previously posted about this some months ago. My apologies but hardware failure and infections have prevented me from returning. I also apologize for accidentally posting the first half of this accidentally. Please help me do this right. I am rather desperate to regain control of my computer and peripherals.

Ark.txt results in no text. Can't find 'Attach.txt". Probably a script blocker, but I don't know how to fix it. SORRY! Plus my apologies for the partial accidental posting that resulted from user incompetence.

Thanks again for your support. First the Defogger Failure...

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 08:54 on 04/09/2011 (FuBar)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

MBAM

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7715

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/14/2011 11:39:51 AM

mbam-log-2011-09-14 (11-39-51).txt

Scan type: Quick scan

Objects scanned: 172793

Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by FuBar at 11:41:47 on 2011-09-14

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2547 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\WUDFHost.exe

C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe

J:\Panda USB Vaccine\USBVaccine.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Users\FuBar\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\explorer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

mWinlogon: Userinit=userinit.exe,

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun: [Malwarebytes' Anti-Malware] "C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{A29970E0-D3ED-4DE6-8CB5-71282643B122} : DhcpNameServer = 192.168.2.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\FuBar\AppData\Roaming\Mozilla\Firefox\Profiles\j1mra0hk.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Users\FuBar\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Users\FuBar\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 MBAMService;MBAMService;C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-14 366152]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-2 1119768]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S3 GSBoot;GSBoot;C:\Windows\system32\Drivers\GSBoot.sys --> C:\Windows\system32\Drivers\GSBoot.sys [?]

S3 GSBootSvc;GSBootSvc;C:\Windows\System32\GSBootSvc.exe --> C:\Windows\System32\GSBootSvc.exe [?]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

.

=============== Created Last 30 ================

.

2011-09-14 14:42:36 709968 ----a-w- C:\Windows\isRS-000.tmp

2011-09-14 14:09:58 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3A23D437-3BC2-4F64-AB5C-06648C41D7CA}\mpengine.dll

2011-09-11 13:56:13 111168 ----a-r- C:\Windows\System32\GSBootSvc.exe

2011-09-11 13:54:22 -------- d-----w- C:\ProgramData\Geek Squad

2011-09-10 20:09:27 -------- d-----w- C:\ProgramData\Panda Security

2011-09-10 13:44:12 -------- d-----w- C:\Users\FuBar\AppData\Roaming\hpqLog

2011-09-10 13:43:55 -------- d--h--w- C:\System.sav

2011-09-10 13:43:44 -------- d-----w- C:\Users\FuBar\AppData\Roaming\WinBatch

2011-09-10 00:04:35 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-09-10 00:04:35 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-09-10 00:04:35 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll

2011-09-10 00:04:35 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-09-10 00:04:34 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-09-09 14:16:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-09 11:44:11 -------- d-----w- C:\Users\FuBar\AppData\Roaming\SUPERAntiSpyware.com

2011-09-09 11:44:11 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-09-08 13:34:52 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-09-08 13:34:51 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-08 13:34:51 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA56368D-31E8-485B-91DC-1D456081CA77}\gapaengine.dll

2011-09-07 21:26:01 -------- d-----w- C:\Users\FuBar\AppData\Local\Microsoft_Corporation

2011-09-07 19:45:20 -------- d-----w- C:\Users\FuBar\AppData\Local\HuluDesktop

2011-09-07 19:44:49 -------- d-----w- C:\Users\FuBar\AppData\Roaming\NewspaperDirect

2011-09-07 19:24:20 -------- d-----w- C:\Users\FuBar\AppData\Local\ElevatedDiagnostics

2011-09-07 14:20:12 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-09-07 13:48:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-09-07 13:48:30 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-09-07 06:16:08 -------- d-----w- C:\perflogs

2011-09-07 06:10:54 -------- d-----w- C:\Users\FuBar\AppData\Local\Diagnostics

2011-09-06 15:35:35 -------- d-----w- C:\Windows\pss

2011-09-04 14:12:05 -------- d-----w- C:\Users\FuBar\AppData\Roaming\Malwarebytes

2011-09-04 14:11:53 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-04 14:11:53 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-04 14:11:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-09-04 14:11:49 -------- d-----w- C:\Users\FuBar\Malwarebytes' Anti-Malware

2011-09-03 17:28:43 -------- d-----w- C:\Users\FuBar\AppData\Roaming\Windows Live Writer

2011-09-03 17:28:41 -------- d-----w- C:\Users\FuBar\AppData\Local\Windows Live Writer

2011-09-03 13:36:29 -------- d-----w- C:\Users\FuBar\AppData\Roaming\HpUpdate

2011-09-03 13:16:04 -------- d-----w- C:\Windows\System32\drivers\NISx64\1206000.01D

2011-09-02 13:17:12 -------- d-----w- C:\Users\FuBar\AppData\Local\ATI

2011-09-02 13:17:10 -------- d-----w- C:\Users\FuBar\AppData\Roaming\PictureMover

2011-09-02 13:16:10 -------- d-----w- C:\Users\FuBar\AppData\Local\PDFC

2011-09-02 13:15:53 -------- d-----w- C:\Users\FuBar\AppData\Local\VirtualStore

2011-09-02 13:15:40 -------- d-----w- C:\Users\FuBar\AppData\Local\RemEngine

2011-09-02 06:30:57 52224 ----a-w- C:\Windows\System32\rtutils.dll

2011-09-02 06:30:57 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll

2011-09-02 06:30:45 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2011-09-02 06:28:49 3123712 ----a-w- C:\Windows\System32\win32k.sys

2011-09-02 06:28:36 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-09-02 06:28:36 3955080 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-09-02 06:28:36 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-09-02 06:28:09 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-09-02 06:28:09 427520 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-09-02 06:26:49 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-09-02 06:26:49 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-09-02 06:26:49 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-09-02 06:26:38 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-09-02 06:26:38 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-09-02 06:26:38 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-09-02 06:26:38 293888 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-09-02 06:25:52 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2011-09-02 06:25:52 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2011-09-02 06:25:40 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2011-09-02 06:25:40 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

2011-09-02 06:25:40 2085376 ----a-w- C:\Windows\System32\ole32.dll

2011-09-02 06:25:40 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll

2011-09-02 06:25:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2011-09-02 06:23:55 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-02 06:23:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-09-02 06:23:44 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-09-02 06:23:44 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-09-02 06:23:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-09-02 06:23:44 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-09-02 06:23:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-09-02 06:23:34 220672 ----a-w- C:\Windows\System32\wintrust.dll

2011-09-02 06:23:34 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2011-09-02 06:22:18 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-09-02 06:22:18 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-09-02 06:22:03 389632 ----a-w- C:\Windows\System32\winlogon.exe

2011-09-02 06:22:03 2870272 ----a-w- C:\Windows\explorer.exe

2011-09-02 06:22:03 2614272 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-09-02 06:21:50 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2011-09-02 06:21:50 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2011-09-02 06:21:14 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2011-09-02 06:19:59 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2011-09-02 06:19:59 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2011-09-02 06:19:27 46592 ----a-w- C:\Windows\System32\msasn1.dll

2011-09-02 06:19:27 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll

2011-09-02 06:18:58 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll

2011-09-02 06:18:58 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll

2011-09-02 06:17:50 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2011-09-02 06:17:50 100864 ----a-w- C:\Windows\System32\fontsub.dll

2011-09-02 06:17:29 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2011-09-02 06:17:29 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2011-09-02 06:17:16 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2011-09-02 06:17:16 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2011-09-02 06:17:16 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2011-09-02 06:17:16 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2011-09-02 06:15:54 633856 ----a-w- C:\Windows\System32\comctl32.dll

2011-09-02 06:15:54 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2011-09-02 06:15:43 -------- d-----w- C:\Windows\System32\drivers\NISx64

2011-09-02 06:15:42 30088 ----a-w- C:\Windows\System32\drivers\msahci.sys

2011-09-02 06:15:42 155528 ----a-w- C:\Windows\System32\drivers\ataport.sys

2011-09-02 06:15:13 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2011-09-02 06:15:13 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2011-09-02 06:14:51 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-09-02 06:14:51 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-09-02 06:14:33 -------- d-----w- C:\Windows\en

2011-09-02 06:12:58 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll

2011-09-02 06:11:18 -------- d-----w- C:\Program Files (x86)\Microsoft

2011-09-02 06:11:14 -------- d-----w- C:\Program Files (x86)\MSN Toolbar

2011-09-02 06:10:16 -------- d-----w- C:\Program Files (x86)\K-NFB Reading Technology Inc

2011-09-02 06:09:54 -------- d-----w- C:\Program Files (x86)\Kobo

2011-09-02 06:09:43 -------- d-----w- C:\Windows\PRIndex

2011-09-02 06:09:24 -------- d-----w- C:\Program Files (x86)\Zinio Reader 4

2011-09-02 06:07:34 -------- d---a-w- C:\Program Files (x86)\Common Files\LS Getting Started

2011-09-02 06:04:44 55296 ----a-w- C:\Windows\System32\coinst.dll

2011-09-02 06:02:59 -------- d-----w- C:\Program Files (x86)\HP Games

2011-09-02 06:02:54 -------- d-----w- C:\ProgramData\WildTangent

2011-09-02 06:02:46 -------- d-----w- C:\ProgramData\PictureMover

2011-09-02 06:02:45 -------- d-----w- C:\Program Files (x86)\PictureMover

2011-09-02 06:02:24 20120360 ----a-w- C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe

2011-09-02 06:02:24 -------- d-----r- C:\Program Files (x86)\Online Services

2011-09-02 06:02:18 19464 ----a-w- C:\Windows\System32\pdfc_port.dll

2011-09-02 06:02:17 -------- d-----w- C:\Program Files (x86)\PDF Complete

2011-09-02 06:02:08 -------- d-----w- C:\ProgramData\PDFC

2011-09-02 06:02:06 -------- d-----w- C:\ProgramData\Uninstall

2011-09-02 06:01:35 -------- d-----w- C:\Program Files (x86)\Microsoft WSE

2011-09-02 06:01:22 -------- d-----w- C:\ProgramData\RoxioNow

2011-09-02 06:01:12 -------- d-----w- C:\Program Files (x86)\Roxio

2011-09-02 05:51:16 253952 ----a-w- C:\Windows\SysWow64\cPC_DMIRD.dll

2011-09-02 05:49:57 -------- d-----w- C:\ProgramData\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF}

2011-09-02 05:49:38 -------- d-----w- C:\Program Files (x86)\Hp

2011-09-02 05:48:22 327008 ----a-w- C:\Windows\System32\RaCoInstx.dll

2011-09-02 05:48:22 1002848 ----a-w- C:\Windows\System32\drivers\netr28x.sys

2011-09-02 05:47:18 -------- d-----w- C:\Program Files\ATI

2011-09-02 05:47:17 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-09-02 05:45:57 -------- d-----w- C:\Program Files (x86)\Realtek

2011-09-02 05:45:56 1251944 ----a-w- C:\Windows\RtlExUpd.dll

2011-09-02 05:45:56 -------- d--h--w- C:\Program Files (x86)\Temp

2011-09-02 05:45:55 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2011-09-02 05:45:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2011-09-02 05:45:55 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2011-09-02 05:45:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-09-02 05:45:55 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2011-09-02 05:45:55 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2011-09-02 05:45:55 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2011-09-02 05:45:55 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2011-09-02 05:41:12 -------- d-----w- C:\Program Files\hp

2011-09-02 05:38:46 -------- d-sh--w- C:\Windows\Installer

2011-09-02 05:35:19 -------- d-----w- C:\Windows\SysWow64\RTCOM

2011-09-02 05:35:19 -------- d-----w- C:\Program Files\Realtek

2011-09-02 05:35:18 0 ----a-w- C:\Windows\ativpsrm.bin

.

==================== Find3M ====================

.

2011-09-02 06:27:57 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2011-09-02 06:27:57 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2011-09-02 06:27:57 552960 ----a-w- C:\Windows\System32\msdri.dll

2011-09-02 06:27:57 288256 ----a-w- C:\Windows\System32\MSNP.ax

2011-09-02 06:27:57 258560 ----a-w- C:\Windows\System32\mpg2splt.ax

2011-09-02 06:27:57 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

2011-09-02 06:27:57 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2011-09-02 06:27:40 1736608 ----a-w- C:\Windows\System32\ntdll.dll

2011-09-02 06:27:40 1289528 ----a-w- C:\Windows\SysWow64\ntdll.dll

2011-09-02 06:27:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2011-09-02 06:27:16 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-09-02 06:27:16 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-09-02 06:27:16 1446912 ----a-w- C:\Windows\System32\lsasrv.dll

2011-09-02 06:23:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-09-02 06:16:42 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-02 06:15:02 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2011-09-02 06:15:02 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2011-09-02 06:13:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-09-02 06:13:57 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-09-02 06:13:43 1877504 ----a-w- C:\Windows\System32\msxml3.dll

2011-09-02 06:13:43 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll

2011-09-02 06:13:33 982600 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-09-02 06:13:33 144384 ----a-w- C:\Windows\System32\cdd.dll

.

============= FINISH: 11:42:12.15 ===============

Link to post
Share on other sites

  • Root Admin

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Right click on combofix.exe & and choose Run as administrator and follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it will produce a log for you. Post that log in your next reply. You can also locate this file here c:\combofix.txt
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Simple instructions for a simple mind. BTW, I thought I had disabled MBAM but it was already running when I rebooted. Thank you for your help.

Here is the ComboFix log:

ComboFix 11-09-18.01 - FuBar 09/18/2011 12:32:16.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.3000 [GMT -6:00]

Running from: c:\users\FuBar\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

/wow section - STAGE 4

Access is denied.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Thumbs.db

c:\windows\SysWow64\comct332.ocx

.

.

((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 )))))))))))))))))))))))))))))))

.

.

2011-09-18 18:53 . 2011-09-18 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-18 15:26 . 2011-08-12 03:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E80BEF99-32E7-43FF-A7EF-BCE59D739B45}\mpengine.dll

2011-09-18 12:22 . 2011-09-18 12:22 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-17 14:59 . 2011-09-17 14:59 -------- d-----w- c:\programdata\IObit

2011-09-17 14:37 . 2011-09-17 14:37 -------- d-----w- c:\program files\Iomega

2011-09-17 14:36 . 2011-09-17 14:36 -------- d-----w- c:\windows\Downloaded Installations

2011-09-17 13:28 . 2011-09-17 13:28 -------- dc----w- c:\windows\system32\DRVSTORE

2011-09-17 13:28 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-09-17 13:21 . 2011-09-17 13:21 -------- d-----w- c:\program files (x86)\QuickTime

2011-09-17 13:21 . 2011-09-17 13:21 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-09-17 13:21 . 2011-09-17 13:21 -------- d-----w- c:\program files\Common Files\Apple

2011-09-17 13:21 . 2011-09-17 13:21 -------- d-----w- c:\program files\Bonjour

2011-09-17 13:21 . 2011-09-17 13:21 -------- d-----w- c:\program files (x86)\Bonjour

2011-09-17 13:20 . 2011-09-17 13:28 -------- d-----w- c:\program files (x86)\Common Files\Apple

2011-09-17 13:20 . 2011-09-17 13:20 -------- d-----w- c:\programdata\Apple

2011-09-16 15:33 . 2011-09-16 15:33 -------- d-----w- c:\programdata\NCH Software

2011-09-16 15:33 . 2011-09-16 15:33 -------- d-----w- c:\program files (x86)\NCH Software

2011-09-16 15:23 . 2011-09-16 15:23 -------- d-----w- c:\program files (x86)\WMA To MP3 Encoder

2011-09-16 08:43 . 2011-09-16 08:43 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-09-16 08:43 . 2011-09-16 08:43 2048 ----a-w- c:\windows\system32\tzres.dll

2011-09-16 08:36 . 2011-09-16 08:36 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-09-16 08:36 . 2011-09-16 08:36 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-09-16 08:36 . 2011-09-16 08:36 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-09-16 08:33 . 2011-09-16 08:33 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-16 08:27 . 2011-09-16 08:27 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll

2011-09-16 08:27 . 2011-09-16 08:27 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll

2011-09-16 08:27 . 2011-09-16 08:27 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll

2011-09-16 08:27 . 2011-09-16 08:27 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll

2011-09-16 08:27 . 2011-09-16 08:27 212992 ----a-w- c:\windows\system32\odbctrac.dll

2011-09-16 08:27 . 2011-09-16 08:27 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll

2011-09-16 08:27 . 2011-09-16 08:27 163840 ----a-w- c:\windows\system32\odbccp32.dll

2011-09-16 08:27 . 2011-09-16 08:27 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll

2011-09-16 08:27 . 2011-09-16 08:27 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll

2011-09-16 08:27 . 2011-09-16 08:27 106496 ----a-w- c:\windows\system32\odbccu32.dll

2011-09-16 08:27 . 2011-09-16 08:27 106496 ----a-w- c:\windows\system32\odbccr32.dll

2011-09-16 08:22 . 2011-09-16 08:22 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-09-16 08:22 . 2011-09-16 08:22 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-09-16 08:22 . 2011-09-16 08:22 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-09-16 08:05 . 2011-09-16 08:05 3134464 ----a-w- c:\windows\system32\win32k.sys

2011-09-16 08:04 . 2011-09-16 08:04 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-09-16 08:04 . 2011-09-16 08:04 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-09-16 08:04 . 2011-09-16 08:04 404992 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-09-16 08:04 . 2011-09-16 08:04 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-09-16 08:04 . 2011-09-16 08:04 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-09-16 07:55 . 2011-09-16 07:55 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-09-16 07:55 . 2011-09-16 07:55 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2011-09-16 07:53 . 2011-09-16 07:53 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2011-09-16 07:53 . 2011-09-16 07:53 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-09-16 07:52 . 2011-09-16 07:52 461312 ----a-w- c:\windows\system32\drivers\srv.sys

2011-09-16 07:52 . 2011-09-16 07:52 399872 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-09-16 07:52 . 2011-09-16 07:52 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-09-16 07:51 . 2011-09-16 07:51 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-09-16 07:50 . 2011-09-16 07:50 499712 ----a-w- c:\windows\system32\drivers\afd.sys

2011-09-16 07:49 . 2011-09-16 07:49 861184 ----a-w- c:\windows\system32\oleaut32.dll

2011-09-16 07:49 . 2011-09-16 07:49 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-09-16 07:35 . 2011-09-16 07:35 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-16 07:35 . 2011-09-16 07:35 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-09-16 07:33 . 2011-09-16 07:33 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-09-16 07:33 . 2011-09-16 07:33 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-09-16 07:33 . 2011-09-16 07:33 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-09-16 07:30 . 2011-09-16 07:30 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2011-09-16 07:30 . 2011-09-16 07:30 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-09-16 07:28 . 2011-09-16 07:28 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2011-09-16 07:28 . 2011-09-16 07:28 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-09-16 07:28 . 2011-09-16 07:28 2870272 ----a-w- c:\windows\explorer.exe

2011-09-16 07:28 . 2011-09-16 07:28 2614784 ----a-w- c:\windows\SysWow64\explorer.exe

2011-09-16 07:26 . 2011-09-16 07:26 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-09-16 07:26 . 2011-09-16 07:26 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2011-09-16 07:26 . 2011-09-16 07:26 182272 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-09-16 07:24 . 2011-09-16 07:24 612352 ----a-w- c:\windows\system32\vbscript.dll

2011-09-16 07:24 . 2011-09-16 07:24 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-09-16 07:22 . 2011-09-16 07:22 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-09-16 07:22 . 2011-09-16 07:22 367104 ----a-w- c:\windows\system32\atmfd.dll

2011-09-16 07:22 . 2011-09-16 07:22 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-09-16 07:22 . 2011-09-16 07:22 294912 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-09-16 07:20 . 2011-09-16 07:20 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-09-16 07:19 . 2011-09-16 07:19 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-09-16 07:17 . 2011-09-16 07:17 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-09-16 07:17 . 2011-09-16 07:17 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-09-16 07:17 . 2011-09-16 07:17 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-09-16 07:17 . 2011-09-16 07:17 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-09-16 07:15 . 2011-09-16 07:15 640896 ----a-w- c:\windows\system32\winload.efi

2011-09-16 07:15 . 2011-09-16 07:15 603976 ----a-w- c:\windows\system32\winload.exe

2011-09-16 07:15 . 2011-09-16 07:15 556928 ----a-w- c:\windows\system32\winresume.efi

2011-09-16 07:15 . 2011-09-16 07:15 518160 ----a-w- c:\windows\system32\winresume.exe

2011-09-16 07:15 . 2011-09-16 07:15 20352 ----a-w- c:\windows\system32\kdusb.dll

2011-09-16 07:15 . 2011-09-16 07:15 19328 ----a-w- c:\windows\system32\kd1394.dll

2011-09-16 07:15 . 2011-09-16 07:15 17792 ----a-w- c:\windows\system32\kdcom.dll

2011-09-16 06:57 . 2011-09-16 06:57 -------- d-----w- c:\windows\SysWow64\Wat

2011-09-16 06:57 . 2011-09-16 06:57 -------- d-----w- c:\windows\system32\Wat

2011-09-16 05:30 . 2011-09-16 05:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-09-16 05:30 . 2011-09-16 05:30 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-09-16 05:28 . 2011-09-16 05:28 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-09-16 05:28 . 2011-09-16 05:28 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-09-16 05:28 . 2011-09-16 05:28 1540608 ----a-w- c:\windows\system32\DWrite.dll

2011-09-16 05:28 . 2011-09-16 05:28 1135104 ----a-w- c:\windows\system32\FntCache.dll

2011-09-16 05:28 . 2011-09-16 05:28 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-09-16 05:26 . 2011-09-16 05:26 3138048 ----a-w- c:\windows\system32\mstscax.dll

2011-09-16 05:26 . 2011-09-16 05:26 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll

2011-09-16 05:26 . 2011-09-16 05:26 1097216 ----a-w- c:\windows\system32\mstsc.exe

2011-09-16 05:26 . 2011-09-16 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe

2011-09-16 05:24 . 2011-09-16 05:24 961024 ----a-w- c:\windows\system32\CPFilters.dll

2011-09-16 05:24 . 2011-09-16 05:24 850432 ----a-w- c:\windows\SysWow64\sbe.dll

2011-09-16 05:24 . 2011-09-16 05:24 723968 ----a-w- c:\windows\system32\EncDec.dll

2011-09-16 05:24 . 2011-09-16 05:24 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2011-09-16 05:24 . 2011-09-16 05:24 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-09-16 05:24 . 2011-09-16 05:24 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2011-09-16 05:24 . 2011-09-16 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2011-09-16 05:24 . 2011-09-16 05:24 1118720 ----a-w- c:\windows\system32\sbe.dll

2011-09-16 05:21 . 2011-09-16 05:21 1739176 ----a-w- c:\windows\system32\ntdll.dll

2011-09-16 05:21 . 2011-09-16 05:21 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll

2011-09-16 05:16 . 2011-09-16 05:16 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-09-16 05:16 . 2011-09-16 05:16 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-09-16 05:16 . 2011-09-16 05:16 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-09-16 05:16 . 2011-09-16 05:16 1837568 ----a-w- c:\windows\system32\d3d10warp.dll

2011-09-16 05:16 . 2011-09-16 05:16 144384 ----a-w- c:\windows\system32\cdd.dll

2011-09-16 05:16 . 2011-09-16 05:16 229888 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-09-16 05:16 . 2011-09-16 05:16 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2011-09-16 05:16 . 2011-09-16 05:16 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll

2011-09-16 05:16 . 2011-09-16 05:16 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll

2011-09-16 05:16 . 2011-09-16 05:16 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll

2011-09-16 05:16 . 2011-09-16 05:16 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2011-09-16 05:10 . 2011-09-16 05:10 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2011-09-16 05:10 . 2011-09-16 05:10 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2011-09-16 05:03 . 2011-09-16 05:03 714752 ----a-w- c:\windows\system32\kerberos.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-16 08:25 . 2011-09-16 08:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-09-16 04:52 . 2011-09-16 04:52 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-09-16 04:52 . 2011-09-16 04:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-09-03 12:12 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-19 07:07 . 2011-08-19 07:07 293736 ----a-w- c:\users\FuBar\iTunesOutlookAddIn.dll

2011-08-19 07:07 . 2011-08-19 07:07 421736 ----a-w- c:\users\FuBar\iTunesHelper.exe

2011-08-19 07:07 . 2011-08-19 07:07 168296 ----a-w- c:\users\FuBar\iTunesHelper.dll

2011-08-19 07:07 . 2011-08-19 07:07 403304 ----a-w- c:\users\FuBar\iTunesAdmin.dll

2011-08-19 07:07 . 2011-08-19 07:07 9777000 ----a-w- c:\users\FuBar\iTunes.exe

2011-08-19 07:07 . 2011-08-19 07:07 19664232 ----a-w- c:\users\FuBar\iTunes.dll

2011-08-19 07:07 . 2011-08-19 07:07 792424 ----a-w- c:\users\FuBar\gnsdk_sdkmanager.dll

2011-08-19 07:07 . 2011-08-19 07:07 276328 ----a-w- c:\users\FuBar\gnsdk_submit.dll

2011-08-19 07:07 . 2011-08-19 07:07 2742120 ----a-w- c:\users\FuBar\gnsdk_dsp.dll

2011-08-19 07:07 . 2011-08-19 07:07 198504 ----a-w- c:\users\FuBar\gnsdk_musicid.dll

2011-07-29 07:10 . 2011-07-29 07:10 111904 ----a-w- c:\users\FuBar\ITDetector.ocx

2011-07-12 17:34 . 2011-07-12 17:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 17:34 . 2011-07-12 17:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 17:34 . 2011-07-12 17:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 17:34 . 2011-07-12 17:34 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-12 17:20 . 2011-07-12 17:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 17:20 . 2011-07-12 17:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-12 17:20 . 2011-07-12 17:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-07-12 17:20 . 2011-07-12 17:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-07-06 00:37 . 2011-07-06 00:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-06 00:37 . 2011-07-06 00:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 4"="k:\advanced systemcare 4\ASCTray.exe" [2011-08-09 417112]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 5471104]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]

"iTunesHelper"="c:\users\FuBar\iTunesHelper.exe" [2011-08-19 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GSBoot]

@="Driver Group"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GSBootSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

R2 MBAMService;MBAMService;c:\users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R3 GSBoot;GSBoot;c:\windows\system32\Drivers\GSBoot.sys [x]

R3 GSBootSvc;GSBootSvc;c:\windows\System32\GSBootSvc.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 QPCopyEngine;QPCopyEngine;c:\program files\Iomega\QuikProtect\QpMonitor.exe [2010-06-24 394544]

R3 QsFsFltr;QsFsFltr;c:\windows\system32\DRIVERS\QsFsFltr.sys [x]

R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 33184]

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 21328]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-07-11 20336]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdvancedSystemCareService;Advanced SystemCare Service;k:\advanced systemcare 4\ASCService.exe [2011-08-09 328536]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-20 820568]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"QuiKProtect"="c:\program files\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\FuBar\AppData\Roaming\Mozilla\Firefox\Profiles\j1mra0hk.default\

FF - prefs.js: network.proxy.type - 0

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,a0,05,a1,dc,70,4d,49,87,c9,78,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,a0,05,a1,dc,70,4d,49,87,c9,78,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

k:\advanced systemcare 4\PMonitor.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

j:\panda usb vaccine\USBVaccine.exe

.

**************************************************************************

.

Completion time: 2011-09-18 12:57:36 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-18 18:57

.

Pre-Run: 955,063,336,960 bytes free

Post-Run: 954,826,727,424 bytes free

.

- - End Of File - - F46CA6A4B5B9AC6A9D09CA5EAEB6374D

Link to post
Share on other sites

  • Root Admin

STEP 01

Please temporarily uninstall the following programs. When we are finished here you can re-install them if you like.

Advanced SystemCare 4

SUPERAntiSpyware

IObit Malware Fighter

IObit Smart Defrag

Geek Squad

STEP 02

From within Internet Explorer go to Tools/Internet Options/Advanced and click on the Reset buttton. Then quit Internet Explorer.

STEP 03

Please run a FULL disk check on your system. It will take at lesat 10 minutes up to a few hours to complete.

If it does not run then let me know.

How to Run Check Disk at Startup in Vista or Windows 7

STEP 04

After the computer restarts then run the following and send me back the logs

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.


    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

STEP 01

Please temporarily uninstall the following programs. When we are finished here you can re-install them if you like.

Advanced SystemCare 4

SUPERAntiSpyware

IObit Malware Fighter

IObit Smart Defrag

Geek Squad

Hello and thanks for your help...I think I removed all the above EXCEPT for one Advanced System Care file located on my Ridata Flash drive and listed as the attached file name. Whenever I try to delete it, I get a message that says the file is being used by Windows Explorer, but I couldn't find out what the file was doing. I await your instructions. thanks

Link to post
Share on other sites

Okay please run the DDS scan then for now and post the logs and we'll go from there.

Thanks

As Always, thanks for your time and volunteerism...And now, the DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by FuBar at 7:00:46 on 2011-09-20

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2659 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k netsvcs

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

J:\Panda USB Vaccine\USBVaccine.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Bing Bar BHO

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [Advanced SystemCare 4] K:\Advanced SystemCare 4\ASCTray.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Users\FuBar\iTunesHelper.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{A29970E0-D3ED-4DE6-8CB5-71282643B122} : DhcpNameServer = 192.168.2.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Bing Bar BHO

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Users\FuBar\iTunesHelper.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\FuBar\AppData\Roaming\Mozilla\Firefox\Profiles\j1mra0hk.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\FuBar\Mozilla Plugins\npitunes.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 MBAMService;MBAMService;C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-14 366152]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-2 1119768]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 AdvancedSystemCareService;Advanced SystemCare Service;K:\Advanced SystemCare 4\ASCService.exe --> K:\Advanced SystemCare 4\ASCService.exe [?]

S3 GSBootSvc;GSBootSvc;C:\Windows\System32\GSBootSvc.exe --> C:\Windows\System32\GSBootSvc.exe [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-09-19 16:51:10 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAA95210-E229-4E70-B743-B041D1F2287F}\mpengine.dll

2011-09-19 01:05:13 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-18 18:30:00 98816 ----a-w- C:\Windows\sed.exe

2011-09-18 18:30:00 518144 ----a-w- C:\Windows\SWREG.exe

2011-09-18 18:30:00 256000 ----a-w- C:\Windows\PEV.exe

2011-09-18 18:30:00 208896 ----a-w- C:\Windows\MBR.exe

2011-09-17 14:37:21 -------- d-----w- C:\Program Files\Iomega

2011-09-17 14:36:33 -------- d-----w- C:\Windows\Downloaded Installations

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-09-17 13:21:26 -------- d-----w- C:\Users\FuBar\AppData\Local\Apple

2011-09-17 13:21:04 -------- d-----w- C:\Program Files\Bonjour

2011-09-17 13:21:04 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-09-16 15:33:07 -------- d-----w- C:\Program Files (x86)\NCH Software

2011-09-16 15:33:04 -------- d-----w- C:\Users\FuBar\AppData\Roaming\NCH Software

2011-09-16 15:23:57 -------- d-----w- C:\Program Files (x86)\WMA To MP3 Encoder

2011-09-16 13:47:04 -------- d-----w- C:\Users\FuBar\AppData\Roaming\Roxio Log Files

2011-09-16 08:43:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-09-16 08:43:44 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-09-16 08:36:40 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-09-16 08:36:40 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-09-16 08:36:40 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-09-16 08:33:42 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-16 08:27:08 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll

2011-09-16 08:27:08 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-09-16 08:27:08 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-09-16 08:27:08 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-09-16 08:27:08 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-09-16 08:27:08 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-09-16 08:27:08 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-09-16 08:27:08 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll

2011-09-16 08:27:08 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-09-16 08:27:08 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-09-16 08:27:08 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-09-16 08:22:16 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-09-16 08:22:16 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-09-16 08:22:16 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-09-16 08:05:38 3134464 ----a-w- C:\Windows\System32\win32k.sys

2011-09-16 08:04:06 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-09-16 08:04:06 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-09-16 08:04:06 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-09-16 08:04:06 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-09-16 08:04:06 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-09-16 07:55:08 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-09-16 07:55:08 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2011-09-16 07:53:59 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2011-09-16 07:53:59 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-09-16 07:52:46 461312 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-09-16 07:52:46 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-09-16 07:52:46 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-09-16 07:51:42 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys

2011-09-16 07:50:58 499712 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-09-16 07:49:13 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2011-09-16 07:49:13 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-09-16 07:35:25 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-09-16 07:35:25 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-09-16 07:33:57 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-09-16 07:33:14 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-09-16 07:33:14 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-09-16 07:30:10 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-09-16 07:30:10 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-09-16 07:28:56 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-09-16 07:28:56 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-09-16 07:28:10 2870272 ----a-w- C:\Windows\explorer.exe

2011-09-16 07:28:10 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-09-16 07:26:16 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-09-16 07:26:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-09-16 07:26:16 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-09-16 07:24:53 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-09-16 07:24:53 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-09-16 07:22:49 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-09-16 07:22:49 367104 ----a-w- C:\Windows\System32\atmfd.dll

2011-09-16 07:22:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-09-16 07:22:49 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-09-16 07:20:39 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-09-16 07:19:05 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-09-16 07:17:53 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-09-16 07:17:53 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-09-16 07:17:53 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-09-16 07:17:53 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-09-16 07:15:45 640896 ----a-w- C:\Windows\System32\winload.efi

2011-09-16 07:15:45 603976 ----a-w- C:\Windows\System32\winload.exe

2011-09-16 07:15:45 556928 ----a-w- C:\Windows\System32\winresume.efi

2011-09-16 07:15:45 518160 ----a-w- C:\Windows\System32\winresume.exe

2011-09-16 07:15:45 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-09-16 07:15:45 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-09-16 07:15:45 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-09-16 06:57:26 -------- d-----w- C:\Windows\SysWow64\Wat

2011-09-16 06:57:26 -------- d-----w- C:\Windows\System32\Wat

2011-09-16 05:30:02 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-09-16 05:30:02 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-09-16 05:28:43 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-09-16 05:28:43 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-09-16 05:28:43 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2011-09-16 05:28:43 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2011-09-16 05:28:43 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-09-16 05:26:23 3138048 ----a-w- C:\Windows\System32\mstscax.dll

2011-09-16 05:26:23 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll

2011-09-16 05:26:23 1097216 ----a-w- C:\Windows\System32\mstsc.exe

2011-09-16 05:26:23 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe

2011-09-16 05:24:26 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2011-09-16 05:24:26 850432 ----a-w- C:\Windows\SysWow64\sbe.dll

2011-09-16 05:24:26 723968 ----a-w- C:\Windows\System32\EncDec.dll

2011-09-16 05:24:26 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2011-09-16 05:24:26 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-09-16 05:24:26 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2011-09-16 05:24:26 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2011-09-16 05:24:26 1118720 ----a-w- C:\Windows\System32\sbe.dll

2011-09-16 05:21:29 1739176 ----a-w- C:\Windows\System32\ntdll.dll

2011-09-16 05:21:29 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll

2011-09-16 05:16:08 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-09-16 05:16:08 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2011-09-16 05:16:08 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-09-16 05:16:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2011-09-16 05:16:08 144384 ----a-w- C:\Windows\System32\cdd.dll

2011-09-16 05:16:07 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll

2011-09-16 05:16:07 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2011-09-16 05:16:07 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll

2011-09-16 05:16:07 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll

2011-09-16 05:16:07 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2011-09-16 05:16:06 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2011-09-16 05:10:54 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-09-16 05:10:54 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-09-16 05:03:04 714752 ----a-w- C:\Windows\System32\kerberos.dll

2011-09-16 05:03:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2011-09-16 05:01:23 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2011-09-16 05:01:23 720896 ----a-w- C:\Windows\System32\odbc32.dll

2011-09-16 05:01:23 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2011-09-16 05:01:23 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2011-09-16 05:01:23 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2011-09-16 05:01:23 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2011-09-16 05:01:23 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2011-09-16 05:01:23 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2011-09-16 05:01:23 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2011-09-16 05:01:23 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2011-09-16 04:58:41 112000 ----a-w- C:\Windows\System32\consent.exe

2011-09-16 04:58:01 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe

2011-09-16 04:58:01 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe

2011-09-16 04:58:01 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll

2011-09-16 04:56:59 395776 ----a-w- C:\Windows\System32\webio.dll

2011-09-16 04:56:59 314368 ----a-w- C:\Windows\SysWow64\webio.dll

2011-09-16 04:56:05 285696 ----a-w- C:\Windows\System32\schtasks.exe

2011-09-16 04:56:04 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-09-16 04:56:04 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2011-09-16 04:56:04 473600 ----a-w- C:\Windows\System32\taskcomp.dll

2011-09-16 04:56:04 464384 ----a-w- C:\Windows\System32\taskeng.exe

2011-09-16 04:56:04 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2011-09-16 04:56:04 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2011-09-16 04:56:04 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

2011-09-16 04:56:04 1169408 ----a-w- C:\Windows\System32\taskschd.dll

2011-09-16 04:56:04 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

2011-09-16 04:54:04 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-09-16 04:54:04 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2011-09-16 04:47:28 552960 ----a-w- C:\Windows\System32\msdri.dll

2011-09-16 04:47:28 288256 ----a-w- C:\Windows\System32\MSNP.ax

2011-09-16 04:47:28 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

2011-09-16 04:34:26 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2011-09-16 04:34:26 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2011-09-16 04:34:26 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2011-09-16 04:34:26 444752 ----a-w- C:\Windows\System32\mscoree.dll

2011-09-16 04:34:26 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2011-09-16 04:34:26 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2011-09-16 04:34:26 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-09-16 04:34:26 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-09-16 04:34:25 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2011-09-16 04:34:25 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2011-09-16 04:28:34 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll

2011-09-16 04:28:34 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll

2011-09-16 04:26:12 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2011-09-16 03:59:46 27992 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe

2011-09-16 03:59:46 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys

2011-09-16 03:59:16 -------- d-----w- C:\Program Files (x86)\IObit

2011-09-16 03:53:23 -------- d-----w- C:\Users\FuBar\AppData\Roaming\IObit

2011-09-10 20:09:27 -------- d-----w- C:\ProgramData\Panda Security

2011-09-10 13:44:12 -------- d-----w- C:\Users\FuBar\AppData\Roaming\hpqLog

2011-09-10 13:43:55 -------- d-----w- C:\System.sav

2011-09-10 00:04:35 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-09-10 00:04:35 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-09-10 00:04:35 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll

2011-09-10 00:04:35 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-09-10 00:04:34 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-09-09 14:16:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-08 13:34:52 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-09-08 13:34:51 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-08 13:34:51 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA56368D-31E8-485B-91DC-1D456081CA77}\gapaengine.dll

2011-09-07 21:26:01 -------- d-----w- C:\Users\FuBar\AppData\Local\Microsoft_Corporation

2011-09-07 19:45:20 -------- d-----w- C:\Users\FuBar\AppData\Local\HuluDesktop

2011-09-07 19:24:20 -------- d-----w- C:\Users\FuBar\AppData\Local\ElevatedDiagnostics

2011-09-07 14:20:12 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-09-07 13:48:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-09-07 13:48:30 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-09-07 06:16:08 -------- d-----w- C:\perflogs

2011-09-07 06:10:54 -------- d-----w- C:\Users\FuBar\AppData\Local\Diagnostics

2011-09-06 15:35:35 -------- d-----w- C:\Windows\pss

2011-09-04 14:12:05 -------- d-----w- C:\Users\FuBar\AppData\Roaming\Malwarebytes

2011-09-04 14:11:53 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-04 14:11:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-09-04 14:11:49 -------- d-----w- C:\Users\FuBar\Malwarebytes' Anti-Malware

2011-09-03 17:28:41 -------- d-----w- C:\Users\FuBar\AppData\Local\Windows Live Writer

2011-09-03 13:16:04 -------- d-----w- C:\Windows\System32\drivers\NISx64\1206000.01D

2011-09-02 13:17:12 -------- d-----w- C:\Users\FuBar\AppData\Local\ATI

2011-09-02 13:16:10 -------- d-----w- C:\Users\FuBar\AppData\Local\PDFC

2011-09-02 13:15:53 -------- d-----w- C:\Users\FuBar\AppData\Local\VirtualStore

2011-09-02 13:15:40 -------- d-----w- C:\Users\FuBar\AppData\Local\RemEngine

2011-09-02 06:30:57 52224 ----a-w- C:\Windows\System32\rtutils.dll

2011-09-02 06:30:57 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll

2011-09-02 06:30:45 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2011-09-02 06:29:27 148992 ----a-w- C:\Windows\System32\t2embed.dll

2011-09-02 06:29:27 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2011-09-02 06:29:02 410504 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2011-09-02 06:29:02 27016 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2011-09-02 06:29:02 2566144 ----a-w- C:\Windows\System32\esent.dll

2011-09-02 06:29:02 187264 ----a-w- C:\Windows\System32\drivers\storport.sys

2011-09-02 06:29:02 1686016 ----a-w- C:\Windows\SysWow64\esent.dll

2011-09-02 06:29:02 166280 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2011-09-02 06:29:02 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-09-02 06:29:02 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2011-09-02 06:29:02 107912 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2011-09-02 06:27:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2011-09-02 06:27:16 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-09-02 06:27:16 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-09-02 06:27:16 1446912 ----a-w- C:\Windows\System32\lsasrv.dll

2011-09-02 06:25:52 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2011-09-02 06:25:52 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2011-09-02 06:25:40 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2011-09-02 06:25:40 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

2011-09-02 06:25:40 2085376 ----a-w- C:\Windows\System32\ole32.dll

2011-09-02 06:25:40 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll

2011-09-02 06:25:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2011-09-02 06:23:34 220672 ----a-w- C:\Windows\System32\wintrust.dll

2011-09-02 06:23:34 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2011-09-02 06:22:18 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-09-02 06:22:18 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-09-02 06:22:03 389632 ----a-w- C:\Windows\System32\winlogon.exe

2011-09-02 06:21:50 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2011-09-02 06:21:50 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2011-09-02 06:21:14 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2011-09-02 06:19:59 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2011-09-02 06:19:59 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2011-09-02 06:19:27 46592 ----a-w- C:\Windows\System32\msasn1.dll

2011-09-02 06:19:27 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll

2011-09-02 06:18:58 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll

2011-09-02 06:18:58 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll

2011-09-02 06:17:50 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2011-09-02 06:17:50 100864 ----a-w- C:\Windows\System32\fontsub.dll

2011-09-02 06:17:29 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2011-09-02 06:17:29 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2011-09-02 06:17:16 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2011-09-02 06:17:16 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2011-09-02 06:17:16 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2011-09-02 06:17:16 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2011-09-02 06:16:16 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2011-09-02 06:16:05 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2011-09-02 06:16:05 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2011-09-02 06:16:02 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2011-09-02 06:15:54 633856 ----a-w- C:\Windows\System32\comctl32.dll

2011-09-02 06:15:54 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2011-09-02 06:15:43 -------- d-----w- C:\Windows\System32\drivers\NISx64

2011-09-02 06:15:42 30088 ----a-w- C:\Windows\System32\drivers\msahci.sys

2011-09-02 06:15:42 155528 ----a-w- C:\Windows\System32\drivers\ataport.sys

2011-09-02 06:15:13 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2011-09-02 06:15:13 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2011-09-02 06:14:51 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-09-02 06:14:51 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-09-02 06:14:33 -------- d-----w- C:\Windows\en

2011-09-02 06:13:32 -------- d-----w- C:\Windows\PCHEALTH

2011-09-02 06:13:11 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2011-09-02 06:13:11 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2011-09-02 06:13:11 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2011-09-02 06:13:11 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2011-09-02 06:13:08 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2011-09-02 06:13:08 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2011-09-02 06:11:18 -------- d-----w- C:\Program Files (x86)\Microsoft

2011-09-02 06:11:14 -------- d-----w- C:\Program Files (x86)\MSN Toolbar

2011-09-02 06:10:16 -------- d-----w- C:\Program Files (x86)\K-NFB Reading Technology Inc

2011-09-02 06:09:43 -------- d-----w- C:\Windows\PRIndex

2011-09-02 06:09:24 -------- d-----w- C:\Program Files (x86)\Zinio Reader 4

2011-09-02 06:07:34 -------- d---a-w- C:\Program Files (x86)\Common Files\LS Getting Started

2011-09-02 06:04:44 55296 ----a-w- C:\Windows\System32\coinst.dll

2011-09-02 06:02:54 -------- d-----w- C:\ProgramData\WildTangent

2011-09-02 06:02:46 -------- d-----w- C:\ProgramData\PictureMover

2011-09-02 06:02:45 -------- d-----w- C:\Program Files (x86)\PictureMover

2011-09-02 06:02:24 20120360 ----a-w- C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe

2011-09-02 06:02:24 -------- d-----r- C:\Program Files (x86)\Online Services

2011-09-02 06:02:18 19464 ----a-w- C:\Windows\System32\pdfc_port.dll

2011-09-02 06:02:17 -------- d-----w- C:\Program Files (x86)\PDF Complete

2011-09-02 06:02:08 -------- d-----w- C:\ProgramData\PDFC

2011-09-02 06:02:06 -------- d-----w- C:\ProgramData\Uninstall

2011-09-02 06:01:35 -------- d-----w- C:\Program Files (x86)\Microsoft WSE

2011-09-02 06:01:22 -------- d-----w- C:\ProgramData\RoxioNow

2011-09-02 06:01:12 -------- d-----w- C:\Program Files (x86)\Roxio

2011-09-02 05:51:16 253952 ----a-w- C:\Windows\SysWow64\cPC_DMIRD.dll

2011-09-02 05:49:57 -------- d-----w- C:\ProgramData\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF}

2011-09-02 05:49:38 -------- d-----w- C:\Program Files (x86)\Hp

2011-09-02 05:48:22 327008 ----a-w- C:\Windows\System32\RaCoInstx.dll

2011-09-02 05:48:22 1002848 ----a-w- C:\Windows\System32\drivers\netr28x.sys

2011-09-02 05:47:18 -------- d-----w- C:\Program Files\ATI

2011-09-02 05:47:17 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-09-02 05:45:57 -------- d-----w- C:\Program Files (x86)\Realtek

2011-09-02 05:45:56 1251944 ----a-w- C:\Windows\RtlExUpd.dll

2011-09-02 05:45:56 -------- d--h--w- C:\Program Files (x86)\Temp

2011-09-02 05:45:55 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2011-09-02 05:45:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2011-09-02 05:45:55 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2011-09-02 05:45:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-09-02 05:45:55 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2011-09-02 05:45:55 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2011-09-02 05:45:55 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2011-09-02 05:45:55 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2011-09-02 05:41:12 -------- d-----w- C:\Program Files\hp

2011-09-02 05:38:46 -------- d-sh--w- C:\Windows\Installer

2011-09-02 05:35:19 -------- d-----w- C:\Windows\SysWow64\RTCOM

2011-09-02 05:35:19 -------- d-----w- C:\Program Files\Realtek

2011-09-02 05:35:18 0 ----a-w- C:\Windows\ativpsrm.bin

.

==================== Find3M ====================

.

2011-09-16 08:20:09 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-09-16 08:20:09 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-09-16 08:20:09 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-16 08:20:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-16 08:20:08 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-16 08:20:08 482816 ----a-w- C:\Windows\System32\html.iec

2011-09-16 08:20:08 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-09-16 08:20:08 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-16 05:09:30 442880 ----a-w- C:\Windows\System32\winhttp.dll

2011-09-16 04:52:56 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2011-09-16 04:52:56 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2011-09-02 06:20:11 91648 ----a-w- C:\Windows\SysWow64\avifil32.dll

2011-08-19 07:07:46 293736 ----a-w- C:\Users\FuBar\iTunesOutlookAddIn.dll

2011-08-19 07:07:38 421736 ----a-w- C:\Users\FuBar\iTunesHelper.exe

2011-08-19 07:07:38 168296 ----a-w- C:\Users\FuBar\iTunesHelper.dll

2011-08-19 07:07:36 403304 ----a-w- C:\Users\FuBar\iTunesAdmin.dll

2011-08-19 07:07:32 9777000 ----a-w- C:\Users\FuBar\iTunes.exe

2011-08-19 07:07:24 19664232 ----a-w- C:\Users\FuBar\iTunes.dll

2011-08-19 07:07:20 792424 ----a-w- C:\Users\FuBar\gnsdk_sdkmanager.dll

2011-08-19 07:07:20 276328 ----a-w- C:\Users\FuBar\gnsdk_submit.dll

2011-08-19 07:07:20 2742120 ----a-w- C:\Users\FuBar\gnsdk_dsp.dll

2011-08-19 07:07:20 198504 ----a-w- C:\Users\FuBar\gnsdk_musicid.dll

2011-07-29 07:10:20 111904 ----a-w- C:\Users\FuBar\ITDetector.ocx

2011-07-12 17:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 17:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 17:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 17:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 17:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 17:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 17:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 17:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-07-06 00:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-07-06 00:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

.

============= FINISH: 7:01:26.73 ===============

Attach.zip

Link to post
Share on other sites

My apologies....I forgot to turn on my external Iomega. Once more with feeling...

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by FuBar at 7:00:46 on 2011-09-20

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2659 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k netsvcs

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

J:\Panda USB Vaccine\USBVaccine.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Bing Bar BHO

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [Advanced SystemCare 4] K:\Advanced SystemCare 4\ASCTray.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Users\FuBar\iTunesHelper.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{A29970E0-D3ED-4DE6-8CB5-71282643B122} : DhcpNameServer = 192.168.2.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Bing Bar BHO

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Users\FuBar\iTunesHelper.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\FuBar\AppData\Roaming\Mozilla\Firefox\Profiles\j1mra0hk.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\FuBar\Mozilla Plugins\npitunes.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 MBAMService;MBAMService;C:\Users\FuBar\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-14 366152]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-2 1119768]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 AdvancedSystemCareService;Advanced SystemCare Service;K:\Advanced SystemCare 4\ASCService.exe --> K:\Advanced SystemCare 4\ASCService.exe [?]

S3 GSBootSvc;GSBootSvc;C:\Windows\System32\GSBootSvc.exe --> C:\Windows\System32\GSBootSvc.exe [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-09-19 16:51:10 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAA95210-E229-4E70-B743-B041D1F2287F}\mpengine.dll

2011-09-19 01:05:13 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-18 18:30:00 98816 ----a-w- C:\Windows\sed.exe

2011-09-18 18:30:00 518144 ----a-w- C:\Windows\SWREG.exe

2011-09-18 18:30:00 256000 ----a-w- C:\Windows\PEV.exe

2011-09-18 18:30:00 208896 ----a-w- C:\Windows\MBR.exe

2011-09-17 14:37:21 -------- d-----w- C:\Program Files\Iomega

2011-09-17 14:36:33 -------- d-----w- C:\Windows\Downloaded Installations

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-09-17 13:21:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-09-17 13:21:26 -------- d-----w- C:\Users\FuBar\AppData\Local\Apple

2011-09-17 13:21:04 -------- d-----w- C:\Program Files\Bonjour

2011-09-17 13:21:04 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-09-16 15:33:07 -------- d-----w- C:\Program Files (x86)\NCH Software

2011-09-16 15:33:04 -------- d-----w- C:\Users\FuBar\AppData\Roaming\NCH Software

2011-09-16 15:23:57 -------- d-----w- C:\Program Files (x86)\WMA To MP3 Encoder

2011-09-16 13:47:04 -------- d-----w- C:\Users\FuBar\AppData\Roaming\Roxio Log Files

2011-09-16 08:43:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-09-16 08:43:44 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-09-16 08:36:40 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-09-16 08:36:40 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-09-16 08:36:40 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-09-16 08:33:42 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-16 08:27:08 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll

2011-09-16 08:27:08 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-09-16 08:27:08 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-09-16 08:27:08 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-09-16 08:27:08 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-09-16 08:27:08 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-09-16 08:27:08 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-09-16 08:27:08 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll

2011-09-16 08:27:08 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-09-16 08:27:08 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-09-16 08:27:08 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-09-16 08:22:16 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-09-16 08:22:16 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-09-16 08:22:16 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-09-16 08:05:38 3134464 ----a-w- C:\Windows\System32\win32k.sys

2011-09-16 08:04:06 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-09-16 08:04:06 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-09-16 08:04:06 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-09-16 08:04:06 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-09-16 08:04:06 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-09-16 07:55:08 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-09-16 07:55:08 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2011-09-16 07:53:59 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2011-09-16 07:53:59 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-09-16 07:52:46 461312 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-09-16 07:52:46 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-09-16 07:52:46 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-09-16 07:51:42 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys

2011-09-16 07:50:58 499712 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-09-16 07:49:13 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2011-09-16 07:49:13 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-09-16 07:35:25 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-09-16 07:35:25 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-09-16 07:33:57 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-09-16 07:33:14 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-09-16 07:33:14 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-09-16 07:30:10 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-09-16 07:30:10 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-09-16 07:28:56 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-09-16 07:28:56 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-09-16 07:28:10 2870272 ----a-w- C:\Windows\explorer.exe

2011-09-16 07:28:10 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-09-16 07:26:16 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-09-16 07:26:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-09-16 07:26:16 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-09-16 07:24:53 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-09-16 07:24:53 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-09-16 07:22:49 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-09-16 07:22:49 367104 ----a-w- C:\Windows\System32\atmfd.dll

2011-09-16 07:22:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-09-16 07:22:49 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-09-16 07:20:39 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-09-16 07:19:05 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-09-16 07:17:53 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-09-16 07:17:53 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-09-16 07:17:53 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-09-16 07:17:53 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-09-16 07:15:45 640896 ----a-w- C:\Windows\System32\winload.efi

2011-09-16 07:15:45 603976 ----a-w- C:\Windows\System32\winload.exe

2011-09-16 07:15:45 556928 ----a-w- C:\Windows\System32\winresume.efi

2011-09-16 07:15:45 518160 ----a-w- C:\Windows\System32\winresume.exe

2011-09-16 07:15:45 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-09-16 07:15:45 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-09-16 07:15:45 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-09-16 06:57:26 -------- d-----w- C:\Windows\SysWow64\Wat

2011-09-16 06:57:26 -------- d-----w- C:\Windows\System32\Wat

2011-09-16 05:30:02 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-09-16 05:30:02 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-09-16 05:28:43 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-09-16 05:28:43 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-09-16 05:28:43 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2011-09-16 05:28:43 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2011-09-16 05:28:43 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-09-16 05:26:23 3138048 ----a-w- C:\Windows\System32\mstscax.dll

2011-09-16 05:26:23 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll

2011-09-16 05:26:23 1097216 ----a-w- C:\Windows\System32\mstsc.exe

2011-09-16 05:26:23 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe

2011-09-16 05:24:26 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2011-09-16 05:24:26 850432 ----a-w- C:\Windows\SysWow64\sbe.dll

2011-09-16 05:24:26 723968 ----a-w- C:\Windows\System32\EncDec.dll

2011-09-16 05:24:26 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2011-09-16 05:24:26 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-09-16 05:24:26 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2011-09-16 05:24:26 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2011-09-16 05:24:26 1118720 ----a-w- C:\Windows\System32\sbe.dll

2011-09-16 05:21:29 1739176 ----a-w- C:\Windows\System32\ntdll.dll

2011-09-16 05:21:29 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll

2011-09-16 05:16:08 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-09-16 05:16:08 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2011-09-16 05:16:08 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-09-16 05:16:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2011-09-16 05:16:08 144384 ----a-w- C:\Windows\System32\cdd.dll

2011-09-16 05:16:07 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll

2011-09-16 05:16:07 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2011-09-16 05:16:07 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll

2011-09-16 05:16:07 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll

2011-09-16 05:16:07 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2011-09-16 05:16:06 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2011-09-16 05:10:54 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-09-16 05:10:54 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-09-16 05:03:04 714752 ----a-w- C:\Windows\System32\kerberos.dll

2011-09-16 05:03:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2011-09-16 05:01:23 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2011-09-16 05:01:23 720896 ----a-w- C:\Windows\System32\odbc32.dll

2011-09-16 05:01:23 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2011-09-16 05:01:23 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2011-09-16 05:01:23 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2011-09-16 05:01:23 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2011-09-16 05:01:23 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2011-09-16 05:01:23 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2011-09-16 05:01:23 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2011-09-16 05:01:23 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2011-09-16 04:58:41 112000 ----a-w- C:\Windows\System32\consent.exe

2011-09-16 04:58:01 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe

2011-09-16 04:58:01 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe

2011-09-16 04:58:01 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll

2011-09-16 04:56:59 395776 ----a-w- C:\Windows\System32\webio.dll

2011-09-16 04:56:59 314368 ----a-w- C:\Windows\SysWow64\webio.dll

2011-09-16 04:56:05 285696 ----a-w- C:\Windows\System32\schtasks.exe

2011-09-16 04:56:04 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-09-16 04:56:04 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2011-09-16 04:56:04 473600 ----a-w- C:\Windows\System32\taskcomp.dll

2011-09-16 04:56:04 464384 ----a-w- C:\Windows\System32\taskeng.exe

2011-09-16 04:56:04 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2011-09-16 04:56:04 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2011-09-16 04:56:04 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

2011-09-16 04:56:04 1169408 ----a-w- C:\Windows\System32\taskschd.dll

2011-09-16 04:56:04 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

2011-09-16 04:54:04 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-09-16 04:54:04 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2011-09-16 04:47:28 552960 ----a-w- C:\Windows\System32\msdri.dll

2011-09-16 04:47:28 288256 ----a-w- C:\Windows\System32\MSNP.ax

2011-09-16 04:47:28 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

2011-09-16 04:34:26 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2011-09-16 04:34:26 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2011-09-16 04:34:26 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2011-09-16 04:34:26 444752 ----a-w- C:\Windows\System32\mscoree.dll

2011-09-16 04:34:26 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2011-09-16 04:34:26 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2011-09-16 04:34:26 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-09-16 04:34:26 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-09-16 04:34:25 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2011-09-16 04:34:25 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2011-09-16 04:28:34 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll

2011-09-16 04:28:34 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll

2011-09-16 04:26:12 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2011-09-16 03:59:46 27992 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe

2011-09-16 03:59:46 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys

2011-09-16 03:59:16 -------- d-----w- C:\Program Files (x86)\IObit

2011-09-16 03:53:23 -------- d-----w- C:\Users\FuBar\AppData\Roaming\IObit

2011-09-10 20:09:27 -------- d-----w- C:\ProgramData\Panda Security

2011-09-10 13:44:12 -------- d-----w- C:\Users\FuBar\AppData\Roaming\hpqLog

2011-09-10 13:43:55 -------- d-----w- C:\System.sav

2011-09-10 00:04:35 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-09-10 00:04:35 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-09-10 00:04:35 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll

2011-09-10 00:04:35 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-09-10 00:04:34 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-09-09 14:16:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-08 13:34:52 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-09-08 13:34:51 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-08 13:34:51 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA56368D-31E8-485B-91DC-1D456081CA77}\gapaengine.dll

2011-09-07 21:26:01 -------- d-----w- C:\Users\FuBar\AppData\Local\Microsoft_Corporation

2011-09-07 19:45:20 -------- d-----w- C:\Users\FuBar\AppData\Local\HuluDesktop

2011-09-07 19:24:20 -------- d-----w- C:\Users\FuBar\AppData\Local\ElevatedDiagnostics

2011-09-07 14:20:12 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-09-07 13:48:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-09-07 13:48:30 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-09-07 06:16:08 -------- d-----w- C:\perflogs

2011-09-07 06:10:54 -------- d-----w- C:\Users\FuBar\AppData\Local\Diagnostics

2011-09-06 15:35:35 -------- d-----w- C:\Windows\pss

2011-09-04 14:12:05 -------- d-----w- C:\Users\FuBar\AppData\Roaming\Malwarebytes

2011-09-04 14:11:53 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-04 14:11:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-09-04 14:11:49 -------- d-----w- C:\Users\FuBar\Malwarebytes' Anti-Malware

2011-09-03 17:28:41 -------- d-----w- C:\Users\FuBar\AppData\Local\Windows Live Writer

2011-09-03 13:16:04 -------- d-----w- C:\Windows\System32\drivers\NISx64\1206000.01D

2011-09-02 13:17:12 -------- d-----w- C:\Users\FuBar\AppData\Local\ATI

2011-09-02 13:16:10 -------- d-----w- C:\Users\FuBar\AppData\Local\PDFC

2011-09-02 13:15:53 -------- d-----w- C:\Users\FuBar\AppData\Local\VirtualStore

2011-09-02 13:15:40 -------- d-----w- C:\Users\FuBar\AppData\Local\RemEngine

2011-09-02 06:30:57 52224 ----a-w- C:\Windows\System32\rtutils.dll

2011-09-02 06:30:57 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll

2011-09-02 06:30:45 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2011-09-02 06:29:27 148992 ----a-w- C:\Windows\System32\t2embed.dll

2011-09-02 06:29:27 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2011-09-02 06:29:02 410504 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2011-09-02 06:29:02 27016 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2011-09-02 06:29:02 2566144 ----a-w- C:\Windows\System32\esent.dll

2011-09-02 06:29:02 187264 ----a-w- C:\Windows\System32\drivers\storport.sys

2011-09-02 06:29:02 1686016 ----a-w- C:\Windows\SysWow64\esent.dll

2011-09-02 06:29:02 166280 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2011-09-02 06:29:02 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-09-02 06:29:02 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2011-09-02 06:29:02 107912 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2011-09-02 06:27:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2011-09-02 06:27:16 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-09-02 06:27:16 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-09-02 06:27:16 1446912 ----a-w- C:\Windows\System32\lsasrv.dll

2011-09-02 06:25:52 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2011-09-02 06:25:52 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2011-09-02 06:25:40 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2011-09-02 06:25:40 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

2011-09-02 06:25:40 2085376 ----a-w- C:\Windows\System32\ole32.dll

2011-09-02 06:25:40 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll

2011-09-02 06:25:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2011-09-02 06:23:34 220672 ----a-w- C:\Windows\System32\wintrust.dll

2011-09-02 06:23:34 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2011-09-02 06:22:18 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-09-02 06:22:18 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-09-02 06:22:03 389632 ----a-w- C:\Windows\System32\winlogon.exe

2011-09-02 06:21:50 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2011-09-02 06:21:50 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2011-09-02 06:21:14 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2011-09-02 06:19:59 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2011-09-02 06:19:59 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2011-09-02 06:19:27 46592 ----a-w- C:\Windows\System32\msasn1.dll

2011-09-02 06:19:27 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll

2011-09-02 06:18:58 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll

2011-09-02 06:18:58 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll

2011-09-02 06:17:50 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2011-09-02 06:17:50 100864 ----a-w- C:\Windows\System32\fontsub.dll

2011-09-02 06:17:29 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2011-09-02 06:17:29 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2011-09-02 06:17:16 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2011-09-02 06:17:16 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2011-09-02 06:17:16 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2011-09-02 06:17:16 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2011-09-02 06:16:16 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2011-09-02 06:16:05 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2011-09-02 06:16:05 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2011-09-02 06:16:02 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2011-09-02 06:15:54 633856 ----a-w- C:\Windows\System32\comctl32.dll

2011-09-02 06:15:54 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2011-09-02 06:15:43 -------- d-----w- C:\Windows\System32\drivers\NISx64

2011-09-02 06:15:42 30088 ----a-w- C:\Windows\System32\drivers\msahci.sys

2011-09-02 06:15:42 155528 ----a-w- C:\Windows\System32\drivers\ataport.sys

2011-09-02 06:15:13 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2011-09-02 06:15:13 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2011-09-02 06:14:51 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-09-02 06:14:51 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-09-02 06:14:33 -------- d-----w- C:\Windows\en

2011-09-02 06:13:32 -------- d-----w- C:\Windows\PCHEALTH

2011-09-02 06:13:11 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2011-09-02 06:13:11 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2011-09-02 06:13:11 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2011-09-02 06:13:11 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2011-09-02 06:13:08 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2011-09-02 06:13:08 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2011-09-02 06:11:18 -------- d-----w- C:\Program Files (x86)\Microsoft

2011-09-02 06:11:14 -------- d-----w- C:\Program Files (x86)\MSN Toolbar

2011-09-02 06:10:16 -------- d-----w- C:\Program Files (x86)\K-NFB Reading Technology Inc

2011-09-02 06:09:43 -------- d-----w- C:\Windows\PRIndex

2011-09-02 06:09:24 -------- d-----w- C:\Program Files (x86)\Zinio Reader 4

2011-09-02 06:07:34 -------- d---a-w- C:\Program Files (x86)\Common Files\LS Getting Started

2011-09-02 06:04:44 55296 ----a-w- C:\Windows\System32\coinst.dll

2011-09-02 06:02:54 -------- d-----w- C:\ProgramData\WildTangent

2011-09-02 06:02:46 -------- d-----w- C:\ProgramData\PictureMover

2011-09-02 06:02:45 -------- d-----w- C:\Program Files (x86)\PictureMover

2011-09-02 06:02:24 20120360 ----a-w- C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe

2011-09-02 06:02:24 -------- d-----r- C:\Program Files (x86)\Online Services

2011-09-02 06:02:18 19464 ----a-w- C:\Windows\System32\pdfc_port.dll

2011-09-02 06:02:17 -------- d-----w- C:\Program Files (x86)\PDF Complete

2011-09-02 06:02:08 -------- d-----w- C:\ProgramData\PDFC

2011-09-02 06:02:06 -------- d-----w- C:\ProgramData\Uninstall

2011-09-02 06:01:35 -------- d-----w- C:\Program Files (x86)\Microsoft WSE

2011-09-02 06:01:22 -------- d-----w- C:\ProgramData\RoxioNow

2011-09-02 06:01:12 -------- d-----w- C:\Program Files (x86)\Roxio

2011-09-02 05:51:16 253952 ----a-w- C:\Windows\SysWow64\cPC_DMIRD.dll

2011-09-02 05:49:57 -------- d-----w- C:\ProgramData\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF}

2011-09-02 05:49:38 -------- d-----w- C:\Program Files (x86)\Hp

2011-09-02 05:48:22 327008 ----a-w- C:\Windows\System32\RaCoInstx.dll

2011-09-02 05:48:22 1002848 ----a-w- C:\Windows\System32\drivers\netr28x.sys

2011-09-02 05:47:18 -------- d-----w- C:\Program Files\ATI

2011-09-02 05:47:17 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-09-02 05:45:57 -------- d-----w- C:\Program Files (x86)\Realtek

2011-09-02 05:45:56 1251944 ----a-w- C:\Windows\RtlExUpd.dll

2011-09-02 05:45:56 -------- d--h--w- C:\Program Files (x86)\Temp

2011-09-02 05:45:55 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2011-09-02 05:45:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2011-09-02 05:45:55 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2011-09-02 05:45:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-09-02 05:45:55 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2011-09-02 05:45:55 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2011-09-02 05:45:55 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2011-09-02 05:45:55 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2011-09-02 05:41:12 -------- d-----w- C:\Program Files\hp

2011-09-02 05:38:46 -------- d-sh--w- C:\Windows\Installer

2011-09-02 05:35:19 -------- d-----w- C:\Windows\SysWow64\RTCOM

2011-09-02 05:35:19 -------- d-----w- C:\Program Files\Realtek

2011-09-02 05:35:18 0 ----a-w- C:\Windows\ativpsrm.bin

.

==================== Find3M ====================

.

2011-09-16 08:20:09 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-09-16 08:20:09 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-09-16 08:20:09 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-16 08:20:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-16 08:20:08 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-16 08:20:08 482816 ----a-w- C:\Windows\System32\html.iec

2011-09-16 08:20:08 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-09-16 08:20:08 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-16 05:09:30 442880 ----a-w- C:\Windows\System32\winhttp.dll

2011-09-16 04:52:56 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2011-09-16 04:52:56 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2011-09-02 06:20:11 91648 ----a-w- C:\Windows\SysWow64\avifil32.dll

2011-08-19 07:07:46 293736 ----a-w- C:\Users\FuBar\iTunesOutlookAddIn.dll

2011-08-19 07:07:38 421736 ----a-w- C:\Users\FuBar\iTunesHelper.exe

2011-08-19 07:07:38 168296 ----a-w- C:\Users\FuBar\iTunesHelper.dll

2011-08-19 07:07:36 403304 ----a-w- C:\Users\FuBar\iTunesAdmin.dll

2011-08-19 07:07:32 9777000 ----a-w- C:\Users\FuBar\iTunes.exe

2011-08-19 07:07:24 19664232 ----a-w- C:\Users\FuBar\iTunes.dll

2011-08-19 07:07:20 792424 ----a-w- C:\Users\FuBar\gnsdk_sdkmanager.dll

2011-08-19 07:07:20 276328 ----a-w- C:\Users\FuBar\gnsdk_submit.dll

2011-08-19 07:07:20 2742120 ----a-w- C:\Users\FuBar\gnsdk_dsp.dll

2011-08-19 07:07:20 198504 ----a-w- C:\Users\FuBar\gnsdk_musicid.dll

2011-07-29 07:10:20 111904 ----a-w- C:\Users\FuBar\ITDetector.ocx

2011-07-12 17:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 17:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 17:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 17:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 17:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 17:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 17:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 17:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-07-06 00:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-07-06 00:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

.

============= FINISH: 7:01:26.73 ===============

Attach.zip

Link to post
Share on other sites

  • Root Admin

What are these drives for?

K: is Removable

L: is FIXED (NTFS) - 233 GiB total, 58.814 GiB free.

The K: drive is the one that has System Care installed to it and required to be plugged in when you try to uninstall it.

You also have a lot of errors in your Event Logs about missing updates.

It looks like we may need to do some Windows maintenance before we continue. Do you have automatic updates from Microsoft turned off ?

Have you been installing software programs to removal disks?

Link to post
Share on other sites

Dear Mr. or Mrs. Deity, I'd like to thank you again for your assistance. However, today I managed to somehow convince the HP Tech center to replace my hard drive. But to answer a previous question I had updates turned off to avoid suspicious updates that didn't not always apply to Windows 7. I had been using J &K flash drives to store anti virus and anti spyware because my registry would somehow manage to substitute an archived or fake program for almost every program I tried to store on C:.

L Drive is the big external Iomega hard drive with over 200 gigs of music, videos, documents etc. I also have two mp3 players which have been connected to the current OS.

And I am very concerned about each of them being capable of reinfecting my new operating system. I have thought about using a cloud storage service to clean my files as I upload them, and then download them safely to my new hard drive. But I am not sure if and where this might work. Any suggestions you might have would be greatly appreciated.

I have my music backed up on discs. Are they safe? Can documents be infected? Can flash drives be infected and disinfected? I would really hate to sacrifice my80 did collection of music or that manuscript that I've been working on for five years. Thanks again for your generosity. Rosie

Link to post
Share on other sites

  • Root Admin

Yes unfortunately any writable media can be infected. If the system is now known to be clean and has a good onboard Anti-Virus such as Kaspersky, NOD32, Symantec with the latest updates and MBAM with the latest updates then I would plug the drive in and due a FULL scan with each product to see if any of them detect anything.

Then if possible use a new USB drive to backup all important data and then simply stash it away as a safety backup. Don't plug it in again unless you really need to get data back. User a second drive as your day to day backup. I myself have 3 different drives that I backup every day and I also have 2 drives that rarely get plugged in that have archive backups for stuff I simply choose not to lose. Burning a copy to DVD as well is good cheap backup to use on top of the USB drive method.

If there is nothing else then I'll go ahead and close your post soon. Make sure to keep all Anti-Virus and other security software and Windows updates updated at all times.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.