Plyteuth
2010-10-27, 20:11
Hi guys, love the site, amazing work you guys are doing here. So anyway, I've been tracking this virus i have on my computer for some time, and I think found out what it is, I've been using ASO spyware detection software(that comes along with the whole software thing), and i found two Trojan-backdoor.Bifrose.aci. Inwhich i proceeded to delete, on my next bootup i did another scan and to my surprise i found them again. So ive been proceeding to delete them everytime i boot up, but i dont think that should be enough. I think it infected my mbr, not to sure. THought id come to you guys.
Anyway heres my log from DDS:
DDS (Ver_10-10-21.02) - NTFS_AMD64
Run by Matthew at 11:03:34.09 on Wed 10/27/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6134.4707 [GMT -7:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Users\Matthew\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\explorer.exe
C:\Windows\system32\calc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Matthew\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Octoshape Streaming Services] "C:\Users\Matthew\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\HmelyoffLabs\VHToolkit\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
mRun-x64: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
mRun-x64: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\67e0p3im.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\67e0p3im.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\67e0p3im.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\67e0p3im.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Matthew\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Matthew\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-26 55856]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-25 203264]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2010-7-17 263480]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-6-24 90112]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-2-18 294912]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2010-8-22 101048]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-8-15 91456]
R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2010-6-27 5556520]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2010-6-27 127784]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-8-25 7767040]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-8-25 279040]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-7-15 116240]
R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2010-9-29 1261568]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-7-4 139880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-8-9 1038088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-22 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2009-6-19 20992]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\System32\drivers\motport.sys [2009-10-27 30208]
S3 RecFltr;Reclusa Keyboard;C:\Windows\System32\drivers\RecFltr.sys [2007-1-18 45440]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-15 515560]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-24 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-20 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
============== File Associations ===============
cmdfile=NOTEPAD.EXE %1
JSEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2010-10-27 05:27:01 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 05:27:01 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 05:27:01 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 05:27:00 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 05:27:00 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 05:27:00 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 05:27:00 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 05:26:52 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-26 11:34:20 8006480 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{5A054138-A440-4BE8-8FDD-960A21F4C521}\mpengine.dll
2010-10-24 05:03:46 -------- d-----w- C:\SC2Replay Archive
2010-10-24 00:23:21 -------- d-----w- C:\Users\Matthew\AppData\Roaming\RayV
2010-10-24 00:23:17 -------- d-----w- C:\Program Files (x86)\RayV
2010-10-23 08:37:53 -------- d-----w- C:\Program Files (x86)\Kreatives.org
2010-10-23 08:37:31 -------- d-----w- C:\Users\Matthew\AppData\Roaming\GetRightToGo
2010-10-23 04:45:39 -------- d-----w- C:\Program Files (x86)\VirtualDJ
2010-10-23 04:00:25 -------- d-----w- C:\Program Files (x86)\NCH Swift Sound
2010-10-23 04:00:23 -------- d-----w- C:\Users\Matthew\AppData\Roaming\NCH Software
2010-10-23 03:59:58 -------- d-----w- C:\Program Files (x86)\NCH Software
2010-10-22 10:02:25 -------- d-----w- C:\Windows\en
2010-10-22 10:01:45 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-10-22 10:00:20 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-10-22 09:59:32 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-10-22 09:59:07 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2010-10-22 09:58:34 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af83109f1cb71cf1d\InstallManager_WLE_WLE.exe
2010-10-22 09:58:28 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ac11f8d91cb71cf1c\MeshBetaRemover.exe
2010-10-22 09:58:26 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ab3d8ebc1cb71cf1b\DSETUP.dll
2010-10-22 09:58:26 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ab3d8ebc1cb71cf1b\DXSETUP.exe
2010-10-22 09:58:26 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ab3d8ebc1cb71cf1b\dsetup32.dll
2010-10-22 09:58:22 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a82a76d61cb71cf1a\DXSETUP.exe
2010-10-22 09:58:22 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a82a76d61cb71cf1a\dsetup32.dll
2010-10-22 09:58:21 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a82a76d61cb71cf1a\DSETUP.dll
2010-10-22 09:57:19 -------- d-----w- C:\Users\Matthew\AppData\Local\Windows Live
2010-10-22 09:56:55 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-22 09:56:55 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-22 09:56:54 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-22 09:56:54 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-22 09:56:54 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-22 09:56:54 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-22 09:56:54 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-15 02:48:52 -------- d-----w- C:\Program Files (x86)\CamStudio
2010-10-14 21:59:48 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Malwarebytes
2010-10-14 21:59:40 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-14 21:59:39 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-14 21:59:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-14 21:59:39 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-14 20:54:54 -------- d-----w- C:\PROGRA~3\CCP
2010-10-14 20:54:50 -------- d-----w- C:\Users\Matthew\AppData\Local\CCP
2010-10-13 16:19:55 171880 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10134.bin
2010-10-12 22:25:09 -------- d-----w- C:\Program Files (x86)\HmelyoffLabs
2010-10-12 19:36:57 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2010-10-07 23:04:37 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2010-10-07 23:04:30 -------- d-----w- C:\Users\Matthew\AppData\Local\PunkBuster
2010-10-07 12:58:50 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-10-07 12:58:49 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-10-07 12:58:49 2601752 ----a-w- C:\Windows\SysWow64\pbsvc_moh.exe
2010-10-01 05:16:33 331263 ----a-w- C:\Windows\LOOP.exe
2010-10-01 01:42:15 -------- d-----w- C:\Program Files (x86)\Digidesign
2010-10-01 01:42:14 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign
2010-09-30 04:43:02 -------- d-----w- C:\Program Files (x86)\ASUS PMP Lite
2010-09-30 04:33:59 1261568 ----a-w- C:\Windows\System32\drivers\cmudaxp.sys
2010-09-30 04:32:07 -------- d-----w- C:\Users\Matthew\AppData\Roaming\ASUS
2010-09-30 04:30:46 524768 ----a-w- C:\Windows\difxapi.dll
2010-09-30 04:30:46 359424 ------w- C:\Windows\System32\CmiInstallResAll64.dll
2010-09-30 04:30:40 32768 ----a-w- C:\Windows\System32\cmudaxp.dll
2010-09-30 04:30:40 315392 ----a-w- C:\Windows\SysWow64\CmiFltr.dll
2010-09-30 04:30:40 315392 ----a-w- C:\Windows\system\CmiFltr.dll
2010-09-29 10:00:57 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 04:16:38 -------- d-----w- C:\Windows\SysWow64\BestPractices
2010-09-29 04:16:33 -------- d-----w- C:\Windows\System32\BestPractices
2010-09-29 04:16:29 -------- d-----w- C:\inetpub
2010-09-28 22:53:33 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-28 22:53:33 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-28 22:53:30 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-28 22:53:30 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
==================== Find3M ====================
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-30 04:34:53 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-09-30 04:34:51 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-09-30 04:34:51 111616 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-09-30 04:34:51 102400 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-09-30 04:26:23 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2010-09-26 05:54:01 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2010-09-26 05:54:01 338432 ------w- C:\Windows\SysWow64\REX Shared Library.dll
2010-09-23 07:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 07:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 21:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 21:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-26 03:37:26 7767040 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-08-26 02:14:12 20736000 ----a-w- C:\Windows\System32\atio6axx.dll
2010-08-26 02:01:14 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-08-26 02:01:04 528384 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-08-26 02:00:02 616960 ----a-w- C:\Windows\System32\aticfx64.dll
2010-08-26 01:57:58 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-08-26 01:57:50 462336 ----a-w- C:\Windows\System32\atieclxx.exe
2010-08-26 01:57:14 203264 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-08-26 01:56:06 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-08-26 01:55:50 421376 ----a-w- C:\Windows\System32\atipdl64.dll
2010-08-26 01:55:48 15830016 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-08-26 01:55:42 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-08-26 01:55:32 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-08-26 01:55:28 12288 ----a-w- C:\Windows\System32\atimuixx.dll
2010-08-26 01:55:22 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-08-26 01:55:18 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-08-26 01:52:22 3914240 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-08-26 01:43:28 4602880 ----a-w- C:\Windows\System32\atidxx64.dll
2010-08-26 01:34:38 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-08-26 01:34:36 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-08-26 01:34:28 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-08-26 01:34:26 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-08-26 01:34:16 5425664 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-08-26 01:33:52 4032512 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-08-26 01:33:08 4375552 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-08-26 01:33:02 3147264 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-08-26 01:27:58 57344 ----a-w- C:\Windows\System32\coinst.dll
2010-08-26 01:27:54 5202944 ----a-w- C:\Windows\System32\atiumd64.dll
2010-08-26 01:25:58 3392000 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-08-26 01:21:24 338432 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-08-26 01:21:18 241664 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-08-26 01:21:08 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-08-26 01:21:06 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-08-26 01:21:06 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-08-26 01:21:02 21504 ----a-w- C:\Windows\System32\atig6txx.dll
2010-08-26 01:21:00 19968 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-08-26 01:20:56 279040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-08-26 01:20:14 39424 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-08-26 01:20:08 30208 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-08-26 01:20:04 37376 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-08-26 01:19:56 28160 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-08-26 01:19:28 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-08-26 01:13:22 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-08-26 01:13:22 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-08-26 01:13:16 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-08-26 01:13:16 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-07-31 01:35:50 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2005-03-22 12:49:14 287232 ----a-w- C:\Program Files (x86)\Adobelmsvc Installer.dll
2005-03-22 10:48:16 2142208 ----a-w- C:\Program Files (x86)\PSArt.dll
2005-03-22 10:48:14 1748992 ----a-w- C:\Program Files (x86)\PSViews.dll
2005-03-22 10:48:14 1323008 ----a-w- C:\Program Files (x86)\Photoshop.dll
2005-03-22 10:43:50 1144622 ----a-w- C:\Program Files (x86)\Tw10122.dat
2005-03-22 10:41:12 19980288 ----a-w- C:\Program Files (x86)\ImageReady.exe
2005-03-22 10:13:04 41984 ----a-w- C:\Program Files (x86)\Plugin.dll
2005-03-17 01:57:34 61440 ----a-w- C:\Program Files (x86)\regsresen_US.dll
2005-03-13 20:10:58 4096000 ----a-w- C:\Program Files (x86)\PDFL70.dll
2005-03-13 19:01:44 1805824 ----a-w- C:\Program Files (x86)\AGM.dll
2005-03-11 03:31:36 3715072 ----a-w- C:\Program Files (x86)\MPS.dll
2005-03-10 00:59:30 1560169 ----a-w- C:\Program Files (x86)\AdobeLM.dll
============= FINISH: 11:03:50.01 ===============
Anyway heres my log from DDS:
DDS (Ver_10-10-21.02) - NTFS_AMD64
Run by Matthew at 11:03:34.09 on Wed 10/27/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6134.4707 [GMT -7:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Users\Matthew\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\explorer.exe
C:\Windows\system32\calc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Matthew\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Octoshape Streaming Services] "C:\Users\Matthew\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\HmelyoffLabs\VHToolkit\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
mRun-x64: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
mRun-x64: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\67e0p3im.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\67e0p3im.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\67e0p3im.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\67e0p3im.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Matthew\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Matthew\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-26 55856]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-25 203264]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2010-7-17 263480]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-6-24 90112]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-2-18 294912]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2010-8-22 101048]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-8-15 91456]
R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2010-6-27 5556520]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2010-6-27 127784]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-8-25 7767040]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-8-25 279040]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-7-15 116240]
R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2010-9-29 1261568]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-7-4 139880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-8-9 1038088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-22 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2009-6-19 20992]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\System32\drivers\motport.sys [2009-10-27 30208]
S3 RecFltr;Reclusa Keyboard;C:\Windows\System32\drivers\RecFltr.sys [2007-1-18 45440]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-15 515560]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-24 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-20 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
============== File Associations ===============
cmdfile=NOTEPAD.EXE %1
JSEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2010-10-27 05:27:01 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 05:27:01 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 05:27:01 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 05:27:00 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 05:27:00 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 05:27:00 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 05:27:00 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 05:26:52 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-26 11:34:20 8006480 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{5A054138-A440-4BE8-8FDD-960A21F4C521}\mpengine.dll
2010-10-24 05:03:46 -------- d-----w- C:\SC2Replay Archive
2010-10-24 00:23:21 -------- d-----w- C:\Users\Matthew\AppData\Roaming\RayV
2010-10-24 00:23:17 -------- d-----w- C:\Program Files (x86)\RayV
2010-10-23 08:37:53 -------- d-----w- C:\Program Files (x86)\Kreatives.org
2010-10-23 08:37:31 -------- d-----w- C:\Users\Matthew\AppData\Roaming\GetRightToGo
2010-10-23 04:45:39 -------- d-----w- C:\Program Files (x86)\VirtualDJ
2010-10-23 04:00:25 -------- d-----w- C:\Program Files (x86)\NCH Swift Sound
2010-10-23 04:00:23 -------- d-----w- C:\Users\Matthew\AppData\Roaming\NCH Software
2010-10-23 03:59:58 -------- d-----w- C:\Program Files (x86)\NCH Software
2010-10-22 10:02:25 -------- d-----w- C:\Windows\en
2010-10-22 10:01:45 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-10-22 10:00:20 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-10-22 09:59:32 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-10-22 09:59:07 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2010-10-22 09:58:34 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af83109f1cb71cf1d\InstallManager_WLE_WLE.exe
2010-10-22 09:58:28 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ac11f8d91cb71cf1c\MeshBetaRemover.exe
2010-10-22 09:58:26 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ab3d8ebc1cb71cf1b\DSETUP.dll
2010-10-22 09:58:26 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ab3d8ebc1cb71cf1b\DXSETUP.exe
2010-10-22 09:58:26 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ab3d8ebc1cb71cf1b\dsetup32.dll
2010-10-22 09:58:22 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a82a76d61cb71cf1a\DXSETUP.exe
2010-10-22 09:58:22 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a82a76d61cb71cf1a\dsetup32.dll
2010-10-22 09:58:21 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a82a76d61cb71cf1a\DSETUP.dll
2010-10-22 09:57:19 -------- d-----w- C:\Users\Matthew\AppData\Local\Windows Live
2010-10-22 09:56:55 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-22 09:56:55 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-22 09:56:54 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-22 09:56:54 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-22 09:56:54 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-22 09:56:54 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-22 09:56:54 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-15 02:48:52 -------- d-----w- C:\Program Files (x86)\CamStudio
2010-10-14 21:59:48 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Malwarebytes
2010-10-14 21:59:40 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-14 21:59:39 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-14 21:59:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-14 21:59:39 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-14 20:54:54 -------- d-----w- C:\PROGRA~3\CCP
2010-10-14 20:54:50 -------- d-----w- C:\Users\Matthew\AppData\Local\CCP
2010-10-13 16:19:55 171880 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10134.bin
2010-10-12 22:25:09 -------- d-----w- C:\Program Files (x86)\HmelyoffLabs
2010-10-12 19:36:57 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2010-10-07 23:04:37 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2010-10-07 23:04:30 -------- d-----w- C:\Users\Matthew\AppData\Local\PunkBuster
2010-10-07 12:58:50 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-10-07 12:58:49 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-10-07 12:58:49 2601752 ----a-w- C:\Windows\SysWow64\pbsvc_moh.exe
2010-10-01 05:16:33 331263 ----a-w- C:\Windows\LOOP.exe
2010-10-01 01:42:15 -------- d-----w- C:\Program Files (x86)\Digidesign
2010-10-01 01:42:14 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign
2010-09-30 04:43:02 -------- d-----w- C:\Program Files (x86)\ASUS PMP Lite
2010-09-30 04:33:59 1261568 ----a-w- C:\Windows\System32\drivers\cmudaxp.sys
2010-09-30 04:32:07 -------- d-----w- C:\Users\Matthew\AppData\Roaming\ASUS
2010-09-30 04:30:46 524768 ----a-w- C:\Windows\difxapi.dll
2010-09-30 04:30:46 359424 ------w- C:\Windows\System32\CmiInstallResAll64.dll
2010-09-30 04:30:40 32768 ----a-w- C:\Windows\System32\cmudaxp.dll
2010-09-30 04:30:40 315392 ----a-w- C:\Windows\SysWow64\CmiFltr.dll
2010-09-30 04:30:40 315392 ----a-w- C:\Windows\system\CmiFltr.dll
2010-09-29 10:00:57 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 04:16:38 -------- d-----w- C:\Windows\SysWow64\BestPractices
2010-09-29 04:16:33 -------- d-----w- C:\Windows\System32\BestPractices
2010-09-29 04:16:29 -------- d-----w- C:\inetpub
2010-09-28 22:53:33 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-28 22:53:33 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-28 22:53:30 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-28 22:53:30 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
==================== Find3M ====================
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-30 04:34:53 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-09-30 04:34:51 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-09-30 04:34:51 111616 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-09-30 04:34:51 102400 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-09-30 04:26:23 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2010-09-26 05:54:01 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2010-09-26 05:54:01 338432 ------w- C:\Windows\SysWow64\REX Shared Library.dll
2010-09-23 07:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 07:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 21:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 21:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-26 03:37:26 7767040 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-08-26 02:14:12 20736000 ----a-w- C:\Windows\System32\atio6axx.dll
2010-08-26 02:01:14 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-08-26 02:01:04 528384 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-08-26 02:00:02 616960 ----a-w- C:\Windows\System32\aticfx64.dll
2010-08-26 01:57:58 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-08-26 01:57:50 462336 ----a-w- C:\Windows\System32\atieclxx.exe
2010-08-26 01:57:14 203264 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-08-26 01:56:06 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-08-26 01:55:50 421376 ----a-w- C:\Windows\System32\atipdl64.dll
2010-08-26 01:55:48 15830016 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-08-26 01:55:42 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-08-26 01:55:32 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-08-26 01:55:28 12288 ----a-w- C:\Windows\System32\atimuixx.dll
2010-08-26 01:55:22 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-08-26 01:55:18 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-08-26 01:52:22 3914240 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-08-26 01:43:28 4602880 ----a-w- C:\Windows\System32\atidxx64.dll
2010-08-26 01:34:38 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-08-26 01:34:36 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-08-26 01:34:28 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-08-26 01:34:26 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-08-26 01:34:16 5425664 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-08-26 01:33:52 4032512 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-08-26 01:33:08 4375552 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-08-26 01:33:02 3147264 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-08-26 01:27:58 57344 ----a-w- C:\Windows\System32\coinst.dll
2010-08-26 01:27:54 5202944 ----a-w- C:\Windows\System32\atiumd64.dll
2010-08-26 01:25:58 3392000 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-08-26 01:21:24 338432 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-08-26 01:21:18 241664 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-08-26 01:21:08 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-08-26 01:21:06 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-08-26 01:21:06 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-08-26 01:21:02 21504 ----a-w- C:\Windows\System32\atig6txx.dll
2010-08-26 01:21:00 19968 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-08-26 01:20:56 279040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-08-26 01:20:14 39424 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-08-26 01:20:08 30208 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-08-26 01:20:04 37376 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-08-26 01:19:56 28160 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-08-26 01:19:28 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-08-26 01:13:22 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-08-26 01:13:22 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-08-26 01:13:16 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-08-26 01:13:16 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-07-31 01:35:50 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2005-03-22 12:49:14 287232 ----a-w- C:\Program Files (x86)\Adobelmsvc Installer.dll
2005-03-22 10:48:16 2142208 ----a-w- C:\Program Files (x86)\PSArt.dll
2005-03-22 10:48:14 1748992 ----a-w- C:\Program Files (x86)\PSViews.dll
2005-03-22 10:48:14 1323008 ----a-w- C:\Program Files (x86)\Photoshop.dll
2005-03-22 10:43:50 1144622 ----a-w- C:\Program Files (x86)\Tw10122.dat
2005-03-22 10:41:12 19980288 ----a-w- C:\Program Files (x86)\ImageReady.exe
2005-03-22 10:13:04 41984 ----a-w- C:\Program Files (x86)\Plugin.dll
2005-03-17 01:57:34 61440 ----a-w- C:\Program Files (x86)\regsresen_US.dll
2005-03-13 20:10:58 4096000 ----a-w- C:\Program Files (x86)\PDFL70.dll
2005-03-13 19:01:44 1805824 ----a-w- C:\Program Files (x86)\AGM.dll
2005-03-11 03:31:36 3715072 ----a-w- C:\Program Files (x86)\MPS.dll
2005-03-10 00:59:30 1560169 ----a-w- C:\Program Files (x86)\AdobeLM.dll
============= FINISH: 11:03:50.01 ===============