Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: aswMBR stop

  1. 2012-09-26, 15:16 #1
    jlb92100
    jlb92100 is offline
    Junior Member
    Join Date
    Sep 2012
    Posts
    11

    Default aswMBR stop

    Hi,
    I am here because the infection Babylon toolbar prevents me from obtaining logs from aswMBR as you mentioned at "before you post".

    Let's me explain you.

    First I am using Spybot up to date and find Babylon toolbar items.

    Spybot remove that without pb but still here when rescan immediately or after reset.
    unfortunately I don't have the log ( but see below)

    I try also Malewarebyte in safe mode, but nothing found.

    With adwcleaner, removed but still there ( seem deseapear in Internet explorer, but still here in firefox, my default browser.)
    SEE THE LOG AT THE END.

    Finnaly I follow your Manual Removal Guide

    - no indicated folders, but I have made inspection before and I know there is nothing.
    - nothing found in registry

    I try Regalyz, that remove the detection by spybot.

    No pb with DDS.txt and attach.txt but blocked with aswMBR ( windows stop with no indication from OS).

    I keep DDS.txt and Attach.txt at your request

    Windows 7 - 64 bits uptodate


    Thks in advance for your help, and sorry for my poor english ;>))
    Jean-louis Baudoux

    --------------------------------------

    here is the log of adwcleaner.

    # AdwCleaner v2.000 - Rapport créé le 23/09/2012 à 16:53:15
    # Mis à jour le 30/08/2012 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : jlb - JLB-HP
    # Mode de démarrage : Normal
    # Exécuté depuis : D:\User_util\securite\anti_Babylon\adwcleaner.exe
    # Option [Recherche]


    ***** [Services] *****


    ***** [Fichiers / Dossiers] *****

    Dossier Présent : C:\ProgramData\Browser Manager

    ***** [Registre] *****

    Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Présente : HKU\S-1-5-21-443515483-2991178796-696988582-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Donnée Présente : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    Valeur Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

    ***** [Navigateurs] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Le registre ne contient aucune entrée illégitime.

    -\\ Mozilla Firefox v15.0 (fr)

    Nom du profil : default-1348409337555 [Profil par défaut]
    Fichier : C:\Users\jlb\AppData\Roaming\Mozilla\Firefox\Profiles\fqj6eua6.default-1348409337555\prefs.js

    Présente : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
    Présente : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Présente : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
    Présente : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3812_8&[...]

    *************************

    AdwCleaner[R19].txt - [1802 octets] - [23/09/2012 15:26:39]
    AdwCleaner[R20].txt - [1909 octets] - [23/09/2012 16:53:15]

    ########## EOF - C:\AdwCleaner[R20].txt - [1970 octets] ##########
  2. 2012-09-28, 06:29 #2
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    I keep DDS.txt and Attach.txt at your request
    Please copy-paste contents of DDS logs here.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  3. 2012-09-28, 09:29 #3
    jlb92100
    jlb92100 is offline
    Junior Member
    Join Date
    Sep 2012
    Posts
    11

    Default

    Hi,
    Thks to reply to me. Here after the DDS file
    Jean-louis Baudoux
    --------------------------------------------
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
    Run by jlb at 19:25:41 on 2012-09-25
    Microsoft Windows*7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3894.1724 [GMT 2:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
    C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
    C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Windows\SysWOW64\PSIService.exe
    C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Motorola\Bluetooth\obexsrv.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\Motorola\Bluetooth\audiosrv.exe
    C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Windows\tsnpstd3.exe
    C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
    C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files (x86)\eMule\emule.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.fr/
    mWindow Title =
    mWinlogon: Userinit=userinit.exe
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [tsnpstd3] C:\Windows\tsnpstd3.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\jlb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &Envoyer à OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: Ajouter au fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir au format PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{CFE71F7E-F1CA-480B-B879-552ED7E2F7B2} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    AppInit_DLLs: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    LSA: Notification Packages = DPPassFilter scecli
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    {0347C33E-8762-4905-BF09-768834316C61}
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    {53707962-6F74-2D53-2644-206D7942484F}
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {AE7CD045-E861-484f-8273-0445EE161910}
    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    {F4971EE7-DAA0-4053-9964-665D8EE6A077}
    {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
    {47833539-D0C5-4125-9FA8-0819E2EAAC93}
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun-x64: [tsnpstd3] C:\Windows\tsnpstd3.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    IE-X64: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
    AppInit_DLLs-X64: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids
    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\jlb\AppData\Roaming\Mozilla\Firefox\Profiles\fqj6eua6.default-1348409337555\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-8-29 23208]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-8-29 3075920]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-8-28 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-28 44808]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2012-8-28 677128]
    R2 cbVSCService11;Cobian Backup 11 Service « Volume Shadow Copy »;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-8-29 67584]
    R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe [2011-2-25 87344]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
    R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-29 1153368]
    R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-28 2533400]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2012-8-28 4181256]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2012-8-28 1096968]
    R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-8-28 1028096]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 ezSharedSvc;Easybits Services for Windows; [x]
    S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-1 136176]
    S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-8-29 66320]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-29 250568]
    S3 BTMCOM;Bluetooth Serial Port;C:\Windows\system32\Drivers\btmcom.sys --> C:\Windows\system32\Drivers\btmcom.sys [?]
    S3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\system32\Drivers\btmusb.sys --> C:\Windows\system32\Drivers\btmusb.sys [?]
    S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-1 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-28 114144]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== File Associations ===============
    .
    .scr=SageThumbsImage.scr
    .
    =============== Created Last 30 ================
    .
    2012-09-25 07:35:56 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{019F887B-69D0-40C8-B7BA-B4CCF755778D}\mpengine.dll
    2012-09-24 12:22:36 -------- d-----w- C:\Program Files\Unlocker
    2012-09-22 21:42:44 -------- d-----w- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
    2012-09-22 21:31:53 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2012-09-22 21:31:52 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-09-22 21:31:52 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-09-21 18:17:50 -------- d-----w- C:\Program Files\ATI Technologies
    2012-09-21 17:06:00 51032 ----a-r- C:\Windows\System32\AdobePDF.dll
    2012-09-21 17:06:00 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
    2012-09-20 21:06:11 719872 ----a-w- C:\Windows\SysWow64\devil.dll
    2012-09-20 21:06:11 70656 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
    2012-09-20 21:06:11 70656 ----a-w- C:\Windows\SysWow64\i420vfw.dll
    2012-09-20 21:06:11 369152 ----a-w- C:\Windows\SysWow64\avisynth.dll
    2012-09-20 21:06:11 32256 ----a-w- C:\Windows\SysWow64\AVSredirect.dll
    2012-09-20 21:06:11 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
    2012-09-20 20:46:46 -------- d-----w- C:\ProgramData\Browser Manager
    2012-09-20 20:25:59 178688 ----a-w- C:\Windows\SysWow64\unrar.dll
    2012-09-20 20:25:54 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
    2012-09-19 16:26:22 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
    2012-09-19 16:20:03 -------- d-----w- C:\ProgramData\Stardock
    2012-09-19 16:19:55 -------- d-----w- C:\Program Files (x86)\Stardock
    2012-09-18 19:18:22 -------- d-----w- C:\Program Files\gs
    2012-09-18 17:06:23 -------- d-----w- C:\Program Files (x86)\SageThumbs
    2012-09-12 07:35:29 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-09-12 07:34:56 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 07:34:56 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 07:34:55 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 07:34:55 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 07:34:54 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 07:34:54 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-09-12 07:34:53 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-05 20:22:00 8107 ----a-w- C:\Windows\w7dsd.reg
    2012-09-05 20:22:00 8089 ----a-w- C:\Windows\w7dse.reg
    2012-09-05 20:22:00 275360 ----a-w- C:\Windows\System32\DreamScene.dll
    2012-09-05 11:48:34 -------- d-----w- C:\Program Files (x86)\Unlocker
    2012-09-05 09:35:27 -------- d-----w- C:\Program Files (x86)\Winamp Detect
    2012-09-05 08:41:10 -------- d-----w- C:\Users\jlb\dwhelper
    2012-09-04 20:14:12 -------- d-----w- C:\Users\jlb\VirtualBox VMs
    2012-09-04 19:32:28 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
    2012-09-04 19:32:27 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
    2012-09-04 19:32:23 -------- d-----w- C:\Program Files\Oracle
    2012-09-04 13:03:23 -------- d-----w- C:\vhd
    2012-09-04 12:18:18 -------- d-----w- C:\ubuntu
    2012-09-04 09:48:55 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
    2012-09-04 09:48:54 -------- d-----w- C:\Windows\System32\wbem\en-US
    2012-09-04 08:15:55 -------- d-----w- C:\Temp
    2012-09-04 08:15:44 -------- d-----w- C:\Program Files\Motorola Inc
    2012-09-03 21:55:42 -------- d-----w- C:\Users\jlb\AppData\Roaming\motorola
    2012-09-03 21:55:28 -------- d-----w- C:\ProgramData\Motorola
    2012-09-03 21:53:50 -------- d-----w- C:\ProgramData\Nero
    2012-09-03 21:53:49 -------- d-----w- C:\Users\jlb\AppData\Local\Motorola
    2012-09-03 21:53:49 -------- d-----w- C:\Program Files (x86)\Motorola Media Link
    2012-09-03 21:53:07 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
    2012-09-03 21:53:05 -------- d-----w- C:\Program Files (x86)\Motorola
    2012-09-03 21:52:23 -------- d-----w- C:\Users\jlb\AppData\Local\Downloaded Installations
    2012-09-03 16:36:00 -------- d-----w- C:\Program Files (x86)\bankperfect
    2012-09-03 16:31:29 -------- d-----w- C:\Program Files (x86)\MSI
    2012-09-03 16:30:55 327168 ----a-w- C:\Windows\IsUninst.exe
    2012-09-03 16:30:13 94208 ------w- C:\Windows\amcap.exe
    2012-09-03 16:30:06 94208 ------w- C:\Windows\tsnpstd3.exe
    2012-09-03 16:30:02 788480 ------w- C:\Windows\SysWow64\drivers\snpstd3.sys
    2012-09-03 16:30:02 61440 ------w- C:\Windows\SysWow64\rsnpstd3.dll
    2012-09-03 16:30:02 571904 ------w- C:\Windows\SysWow64\csnpstd3.dll
    2012-09-03 16:30:02 20480 ------w- C:\Windows\usnpstd3.exe
    2012-09-03 16:30:02 -------- d-----w- C:\Program Files (x86)\Common Files\snpstd3
    2012-09-03 16:29:41 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2012-09-03 16:29:41 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2012-09-03 16:29:41 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2012-09-03 16:29:41 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2012-09-03 16:29:41 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2012-09-03 16:29:40 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2012-09-03 16:29:40 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2012-09-03 16:05:28 950272 ----a-w- C:\Windows\SysWow64\PQueen20.dll
    2012-09-03 16:05:28 61440 ----a-w- C:\Windows\SysWow64\MFSIFLib2889.dll
    2012-09-03 16:05:28 389120 ----a-w- C:\Windows\SysWow64\MCMLDS.dll
    2012-09-03 16:05:28 110592 ----a-w- C:\Windows\SysWow64\pfudsrv.dll
    2012-09-03 16:05:27 278528 ----a-w- C:\Windows\SysWow64\MFSLib2889.dll
    2012-09-03 16:05:27 126976 ----a-w- C:\Windows\SysWow64\MFSBaseLib2889.dll
    2012-09-03 16:05:27 -------- d-----w- C:\Program Files (x86)\DS_Dual3
    2012-09-03 15:47:20 23040 ----a-w- C:\Windows\SysWow64\irisco32.dll
    2012-09-03 15:46:38 -------- d-----w- C:\Program Files (x86)\Readiris Pro 9
    2012-09-03 15:40:54 -------- d-----w- C:\Program Files (x86)\Canon
    2012-09-03 15:40:38 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-09-03 15:40:38 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-09-03 15:40:38 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-09-03 15:40:38 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-09-03 15:40:37 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2012-09-03 14:51:27 64512 ----a-w- C:\Windows\System32\CNQU110.DLL
    2012-09-03 14:51:27 193024 ----a-w- C:\Windows\System32\CNQL1213.DLL
    2012-09-03 14:51:27 -------- d--h--w- C:\CanoScan
    2012-09-03 14:47:31 -------- d-----w- C:\ProgramData\WEBREG
    2012-09-03 14:47:01 -------- d-----w- C:\Users\jlb\AppData\Local\HP
    2012-09-03 14:46:30 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
    2012-09-03 14:43:25 -------- d-----w- C:\Program Files (x86)\Common Files\HP
    2012-09-03 13:26:45 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    2012-09-02 21:53:33 -------- d-----w- C:\Users\jlb\AppData\Roaming\XnView
    2012-09-02 21:27:48 -------- d-----w- C:\Program Files (x86)\uTorrent
    2012-09-02 21:26:50 -------- d-----w- C:\Users\jlb\AppData\Roaming\uTorrent
    2012-09-02 20:59:22 -------- d-----w- C:\ProgramData\eMule
    2012-09-02 20:58:53 -------- d-----w- C:\Users\jlb\AppData\Local\eMule
    2012-09-02 20:58:51 -------- d-----w- C:\Program Files (x86)\eMule
    2012-09-02 20:48:25 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
    2012-09-02 20:48:25 -------- d-----r- C:\Users\jlb\SkyDrive
    2012-09-02 20:47:59 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
    2012-09-02 20:46:59 -------- d-----w- C:\Program Files (x86)\MSECache
    2012-09-01 20:01:00 -------- d-----w- C:\Users\jlb\AppData\Local\Yahoo
    2012-09-01 20:00:56 -------- d-----w- C:\Program Files (x86)\Yahoo!
    2012-09-01 16:36:38 -------- d-----w- C:\Users\jlb\.VirtualBox
    2012-09-01 16:32:13 -------- d-----w- C:\Users\jlb\AppData\Roaming\Mobile Action
    2012-09-01 16:32:13 -------- d-----w- C:\Program Files (x86)\Mobile Action
    2012-08-31 22:28:52 -------- d-----w- C:\Users\jlb\AppData\Local\Google
    2012-08-31 22:18:40 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2012-08-31 22:18:39 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
    2012-08-31 22:18:09 -------- d-----w- C:\Users\jlb\AppData\Roaming\Todae
    2012-08-31 22:18:06 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2012-08-31 21:59:10 -------- d-----w- C:\Program Files (x86)\eRightSoft
    2012-08-31 21:37:24 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
    2012-08-31 21:30:33 88 --sh--r- C:\Windows\SysWow64\4B198299A4.sys
    2012-08-31 21:30:33 2932 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
    2012-08-31 21:30:10 -------- d-----w- C:\ProgramData\Corel
    2012-08-31 21:22:08 -------- d-----w- C:\Windows\SysWow64\Spool
    2012-08-31 21:20:32 -------- d-----w- C:\Program Files (x86)\Corel
    2012-08-31 20:51:03 -------- d-----w- C:\Program Files (x86)\Microsoft Math 3.0
    2012-08-31 18:11:02 -------- d-----w- C:\Program Files (x86)\XnView
    2012-08-31 16:20:17 -------- d-----w- C:\Program Files (x86)\Macromedia
    2012-08-31 16:20:17 -------- d-----w- C:\Program Files (x86)\Common Files\Macromedia
    2012-08-31 16:19:51 262144 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll
    2012-08-31 16:19:51 180224 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll
    2012-08-31 16:19:50 409600 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll
    2012-08-31 16:19:50 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll
    2012-08-31 16:19:50 172032 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll
    2012-08-31 16:19:49 761856 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
    2012-08-31 16:19:49 540772 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll
    2012-08-31 16:19:46 -------- d-----w- C:\Windows\Downloaded Installations
    2012-08-31 12:39:45 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2012-08-31 12:34:14 -------- d-----w- C:\Users\jlb\AppData\Roaming\Macrovision
    2012-08-31 12:23:05 -------- d-----w- C:\Users\jlb\AppData\Local\Adobe
    2012-08-31 12:22:04 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-08-30 22:46:05 -------- d-----w- C:\Users\jlb\AppData\Local\HP MediaSmart Video
    2012-08-30 22:22:36 -------- d-----w- C:\Users\jlb\AppData\Roaming\Auslogics
    2012-08-30 21:55:14 -------- d-----w- C:\Users\jlb\AppData\Local\Microsoft Games
    2012-08-29 21:43:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-08-29 21:43:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-08-29 21:38:47 -------- d-----w- C:\Program Files (x86)\jv16 PowerTools 2008
    2012-08-29 21:26:14 -------- d-----w- C:\Users\jlb\AppData\Local\Macromedia
    2012-08-29 21:25:20 -------- d-----w- C:\Program Files (x86)\Auslogics
    2012-08-29 21:23:33 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-29 21:23:33 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-29 21:11:12 -------- d-----w- C:\Users\jlb\AppData\Local\NeoSmart_Technologies
    2012-08-29 21:09:03 -------- d-----w- C:\Program Files (x86)\NeoSmart Technologies
    2012-08-29 21:04:34 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
    2012-08-29 21:02:19 -------- d-----w- C:\Users\jlb\AppData\Roaming\TrueCrypt
    2012-08-29 21:00:51 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
    2012-08-29 21:00:38 -------- d-----w- C:\Program Files\TrueCrypt
    2012-08-29 20:57:44 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
    2012-08-29 19:59:33 -------- d-----w- C:\Users\jlb\AppData\Local\WindowsUpdate
    2012-08-29 19:52:15 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-08-29 19:52:15 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-08-29 19:27:18 -------- d-----w- C:\Windows\System32\SPReview
    2012-08-29 18:57:51 2560 ----a-w- C:\Windows\System32\drivers\fr-FR\rdpwd.sys.mui
    2012-08-29 18:57:47 3072 ----a-w- C:\Windows\System32\drivers\fr-FR\serscan.sys.mui
    2012-08-29 18:57:38 3584 ----a-w- C:\Windows\System32\drivers\fr-FR\tsusbflt.sys.mui
    2012-08-29 18:53:59 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2012-08-29 18:52:59 958464 ----a-w- C:\Windows\System32\actxprxy.dll
    2012-08-29 18:51:59 128512 ----a-w- C:\Windows\SysWow64\EhStorAPI.dll
    2012-08-29 18:51:58 72192 ----a-w- C:\Windows\System32\fdeploy.dll
    2012-08-29 18:51:58 71168 ----a-w- C:\Windows\System32\findstr.exe
    2012-08-29 18:51:58 17920 ----a-w- C:\Windows\System32\fixmapi.exe
    2012-08-29 18:51:57 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
    2012-08-29 18:48:42 -------- d-----w- C:\Windows\System32\EventProviders
    2012-08-29 16:37:41 -------- d-----w- C:\Users\jlb\AppData\Local\Diagnostics
    2012-08-29 16:29:42 -------- d-----w- C:\Users\jlb\AppData\Roaming\Malwarebytes
    2012-08-29 16:29:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-29 16:29:25 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-29 16:29:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-29 16:22:22 -------- d-----w- C:\Program Files\CCleaner
    2012-08-29 16:19:39 -------- d-----w- C:\Program Files\Defraggler
    2012-08-29 16:08:29 -------- d-----w- C:\Program Files (x86)\RocketDock
    2012-08-29 12:28:41 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2012-08-29 12:27:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-08-29 12:26:43 -------- d-----w- C:\Windows\SHELLNEW
    2012-08-29 12:26:43 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2012-08-29 12:26:16 -------- d-----w- C:\Users\jlb\AppData\Local\Microsoft Help
    2012-08-29 12:14:52 -------- d-----w- C:\Program Files (x86)\Alcohol Soft
    2012-08-29 12:11:32 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys
    2012-08-29 02:21:37 -------- d-----w- C:\Windows\ehome
    2012-08-29 02:18:32 -------- d-----w- C:\ProgramData\Recovery
    2012-08-28 21:52:25 -------- d-----w- C:\Users\jlb\AppData\Local\ElevatedDiagnostics
    2012-08-28 21:48:48 -------- d-----w- C:\ProgramData\LightScribe
    2012-08-28 21:43:47 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-08-28 21:38:52 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-08-28 21:38:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-08-28 21:38:51 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-08-28 21:38:25 41224 ----a-w- C:\Windows\avastSS.scr
    2012-08-28 21:38:12 -------- d-----w- C:\ProgramData\AVAST Software
    2012-08-28 21:38:12 -------- d-----w- C:\Program Files\AVAST Software
    2012-08-28 21:13:57 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
    2012-08-28 20:48:05 2565632 ----a-w- C:\Windows\System32\esent.dll
    2012-08-28 20:48:05 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-08-28 20:48:04 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2012-08-28 20:48:04 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2012-08-28 20:48:04 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2012-08-28 20:48:04 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2012-08-28 20:48:04 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
    2012-08-28 20:48:04 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
    2012-08-28 20:48:04 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2012-08-28 20:48:04 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2012-08-28 20:48:04 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2012-08-28 20:47:13 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2012-08-28 20:47:13 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
    2012-08-28 20:47:13 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2012-08-28 20:47:13 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2012-08-28 20:47:13 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2012-08-28 20:47:13 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2012-08-28 20:47:13 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2012-08-28 20:47:13 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2012-08-28 20:47:13 229376 ----a-w- C:\Windows\System32\fsquirt.exe
    2012-08-28 20:36:20 -------- d-----w- C:\Users\jlb\AppData\Local\Mozilla
    2012-08-28 20:36:14 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2012-08-28 20:34:54 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2012-08-28 20:34:38 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-08-28 20:34:37 -------- d-----w- C:\Windows\System32\Wat
    2012-08-28 19:55:06 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-08-28 19:51:21 294912 ----a-w- C:\Windows\System32\browserchoice.exe
    2012-08-28 19:39:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-08-28 19:39:59 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-08-28 19:39:59 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-08-28 19:39:59 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-08-28 19:39:59 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-28 19:39:59 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-28 19:39:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-08-28 19:35:22 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-08-28 19:35:22 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-08-28 19:35:16 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-08-28 19:35:16 67072 ----a-w- C:\Windows\splwow64.exe
    2012-08-28 19:35:16 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-08-28 19:35:15 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-08-28 19:33:59 2871808 ----a-w- C:\Windows\explorer.exe
    2012-08-28 19:32:41 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-08-28 19:27:56 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2012-08-28 19:26:41 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-08-28 19:26:41 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-08-28 19:16:33 -------- d-----w- C:\Users\jlb\AppData\Local\ATI
    2012-08-28 19:15:34 -------- d-----w- C:\Users\jlb\AppData\Roaming\hpqLog
    2012-08-28 19:14:40 -------- d-----w- C:\Users\jlb\AppData\Local\Hewlett-Packard
    2012-08-28 19:14:22 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-08-28 19:14:21 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-08-28 19:14:21 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-08-28 16:56:23 144347472 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc203C.tmp
    2012-08-28 16:50:26 -------- d-----w- C:\Program Files (x86)\HP Games
    2012-08-28 16:50:24 -------- d-----w- C:\ProgramData\WildTangent
    2012-08-28 16:48:57 -------- d-----w- C:\ProgramData\Norton
    2012-08-28 16:48:39 -------- d-----w- C:\ProgramData\NortonInstaller
    2012-08-28 16:46:48 540920 ----a-w- C:\Program Files (x86)\Online Services\Omnifone\MusicStation.exe
    2012-08-28 16:35:51 0 ----a-w- C:\Windows\ativpsrm.bin
    2012-08-28 16:34:52 -------- d-----w- C:\Windows\Hewlett-Packard
    2012-08-28 16:34:14 -------- d-----w- C:\Windows\Driver Cache
    2012-08-28 16:34:14 -------- d-----w- C:\Program Files (x86)\HP
    2012-08-28 16:34:06 52736 ----a-w- C:\Windows\System32\drivers\btmcom.sys
    2012-08-28 16:33:49 336136 ----a-w- C:\Windows\System32\btmcls.dll
    2012-08-28 16:33:48 3232768 ----a-w- C:\Windows\System32\drivers\btmusb.sys
    2012-08-28 16:33:48 -------- d-----w- C:\Program Files\Motorola
    2012-08-28 16:33:48 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
    2012-08-28 16:33:47 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
    2012-08-28 16:33:42 -------- d-----w- C:\Program Files (x86)\Ralink
    2012-08-28 16:33:33 931168 ----a-w- C:\Windows\System32\drivers\netr28x.sys
    2012-08-28 16:33:33 327008 ----a-w- C:\Windows\System32\RaCoInstx.dll
    2012-08-28 16:33:33 -------- d-----w- C:\ProgramData\Ralink Driver
    2012-08-28 16:32:37 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
    2012-08-28 16:32:20 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
    2012-08-28 16:32:20 442368 ----a-w- C:\Windows\System32\AESTEC64.dll
    2012-08-28 16:32:20 162304 ----a-w- C:\Windows\System32\AESTAC64.dll
    2012-08-28 16:32:19 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
    2012-08-28 16:32:19 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
    2012-08-28 16:32:19 487424 ----a-w- C:\Windows\sttray64.exe
    2012-08-28 16:32:19 3467264 ----a-w- C:\Windows\System32\stlang64.dll
    2012-08-28 16:32:19 12800512 ----a-w- C:\Windows\System32\idtcpl64.cpl
    2012-08-28 16:32:18 -------- d-----w- C:\Windows\System32\SRSLabs
    2012-08-28 16:31:50 515584 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
    2012-08-28 16:31:50 209920 ----a-w- C:\Windows\System32\staco64.dll
    2012-08-28 16:31:49 645632 ------w- C:\Windows\System32\stapi64.dll
    2012-08-28 16:31:49 431616 ----a-w- C:\Windows\System32\stcplx64.dll
    2012-08-28 16:31:49 1465344 ----a-w- C:\Windows\System32\stapo64.dll
    2012-08-28 16:31:47 -------- d-----w- C:\Program Files\IDT
    2012-08-28 16:31:44 7367200 ----a-w- C:\Windows\System32\RTSUSTORicon.dll
    2012-08-28 16:31:41 232992 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys
    2012-08-28 16:31:41 -------- d-----w- C:\Program Files (x86)\Realtek
    2012-08-28 16:31:21 -------- d-----w- C:\Program Files\Validity Sensors
    2012-08-28 16:31:10 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys
    2012-08-28 16:30:55 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
    2012-08-28 16:30:36 -------- d-----w- C:\Program Files\Synaptics
    2012-08-28 16:29:04 -------- d-----w- C:\Program Files\ATI
    2012-08-28 16:29:03 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    .
    ==================== Find3M ====================
    .
    2012-08-29 19:21:42 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-08-29 19:21:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-08-28 18:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-20 15:23:52 166232 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
    2012-08-20 15:23:52 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
    2012-08-20 15:23:50 320856 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2006-05-03 10:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
    2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
    2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
    2010-01-06 22:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
    .
    ============= FINISH: 19:27:13,26 ===============
  4. 2012-09-29, 15:31 #4
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Please post attach.txt contents too.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  5. 2012-09-29, 17:08 #5
    jlb92100
    jlb92100 is offline
    Junior Member
    Join Date
    Sep 2012
    Posts
    11

    Default here is attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows*7 Édition Familiale Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 28/08/2012 21:10:12
    System Uptime: 25/09/2012 19:18:02 (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 144A
    Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | CPU | 1999/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 195 GiB total, 69,4 GiB free.
    D: is FIXED (NTFS) - 250 GiB total, 84,871 GiB free.
    E: is CDROM ()
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP63: 22/09/2012 18:15:30 - Windows Update
    RP64: 22/09/2012 23:31:56 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4) - Français
    Adobe Shockwave Player 11.5
    Agatha Christie - Death on the Nile
    Android Sync Manager WiFi
    Archiveur WinRAR
    µTorrent
    AusLogics BoostSpeed
    avast! Free Antivirus
    BankPerfect 3.12
    Bejeweled 2 Deluxe
    BufferChm
    CanoScan Toolbox Ver4.1
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    Cobian Backup 11 Gravity
    Corel Paint Shop Pro Photo XI
    CyberLink DVD Suite
    D2400
    D2400_Help
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DeviceDiscovery
    Diner Dash 2 Restaurant Rescue
    dj_sf_ProductContext
    dj_sf_software
    dj_sf_software_req
    Détection de l'application Winamp
    DVD Menu Pack for HP MediaSmart Video
    EasyBCD 2.1.2
    Emsisoft Anti-Malware
    eMule
    Energy Star Digital Logo
    ESU for Microsoft Windows 7
    FATE
    FileZilla Client 3.5.3
    Galerie de photos Windows Live
    Google Update Helper
    Google*Earth
    GPBaseService2
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Advisor
    HP Customer Experience Enhancements
    HP Documentation
    HP DVB-T TV Tuner 8.0.64.43
    HP Game Console
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart Video
    HP MediaSmart Webcam
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Software Framework
    HP Support Assistant
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    IDT Audio
    Insaniquarium Deluxe
    Installation Windows Live
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    Java Auto Updater
    Java(TM) 6 Update 35
    Jewel Quest II
    Jewel Quest Solitaire
    John Deere Drive Green
    Junk Mail filter update
    jv16 PowerTools 2008
    K-Lite Codec Pack 9.2.0 (Basic)
    LabelPrint
    LightScribe System Software
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Magic Desktop
    Malwarebytes Anti-Malware version 1.65.0.1400
    MarketResearch
    Microsoft Choice Guard
    Microsoft Math 3.0
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (French) 2010
    Microsoft Office Excel MUI (French) 2010
    Microsoft Office Groove MUI (French) 2010
    Microsoft Office InfoPath MUI (French) 2010
    Microsoft Office OneNote MUI (French) 2010
    Microsoft Office Outlook MUI (French) 2010
    Microsoft Office PowerPoint MUI (French) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Professionnel Plus 2010
    Microsoft Office Proof (Arabic) 2010
    Microsoft Office Proof (Dutch) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (French) 2010
    Microsoft Office Publisher MUI (French) 2010
    Microsoft Office Shared MUI (French) 2010
    Microsoft Office Word MUI (French) 2010
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Minolta DiMAGE Scan Dual3 ver 1.0
    MotoHelper 2.1.32 Driver 5.4.0
    MotoHelper MergeModules
    MOTOROLA MEDIA LINK
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox 15.0 (x86 fr)
    Mozilla Firefox 15.0.1 (x86 fr)
    Mozilla Maintenance Service
    MSI Star Cam 370i
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyGuard Live
    Notepad++
    Outil de téléchargement Windows Live
    Penguins!
    PhotoNow!
    Plants vs. Zombies
    Polar Bowler
    Power2Go
    PowerDirector
    PX Profile Update
    Ralink RT3090 802.11b/g/n WiFi Adapter
    Readiris Pro 9
    Realtek Ethernet Controller Driver For Windows 7
    Realtek USB 2.0 Card Reader
    Recovery Manager
    RocketDock 1.3.5
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Slingo Deluxe
    SmartWebPrinting
    SolutionCenter
    Spybot - Search & Destroy
    Status
    SUPER © v2012.build.52 (July 7, 2012) version v2012.build.52
    Toolbox
    TrayApp
    TrueCrypt
    Ubuntu
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Virtual Villagers - The Secret City
    VLC media player 2.0.3
    WebReg
    Wedding Dash
    Winamp
    Windows Live Call
    Windows Live Communications Platform
    Windows Live FolderShare
    Windows Live Mail
    Windows Live Messenger
    Windows Live Writer
    Yahoo! Install Manager
    Yahoo! Widgets
    Zuma Deluxe
    .
    ==== End Of File ===========================
  6. 2012-09-30, 17:02 #6
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent
    eMule


    I'd like you to read this thread.

    Please uninstall the programs listed above (in red).

    When done post fresh DDS logs (dds.txt & attach.txt) contents + Spybot results.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  7. 2012-09-30, 21:35 #7
    jlb92100
    jlb92100 is offline
    Junior Member
    Join Date
    Sep 2012
    Posts
    11

    Default

    nothing detected by spybot ( ending normaly)
    here after the dds.txt and attch as zip file
    I have remoded the 2 software installed by my son when I am on hollidays.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
    Run by jlb at 21:24:58 on 2012-09-30
    Microsoft Windows*7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3894.1957 [GMT 2:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
    C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Windows\SysWOW64\PSIService.exe
    C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Motorola\Bluetooth\obexsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Windows\vsnpstd3.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\Motorola\Bluetooth\audiosrv.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Windows\tsnpstd3.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\sysWow64\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.fr/
    mWindow Title =
    mWinlogon: Userinit=userinit.exe
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Programme d’aide de l’Assistant de connexion au compte Microsoft: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [tsnpstd3] C:\Windows\tsnpstd3.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\jlb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &Envoyer à OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: Ajouter au fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir au format PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{CFE71F7E-F1CA-480B-B879-552ED7E2F7B2} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    LSA: Notification Packages = DPPassFilter scecli
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    {0347C33E-8762-4905-BF09-768834316C61}
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    {53707962-6F74-2D53-2644-206D7942484F}
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {AE7CD045-E861-484f-8273-0445EE161910}
    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    {F4971EE7-DAA0-4053-9964-665D8EE6A077}
    {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
    {47833539-D0C5-4125-9FA8-0819E2EAAC93}
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun-x64: [tsnpstd3] C:\Windows\tsnpstd3.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    IE-X64: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
    AppInit_DLLs-X64: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids
    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\jlb\AppData\Roaming\Mozilla\Firefox\Profiles\fqj6eua6.default-1348409337555\
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=181d524200000000000060eb6943ca9a
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-8-29 23208]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-8-29 3075920]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-8-28 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-28 44808]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2012-8-28 677128]
    R2 cbVSCService11;Cobian Backup 11 Service « Volume Shadow Copy »;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-8-29 67584]
    R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe [2011-2-25 87344]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
    R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-29 1153368]
    R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-28 2533400]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2012-8-28 4181256]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2012-8-28 1096968]
    R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-8-28 1028096]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 ezSharedSvc;Easybits Services for Windows; [x]
    S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-1 136176]
    S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-8-29 66320]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-29 250568]
    S3 BTMCOM;Bluetooth Serial Port;C:\Windows\system32\Drivers\btmcom.sys --> C:\Windows\system32\Drivers\btmcom.sys [?]
    S3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\system32\Drivers\btmusb.sys --> C:\Windows\system32\Drivers\btmusb.sys [?]
    S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-1 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-28 114144]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== File Associations ===============
    .
    .scr=SageThumbsImage.scr
    .
    =============== Created Last 30 ================
    .
    2012-09-29 21:04:16 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{22817433-090B-40CE-AEBA-8EF69A8489E8}\offreg.dll
    2012-09-28 07:20:04 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{22817433-090B-40CE-AEBA-8EF69A8489E8}\mpengine.dll
    2012-09-27 11:07:04 -------- d-----w- C:\Users\jlb\AppData\Roaming\Windows Live Writer
    2012-09-27 11:07:04 -------- d-----w- C:\Users\jlb\AppData\Local\Windows Live Writer
    2012-09-27 10:33:47 -------- d-----w- C:\Users\jlb\Tracing
    2012-09-27 10:27:38 -------- d-----w- C:\Windows\fr
    2012-09-27 10:09:58 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
    2012-09-27 10:09:58 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
    2012-09-27 10:09:58 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
    2012-09-27 10:09:58 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
    2012-09-27 10:09:57 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
    2012-09-27 10:09:57 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
    2012-09-27 10:09:56 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
    2012-09-27 10:09:56 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
    2012-09-27 10:09:25 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2012-09-27 10:09:25 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2012-09-27 10:08:24 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\700d1361cd9c9805\DSETUP.dll
    2012-09-27 10:08:24 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\700d1361cd9c9805\DXSETUP.exe
    2012-09-27 10:08:24 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\700d1361cd9c9805\dsetup32.dll
    2012-09-27 10:08:22 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\522e2761cd9c9804\DXSETUP.exe
    2012-09-27 10:08:21 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\522e2761cd9c9804\DSETUP.dll
    2012-09-27 10:08:21 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\522e2761cd9c9804\dsetup32.dll
    2012-09-27 10:08:16 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28d60d71cd9c9802\DSETUP.dll
    2012-09-27 10:08:16 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28d60d71cd9c9802\DXSETUP.exe
    2012-09-27 10:08:16 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28d60d71cd9c9802\dsetup32.dll
    2012-09-27 10:08:07 -------- d-----w- C:\Users\jlb\AppData\Local\Windows Live
    2012-09-26 08:17:07 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-09-25 21:23:30 -------- d-----w- C:\Users\jlb\AppData\Roaming\Safer Networking
    2012-09-25 21:22:56 -------- d-----w- C:\Program Files (x86)\Safer Networking
    2012-09-24 12:22:36 -------- d-----w- C:\Program Files\Unlocker
    2012-09-22 21:42:44 -------- d-----w- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
    2012-09-22 21:31:53 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2012-09-22 21:31:52 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-09-22 21:31:52 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-09-21 18:17:50 -------- d-----w- C:\Program Files\ATI Technologies
    2012-09-21 17:06:00 51032 ----a-r- C:\Windows\System32\AdobePDF.dll
    2012-09-21 17:06:00 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
    2012-09-20 21:06:11 719872 ----a-w- C:\Windows\SysWow64\devil.dll
    2012-09-20 21:06:11 70656 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
    2012-09-20 21:06:11 70656 ----a-w- C:\Windows\SysWow64\i420vfw.dll
    2012-09-20 21:06:11 369152 ----a-w- C:\Windows\SysWow64\avisynth.dll
    2012-09-20 21:06:11 32256 ----a-w- C:\Windows\SysWow64\AVSredirect.dll
    2012-09-20 21:06:11 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
    2012-09-20 20:46:46 -------- d-----w- C:\ProgramData\Browser Manager
    2012-09-20 20:25:59 178688 ----a-w- C:\Windows\SysWow64\unrar.dll
    2012-09-20 20:25:54 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
    2012-09-19 16:26:22 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
    2012-09-19 16:20:03 -------- d-----w- C:\ProgramData\Stardock
    2012-09-19 16:19:55 -------- d-----w- C:\Program Files (x86)\Stardock
    2012-09-18 19:18:22 -------- d-----w- C:\Program Files\gs
    2012-09-18 17:06:23 -------- d-----w- C:\Program Files (x86)\SageThumbs
    2012-09-12 07:35:29 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-09-12 07:34:56 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 07:34:56 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 07:34:55 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 07:34:55 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 07:34:54 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 07:34:54 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-09-12 07:34:53 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-05 20:22:00 8107 ----a-w- C:\Windows\w7dsd.reg
    2012-09-05 20:22:00 8089 ----a-w- C:\Windows\w7dse.reg
    2012-09-05 20:22:00 275360 ----a-w- C:\Windows\System32\DreamScene.dll
    2012-09-05 11:48:34 -------- d-----w- C:\Program Files (x86)\Unlocker
    2012-09-05 09:35:27 -------- d-----w- C:\Program Files (x86)\Winamp Detect
    2012-09-05 08:41:10 -------- d-----w- C:\Users\jlb\dwhelper
    2012-09-04 20:14:12 -------- d-----w- C:\Users\jlb\VirtualBox VMs
    2012-09-04 19:32:28 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
    2012-09-04 19:32:27 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
    2012-09-04 19:32:23 -------- d-----w- C:\Program Files\Oracle
    2012-09-04 13:03:23 -------- d-----w- C:\vhd
    2012-09-04 12:18:18 -------- d-----w- C:\ubuntu
    2012-09-04 09:48:55 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
    2012-09-04 09:48:54 -------- d-----w- C:\Windows\System32\wbem\en-US
    2012-09-04 08:15:55 -------- d-----w- C:\Temp
    2012-09-04 08:15:44 -------- d-----w- C:\Program Files\Motorola Inc
    2012-09-03 21:55:42 -------- d-----w- C:\Users\jlb\AppData\Roaming\motorola
    2012-09-03 21:55:28 -------- d-----w- C:\ProgramData\Motorola
    2012-09-03 21:53:50 -------- d-----w- C:\ProgramData\Nero
    2012-09-03 21:53:49 -------- d-----w- C:\Users\jlb\AppData\Local\Motorola
    2012-09-03 21:53:49 -------- d-----w- C:\Program Files (x86)\Motorola Media Link
    2012-09-03 21:53:07 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
    2012-09-03 21:53:05 -------- d-----w- C:\Program Files (x86)\Motorola
    2012-09-03 21:52:23 -------- d-----w- C:\Users\jlb\AppData\Local\Downloaded Installations
    2012-09-03 16:36:00 -------- d-----w- C:\Program Files (x86)\bankperfect
    2012-09-03 16:31:29 -------- d-----w- C:\Program Files (x86)\MSI
    2012-09-03 16:30:55 327168 ----a-w- C:\Windows\IsUninst.exe
    2012-09-03 16:30:13 94208 ------w- C:\Windows\amcap.exe
    2012-09-03 16:30:06 94208 ------w- C:\Windows\tsnpstd3.exe
    2012-09-03 16:30:02 788480 ------w- C:\Windows\SysWow64\drivers\snpstd3.sys
    2012-09-03 16:30:02 61440 ------w- C:\Windows\SysWow64\rsnpstd3.dll
    2012-09-03 16:30:02 571904 ------w- C:\Windows\SysWow64\csnpstd3.dll
    2012-09-03 16:30:02 20480 ------w- C:\Windows\usnpstd3.exe
    2012-09-03 16:30:02 -------- d-----w- C:\Program Files (x86)\Common Files\snpstd3
    2012-09-03 16:29:41 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2012-09-03 16:29:41 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2012-09-03 16:29:41 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2012-09-03 16:29:41 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2012-09-03 16:29:41 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2012-09-03 16:29:40 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2012-09-03 16:29:40 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2012-09-03 16:05:28 950272 ----a-w- C:\Windows\SysWow64\PQueen20.dll
    2012-09-03 16:05:28 61440 ----a-w- C:\Windows\SysWow64\MFSIFLib2889.dll
    2012-09-03 16:05:28 389120 ----a-w- C:\Windows\SysWow64\MCMLDS.dll
    2012-09-03 16:05:28 110592 ----a-w- C:\Windows\SysWow64\pfudsrv.dll
    2012-09-03 16:05:27 278528 ----a-w- C:\Windows\SysWow64\MFSLib2889.dll
    2012-09-03 16:05:27 126976 ----a-w- C:\Windows\SysWow64\MFSBaseLib2889.dll
    2012-09-03 16:05:27 -------- d-----w- C:\Program Files (x86)\DS_Dual3
    2012-09-03 15:47:20 23040 ----a-w- C:\Windows\SysWow64\irisco32.dll
    2012-09-03 15:46:38 -------- d-----w- C:\Program Files (x86)\Readiris Pro 9
    2012-09-03 15:40:54 -------- d-----w- C:\Program Files (x86)\Canon
    2012-09-03 15:40:38 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-09-03 15:40:38 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-09-03 15:40:38 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-09-03 15:40:38 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-09-03 15:40:37 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2012-09-03 14:51:27 64512 ----a-w- C:\Windows\System32\CNQU110.DLL
    2012-09-03 14:51:27 193024 ----a-w- C:\Windows\System32\CNQL1213.DLL
    2012-09-03 14:51:27 -------- d--h--w- C:\CanoScan
    2012-09-03 14:47:31 -------- d-----w- C:\ProgramData\WEBREG
    2012-09-03 14:47:01 -------- d-----w- C:\Users\jlb\AppData\Local\HP
    2012-09-03 14:46:30 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
    2012-09-03 14:43:25 -------- d-----w- C:\Program Files (x86)\Common Files\HP
    2012-09-03 13:26:45 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    2012-09-02 21:53:33 -------- d-----w- C:\Users\jlb\AppData\Roaming\XnView
    2012-09-02 21:26:50 -------- d-----w- C:\Users\jlb\AppData\Roaming\uTorrent
    2012-09-02 20:59:22 -------- d-----w- C:\ProgramData\eMule
    2012-09-02 20:58:53 -------- d-----w- C:\Users\jlb\AppData\Local\eMule
    2012-09-02 20:48:25 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
    2012-09-02 20:48:25 -------- d-----r- C:\Users\jlb\SkyDrive
    2012-09-02 20:47:59 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
    2012-09-02 20:46:59 -------- d-----w- C:\Program Files (x86)\MSECache
    2012-09-01 20:01:00 -------- d-----w- C:\Users\jlb\AppData\Local\Yahoo
    2012-09-01 20:00:56 -------- d-----w- C:\Program Files (x86)\Yahoo!
    2012-09-01 16:36:38 -------- d-----w- C:\Users\jlb\.VirtualBox
    2012-09-01 16:32:13 -------- d-----w- C:\Users\jlb\AppData\Roaming\Mobile Action
    2012-09-01 16:32:13 -------- d-----w- C:\Program Files (x86)\Mobile Action
    2012-08-31 22:28:52 -------- d-----w- C:\Users\jlb\AppData\Local\Google
    2012-08-31 22:18:40 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2012-08-31 22:18:39 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
    2012-08-31 22:18:09 -------- d-----w- C:\Users\jlb\AppData\Roaming\Todae
    2012-08-31 22:18:06 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2012-08-31 21:59:10 -------- d-----w- C:\Program Files (x86)\eRightSoft
    2012-08-31 21:37:24 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
    2012-08-31 21:30:33 88 --sh--r- C:\Windows\SysWow64\4B198299A4.sys
    2012-08-31 21:30:33 2880 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
    2012-08-31 21:30:10 -------- d-----w- C:\ProgramData\Corel
    2012-08-31 21:22:08 -------- d-----w- C:\Windows\SysWow64\Spool
    2012-08-31 21:20:32 -------- d-----w- C:\Program Files (x86)\Corel
    2012-08-31 20:51:03 -------- d-----w- C:\Program Files (x86)\Microsoft Math 3.0
    .
    ==================== Find3M ====================
    .
    2012-09-07 15:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-05 16:41:15 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-05 16:41:15 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-29 21:00:51 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
    2012-08-29 19:21:42 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-08-29 19:21:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-08-28 18:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-08-28 18:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-28 16:35:51 0 ----a-w- C:\Windows\ativpsrm.bin
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-08-21 09:13:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
    2012-08-20 15:23:52 166232 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
    2012-08-20 15:23:52 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
    2012-08-20 15:23:50 320856 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
    2012-07-28 01:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2012-07-28 00:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR
    2012-07-26 17:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
    2012-07-26 17:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
    2012-07-26 17:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
    2012-07-26 17:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll
    2012-07-26 17:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll
    2012-07-26 13:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll
    2012-07-26 13:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll
    2012-07-26 13:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
    2012-07-26 13:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll
    2012-07-26 13:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-17 13:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL
    2012-07-17 12:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
    2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
    2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2006-05-03 10:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
    2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
    2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
    2010-01-06 22:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
    .
    ============= FINISH: 21:26:20,39 ===============
  8. 2012-10-01, 07:17 #8
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  9. 2012-10-01, 17:42 #9
    jlb92100
    jlb92100 is offline
    Junior Member
    Join Date
    Sep 2012
    Posts
    11

    Default Third time try to replay

    Hi,

    First Combofix
    second dds.txt
    third attach.txt

    all attached as Zip files

    thks for your reply.

    Jean-Louis
  10. 2012-10-01, 21:03 #10
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again,

    Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
    • Run Spybot-S&D in Advanced Mode
    • If it is not already set to do this, go to the Mode menu
      select
      Advanced Mode
    • On the left hand side, click on Tools
    • Then click on the Resident icon in the list
    • Uncheck
      Resident TeaTimer
       and OK any prompts.
    • Restart your computer




    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    Firefox::
FF - ProfilePath - C:\Users\jlb\AppData\Roaming\Mozilla\Firefox\Profiles\fqj6eua6.default-1348409337555\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
Folder::
C:\Users\jlb\AppData\Roaming\uTorrent
C:\ProgramData\eMule
C:\Users\jlb\AppData\Local\eMule
DDS::
mWindow Title = 
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
    Then post the resultant log.

    Uninstall your current Adobe shockwave player and get the fresh one here if needed.


    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
    • Click Scan
    • Wait for the scan to finish.



    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Any issues left?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules