BlackRamza
2010-12-20, 20:09
Yesterday I ran Spybot for a full scan and it came up with several cases of malware (or spyware? I'm new at this), it was able to fix most of them but one: Fraud.Sysguard.
I just ran another full scan to paste in this thread and now it shows 2 new cases, I don't know if it's related or not, but I'm pretty sure I haven't entered questionable sites or anything since yesterday.
Anyhow, I hope you can help me.
I haven't clicked "Fix" in the spybot yet so I don't... spoil the evidence, should I?
Thx in advance
------------------------------------------------------
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Ramza at 2:36:38.22 on 20/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.52.3082.18.3956.2126 [GMT -6:00]
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Winstep\WsxService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ramza\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://samsung.msn.com
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {2cfd5155-2cc2-6214-0f98-1b884bd77834} - C:\Windows\SysWow64\KBDMAORRI.DLL
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {76755d75-6863-547f-3a06-1b1c1366367f} - C:\Windows\SysWow64\dxdiagnn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [NeXuS] C:\Program Files (x86)\Winstep\Nexus.exe autostart
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Ramza\AppData\Roaming\Mozilla\Firefox\Profiles\j3chrtpv.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=es&q=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1201000.025\symds64.sys [2010-11-22 450096]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1201000.025\symefa64.sys [2010-11-22 821808]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-22 953904]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101215.001\IDSviA64.sys [2010-12-16 476792]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2010-9-7 13824]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1201000.025\ironx64.sys [2010-11-22 168496]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys [2010-11-22 381488]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccsvchst.exe [2010-11-22 126904]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-7 2320920]
R2 Winstep Xtreme Service;Winstep Xtreme Service;C:\Program Files (x86)\Winstep\WsxService --> C:\Program Files (x86)\Winstep\WsxService [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-11-22 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-11-22 39464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-22 132656]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-9-8 111616]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-8 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-9-8 86120]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-7-8 401696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-22 61288]
S3 fsssvc;Servicio de Windows Live Protección infantil;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-8 158976]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2010-11-22 166704]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-22 1255736]
=============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-12-20 08:19:50 -------- d-----w- C:\Users\Ramza\AppData\Roaming\Malwarebytes
2010-12-20 08:18:49 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 08:18:48 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-20 08:18:45 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-20 08:18:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-16 00:10:56 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2010-12-14 22:59:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-12-14 22:59:55 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-12-08 01:14:41 -------- d-----w- C:\Program Files (x86)\StarCraft II
2010-12-08 01:14:41 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2010-12-08 01:14:41 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
2010-12-07 02:02:59 -------- d-----w- C:\Program Files (x86)\VideoLAN
2010-12-06 20:52:38 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2010-12-06 02:51:16 -------- d-----w- C:\Users\Ramza\AppData\Local\Microsoft Help
2010-12-06 02:49:54 -------- d-----w- C:\Windows\SysWow64\1056
2010-12-06 02:49:15 -------- d-----w- C:\Windows\SysWow64\2048
2010-12-01 22:54:32 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2010-12-01 06:01:46 798208 ----a-w- C:\Windows\SysWow64\NextControls.ocx
2010-12-01 06:01:46 608448 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2010-12-01 06:01:46 1347344 ----a-w- C:\Windows\SysWow64\msvbvm50.dll
2010-12-01 06:01:46 -------- d-----w- C:\Program Files (x86)\Winstep
2010-11-29 04:24:04 -------- d-----w- C:\Users\Ramza\AppData\Local\ElevatedDiagnostics
2010-11-28 21:14:05 -------- d-----w- C:\Program Files (x86)\LucasArts
2010-11-28 21:13:26 -------- d-----w- C:\Users\Ramza\AppData\Roaming\Xfire
2010-11-28 21:13:25 -------- d-s---w- C:\Program Files (x86)\Xfire
2010-11-28 21:11:31 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2010-11-28 21:11:31 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2010-11-28 21:11:31 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2010-11-28 21:11:31 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-11-28 21:11:31 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2010-11-28 21:11:31 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2010-11-28 21:11:25 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2010-11-28 21:11:25 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-11-27 22:15:59 -------- d-----w- C:\Program Files (x86)\JDownloader
2010-11-25 03:21:15 -------- d-----w- C:\Users\Ramza\AppData\Local\Ares
2010-11-25 01:20:45 40960 ----a-r- C:\Users\Ramza\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-11-25 01:20:45 40960 ----a-r- C:\Users\Ramza\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-11-25 01:20:44 -------- d-----w- C:\Program Files (x86)\Project64 1.6
2010-11-24 21:13:50 -------- d-----w- C:\Users\Ramza\AppData\Local\FalloutNV
2010-11-24 20:50:42 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2010-11-24 20:46:07 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys
2010-11-24 20:45:30 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2010-11-24 20:44:51 -------- d-----w- C:\Users\Ramza\AppData\Roaming\DAEMON Tools Lite
2010-11-24 20:44:48 -------- d-----w- C:\PROGRA~3\DAEMON Tools Lite
2010-11-24 06:15:55 -------- d-----w- C:\RECYCLED
2010-11-24 06:15:53 -------- d-----w- C:\Users\Ramza\AppData\Roaming\ZipX
2010-11-24 06:15:50 -------- d-----w- C:\Program Files (x86)\ZipX
2010-11-23 23:11:44 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2010-11-23 21:56:36 169320 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10135.bin
2010-11-23 21:31:44 -------- d-----w- C:\Users\Ramza\AppData\Local\Diagnostics
2010-11-23 21:23:47 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-23 21:23:47 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-23 21:12:24 -------- d-----w- C:\Users\Ramza\AppData\Roaming\Greyfirst
2010-11-23 21:12:24 -------- d-----w- C:\Users\Ramza\AppData\Local\Greyfirst
2010-11-23 21:10:16 -------- d-----w- C:\Program Files (x86)\Celtx
2010-11-23 08:03:57 -------- d-----w- C:\Program Files (x86)\PCSX2 0.9.7
2010-11-23 08:02:15 -------- d-----w- C:\Users\Ramza\AppData\Roaming\Tific
2010-11-23 08:02:14 -------- d-----w- C:\Users\Ramza\AppData\Local\Symantec
2010-11-23 07:45:08 -------- d-----w- C:\Users\Ramza\AppData\Local\PCSX2
2010-11-23 07:33:19 -------- d-----w- C:\Windows\SysWow64\directx
2010-11-23 07:11:57 -------- d-----w- C:\Program Files (x86)\Pcsx2
2010-11-23 06:50:25 -------- d-----w- C:\PROGRA~3\PopCap Games
2010-11-23 06:24:13 225280 ----a-w- C:\Windows\SysWow64\rewire.dll
2010-11-23 06:24:01 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2010-11-23 06:23:51 -------- d-----w- C:\Program Files (x86)\VstPlugins
2010-11-23 06:23:49 -------- d-----w- C:\Program Files (x86)\Outsim
2010-11-23 06:22:13 -------- d-----w- C:\Program Files (x86)\Image-Line
2010-11-23 06:13:54 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-11-23 06:12:02 -------- d-----w- C:\Users\Ramza\AppData\Local\Google
2010-11-23 06:08:38 -------- d-----w- C:\Windows\SysWow64\spool
2010-11-23 06:03:20 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2010-11-23 01:35:40 -------- d-----w- C:\Users\Ramza\AppData\Roaming\WildTangent
2010-11-22 23:50:44 -------- d-----w- C:\Users\Ramza\AppData\Local\CrashDumps
2010-11-22 20:29:26 -------- d-----w- C:\Windows\SysWow64\Wat
2010-11-22 20:29:26 -------- d-----w- C:\Windows\System32\Wat
2010-11-22 20:22:29 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-11-22 20:22:29 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-11-22 20:22:29 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-11-22 20:22:29 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-11-22 20:22:29 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-11-22 20:22:29 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-11-22 20:22:29 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-11-22 20:22:29 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-11-22 20:22:29 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-11-22 20:22:29 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-11-22 20:17:23 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-11-22 20:17:23 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-11-22 19:57:48 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2010-11-22 18:00:22 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-11-22 18:00:22 -------- d-----w- C:\Program Files\Symantec
2010-11-22 18:00:22 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-11-22 17:59:58 -------- d-----w- C:\Users\Ramza\AppData\Local\SRS Labs
2010-11-22 17:59:57 -------- d-----w- C:\Users\Ramza\AppData\Local\Power2Go
2010-11-22 17:51:50 61288 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-11-22 17:51:11 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2010-11-22 17:51:11 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2010-11-22 17:50:59 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-11-22 17:50:19 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2010-11-22 17:49:55 -------- d-----w- C:\Windows\PCHEALTH
2010-11-22 17:49:42 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a491feea1cb8a6d\DSETUP.dll
2010-11-22 17:49:42 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a491feea1cb8a6d\DXSETUP.exe
2010-11-22 17:49:42 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a491feea1cb8a6d\dsetup32.dll
2010-11-22 17:49:11 142856016 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcFA16.tmp
2010-11-22 17:49:05 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2010-11-22 17:47:57 33792 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\spd__pc.dll
2010-11-22 17:46:55 -------- d-----w- C:\Users\Ramza\AppData\Local\Adobe
2010-11-22 17:45:58 -------- d-----w- C:\Program Files\Elantech
2010-11-22 17:45:49 -------- d-----w- C:\Users\Ramza\AppData\Local\Broadcom
2010-11-22 17:43:35 -------- d-----w- C:\Users\Ramza\AppData\Local\VirtualStore
2010-11-22 17:43:18 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2010-11-22 17:43:18 344616 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2010-11-22 17:43:18 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2010-11-22 17:43:18 135720 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2010-11-22 17:43:18 102952 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2010-11-22 17:41:05 -------- d-----w- C:\Program Files\WIDCOMM
2010-11-22 17:39:41 821808 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\symefa64.sys
2010-11-22 17:39:41 450096 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\symds64.sys
2010-11-22 17:39:41 381488 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys
2010-11-22 17:39:40 715824 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\srtsp64.sys
2010-11-22 17:39:40 40496 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\srtspx64.sys
2010-11-22 17:39:40 168496 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\ironx64.sys
2010-11-22 17:39:29 -------- d-----w- C:\Windows\System32\drivers\NISx64\1201000.025
2010-11-22 17:39:01 -------- d-sh--w- C:\Recovery
2010-11-22 17:23:59 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-11-22 17:13:54 15256 ----a-w- C:\Users\Ramza\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2010-11-22 07:11:14 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-11-22 07:10:35 -------- d-----w- C:\Users\Ramza\AppData\Roaming\uTorrent
2010-11-22 06:19:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-22 06:19:15 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-22 06:15:40 -------- d-----w- C:\Users\Ramza\AppData\Roaming\.minecraft
2010-11-22 05:05:27 -------- d-----w- C:\Users\Ramza\Tracing
2010-11-22 05:04:02 -------- d-----w- C:\Users\Ramza\AppData\Local\Mozilla
==================== Find3M ====================
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
============= FINISH: 2:38:21.21 ===============
I can't seem to send the spybot log in this same post, I'll send it and whatever else you need me to, in the next reply.
I just ran another full scan to paste in this thread and now it shows 2 new cases, I don't know if it's related or not, but I'm pretty sure I haven't entered questionable sites or anything since yesterday.
Anyhow, I hope you can help me.
I haven't clicked "Fix" in the spybot yet so I don't... spoil the evidence, should I?
Thx in advance
------------------------------------------------------
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Ramza at 2:36:38.22 on 20/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.52.3082.18.3956.2126 [GMT -6:00]
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Winstep\WsxService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ramza\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://samsung.msn.com
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {2cfd5155-2cc2-6214-0f98-1b884bd77834} - C:\Windows\SysWow64\KBDMAORRI.DLL
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {76755d75-6863-547f-3a06-1b1c1366367f} - C:\Windows\SysWow64\dxdiagnn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [NeXuS] C:\Program Files (x86)\Winstep\Nexus.exe autostart
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Ramza\AppData\Roaming\Mozilla\Firefox\Profiles\j3chrtpv.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=es&q=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1201000.025\symds64.sys [2010-11-22 450096]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1201000.025\symefa64.sys [2010-11-22 821808]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-22 953904]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101215.001\IDSviA64.sys [2010-12-16 476792]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2010-9-7 13824]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1201000.025\ironx64.sys [2010-11-22 168496]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys [2010-11-22 381488]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccsvchst.exe [2010-11-22 126904]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-7 2320920]
R2 Winstep Xtreme Service;Winstep Xtreme Service;C:\Program Files (x86)\Winstep\WsxService --> C:\Program Files (x86)\Winstep\WsxService [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-11-22 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-11-22 39464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-22 132656]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-9-8 111616]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-8 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-9-8 86120]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-7-8 401696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-22 61288]
S3 fsssvc;Servicio de Windows Live Protección infantil;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-8 158976]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2010-11-22 166704]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-22 1255736]
=============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-12-20 08:19:50 -------- d-----w- C:\Users\Ramza\AppData\Roaming\Malwarebytes
2010-12-20 08:18:49 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 08:18:48 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-20 08:18:45 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-20 08:18:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-16 00:10:56 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2010-12-14 22:59:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-12-14 22:59:55 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-12-08 01:14:41 -------- d-----w- C:\Program Files (x86)\StarCraft II
2010-12-08 01:14:41 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2010-12-08 01:14:41 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
2010-12-07 02:02:59 -------- d-----w- C:\Program Files (x86)\VideoLAN
2010-12-06 20:52:38 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2010-12-06 02:51:16 -------- d-----w- C:\Users\Ramza\AppData\Local\Microsoft Help
2010-12-06 02:49:54 -------- d-----w- C:\Windows\SysWow64\1056
2010-12-06 02:49:15 -------- d-----w- C:\Windows\SysWow64\2048
2010-12-01 22:54:32 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2010-12-01 06:01:46 798208 ----a-w- C:\Windows\SysWow64\NextControls.ocx
2010-12-01 06:01:46 608448 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2010-12-01 06:01:46 1347344 ----a-w- C:\Windows\SysWow64\msvbvm50.dll
2010-12-01 06:01:46 -------- d-----w- C:\Program Files (x86)\Winstep
2010-11-29 04:24:04 -------- d-----w- C:\Users\Ramza\AppData\Local\ElevatedDiagnostics
2010-11-28 21:14:05 -------- d-----w- C:\Program Files (x86)\LucasArts
2010-11-28 21:13:26 -------- d-----w- C:\Users\Ramza\AppData\Roaming\Xfire
2010-11-28 21:13:25 -------- d-s---w- C:\Program Files (x86)\Xfire
2010-11-28 21:11:31 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2010-11-28 21:11:31 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2010-11-28 21:11:31 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2010-11-28 21:11:31 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-11-28 21:11:31 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2010-11-28 21:11:31 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2010-11-28 21:11:25 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2010-11-28 21:11:25 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-11-27 22:15:59 -------- d-----w- C:\Program Files (x86)\JDownloader
2010-11-25 03:21:15 -------- d-----w- C:\Users\Ramza\AppData\Local\Ares
2010-11-25 01:20:45 40960 ----a-r- C:\Users\Ramza\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-11-25 01:20:45 40960 ----a-r- C:\Users\Ramza\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-11-25 01:20:44 -------- d-----w- C:\Program Files (x86)\Project64 1.6
2010-11-24 21:13:50 -------- d-----w- C:\Users\Ramza\AppData\Local\FalloutNV
2010-11-24 20:50:42 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2010-11-24 20:46:07 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys
2010-11-24 20:45:30 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2010-11-24 20:44:51 -------- d-----w- C:\Users\Ramza\AppData\Roaming\DAEMON Tools Lite
2010-11-24 20:44:48 -------- d-----w- C:\PROGRA~3\DAEMON Tools Lite
2010-11-24 06:15:55 -------- d-----w- C:\RECYCLED
2010-11-24 06:15:53 -------- d-----w- C:\Users\Ramza\AppData\Roaming\ZipX
2010-11-24 06:15:50 -------- d-----w- C:\Program Files (x86)\ZipX
2010-11-23 23:11:44 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2010-11-23 21:56:36 169320 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10135.bin
2010-11-23 21:31:44 -------- d-----w- C:\Users\Ramza\AppData\Local\Diagnostics
2010-11-23 21:23:47 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-23 21:23:47 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-23 21:12:24 -------- d-----w- C:\Users\Ramza\AppData\Roaming\Greyfirst
2010-11-23 21:12:24 -------- d-----w- C:\Users\Ramza\AppData\Local\Greyfirst
2010-11-23 21:10:16 -------- d-----w- C:\Program Files (x86)\Celtx
2010-11-23 08:03:57 -------- d-----w- C:\Program Files (x86)\PCSX2 0.9.7
2010-11-23 08:02:15 -------- d-----w- C:\Users\Ramza\AppData\Roaming\Tific
2010-11-23 08:02:14 -------- d-----w- C:\Users\Ramza\AppData\Local\Symantec
2010-11-23 07:45:08 -------- d-----w- C:\Users\Ramza\AppData\Local\PCSX2
2010-11-23 07:33:19 -------- d-----w- C:\Windows\SysWow64\directx
2010-11-23 07:11:57 -------- d-----w- C:\Program Files (x86)\Pcsx2
2010-11-23 06:50:25 -------- d-----w- C:\PROGRA~3\PopCap Games
2010-11-23 06:24:13 225280 ----a-w- C:\Windows\SysWow64\rewire.dll
2010-11-23 06:24:01 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2010-11-23 06:23:51 -------- d-----w- C:\Program Files (x86)\VstPlugins
2010-11-23 06:23:49 -------- d-----w- C:\Program Files (x86)\Outsim
2010-11-23 06:22:13 -------- d-----w- C:\Program Files (x86)\Image-Line
2010-11-23 06:13:54 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-11-23 06:12:02 -------- d-----w- C:\Users\Ramza\AppData\Local\Google
2010-11-23 06:08:38 -------- d-----w- C:\Windows\SysWow64\spool
2010-11-23 06:03:20 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2010-11-23 01:35:40 -------- d-----w- C:\Users\Ramza\AppData\Roaming\WildTangent
2010-11-22 23:50:44 -------- d-----w- C:\Users\Ramza\AppData\Local\CrashDumps
2010-11-22 20:29:26 -------- d-----w- C:\Windows\SysWow64\Wat
2010-11-22 20:29:26 -------- d-----w- C:\Windows\System32\Wat
2010-11-22 20:22:29 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-11-22 20:22:29 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-11-22 20:22:29 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-11-22 20:22:29 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-11-22 20:22:29 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-11-22 20:22:29 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-11-22 20:22:29 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-11-22 20:22:29 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-11-22 20:22:29 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-11-22 20:22:29 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-11-22 20:17:23 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-11-22 20:17:23 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-11-22 19:57:48 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2010-11-22 18:00:22 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-11-22 18:00:22 -------- d-----w- C:\Program Files\Symantec
2010-11-22 18:00:22 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-11-22 17:59:58 -------- d-----w- C:\Users\Ramza\AppData\Local\SRS Labs
2010-11-22 17:59:57 -------- d-----w- C:\Users\Ramza\AppData\Local\Power2Go
2010-11-22 17:51:50 61288 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-11-22 17:51:11 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2010-11-22 17:51:11 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2010-11-22 17:50:59 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-11-22 17:50:19 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2010-11-22 17:49:55 -------- d-----w- C:\Windows\PCHEALTH
2010-11-22 17:49:42 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a491feea1cb8a6d\DSETUP.dll
2010-11-22 17:49:42 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a491feea1cb8a6d\DXSETUP.exe
2010-11-22 17:49:42 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a491feea1cb8a6d\dsetup32.dll
2010-11-22 17:49:11 142856016 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcFA16.tmp
2010-11-22 17:49:05 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2010-11-22 17:47:57 33792 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\spd__pc.dll
2010-11-22 17:46:55 -------- d-----w- C:\Users\Ramza\AppData\Local\Adobe
2010-11-22 17:45:58 -------- d-----w- C:\Program Files\Elantech
2010-11-22 17:45:49 -------- d-----w- C:\Users\Ramza\AppData\Local\Broadcom
2010-11-22 17:43:35 -------- d-----w- C:\Users\Ramza\AppData\Local\VirtualStore
2010-11-22 17:43:18 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2010-11-22 17:43:18 344616 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2010-11-22 17:43:18 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2010-11-22 17:43:18 135720 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2010-11-22 17:43:18 102952 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2010-11-22 17:41:05 -------- d-----w- C:\Program Files\WIDCOMM
2010-11-22 17:39:41 821808 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\symefa64.sys
2010-11-22 17:39:41 450096 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\symds64.sys
2010-11-22 17:39:41 381488 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys
2010-11-22 17:39:40 715824 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\srtsp64.sys
2010-11-22 17:39:40 40496 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\srtspx64.sys
2010-11-22 17:39:40 168496 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\ironx64.sys
2010-11-22 17:39:29 -------- d-----w- C:\Windows\System32\drivers\NISx64\1201000.025
2010-11-22 17:39:01 -------- d-sh--w- C:\Recovery
2010-11-22 17:23:59 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-11-22 17:13:54 15256 ----a-w- C:\Users\Ramza\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2010-11-22 07:11:14 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-11-22 07:10:35 -------- d-----w- C:\Users\Ramza\AppData\Roaming\uTorrent
2010-11-22 06:19:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-22 06:19:15 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-22 06:15:40 -------- d-----w- C:\Users\Ramza\AppData\Roaming\.minecraft
2010-11-22 05:05:27 -------- d-----w- C:\Users\Ramza\Tracing
2010-11-22 05:04:02 -------- d-----w- C:\Users\Ramza\AppData\Local\Mozilla
==================== Find3M ====================
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
============= FINISH: 2:38:21.21 ===============
I can't seem to send the spybot log in this same post, I'll send it and whatever else you need me to, in the next reply.