Octarin
2011-01-31, 17:56
Hi, I was infected with a trojan that forefront managed to clean, and I'm running SnD several times in order to clean up some other issues that pop up but even though it says it fixes them, the same issues appear again the next time I run SnD. These are them:
Win32.FraudLoad.edt: [SBI $8454102F] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2892782065-912110638-3787730535-1000\Software\NtWqIVLZEWZU
Win32.Palevo: [SBI $7F17E86A] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2892782065-912110638-3787730535-1000\Software\CE8SIIFGSU
Right Media: Tracking cookie (Internet Explorer: Maria) (Cookie, nothing done)
WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-01-26 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-01-25 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2011-01-25 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-01-18 Includes\Spyware.sbi (*)
2011-01-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-01-25 Includes\TrojansC-02.sbi (*)
2011-01-13 Includes\TrojansC-03.sbi (*)
2011-01-25 Includes\TrojansC-04.sbi (*)
2011-01-25 Includes\TrojansC-05.sbi (*)
2010-12-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
I am including the DDS file and the attach zip as per instructions. Please help, I've got an IE that pops up ads every five minutes even though I am not using it at all... Also, I have Avira and it's working most substandardly, and I just installed Forefront, and a funny thing happens, forefront pops up a "changes to settings" alert saying that the avira application registration is scheduled, which isn't cause i've already have it paid for and its renew time in 9/2011, and a little bit after that I get the IE popping up ads everywhere. I am tempted to unistall Avira, but I will wait until I hear from you. Please, I use this computer for my job, it is imperative that all the passwords and files are safe... I cannot risk doing anything until I get rid of those things :(
Oh, I forgot also, something also makes my cursor go haywire, it moves wherever it wishes, and there is considerable lag during that as well.
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Maria at 18:36:28,20 on ƒœ¬ 31/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1253.30.1033.18.8191.5514 [GMT 2:00]
AV: Microsoft Forefront Client Security *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Forefront Client Security *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Rgosua.exe
C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\mrt.exe
C:\Windows\system32\mrt.exe
C:\Users\Maria\AppData\Local\Temp\Rnm.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Maria\AppData\Local\Temp\Rnl.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Maria\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - C:\Program Files (x86)\PicLensIE\cooliris.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Maria\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [CE8SIIFGSU] C:\Users\Maria\AppData\Local\Temp\Rnl.exe
uRunOnce: [SpybotDeletingD5497] cmd.exe /c del "C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [LayoutM] KLayMgr.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRunOnce: [SpybotDeletingA2597] command.com /c del "C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job"
mRunOnce: [SpybotDeletingC8819] cmd.exe /c del "C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job"
StartupFolder: C:\Users\Maria\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
StartupFolder: C:\Users\Maria\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - C:\Program Files (x86)\PicLensIE\cooliris.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://affiliates.piclens.com/shared/plinstll.cab
mRun-x64: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [Microsoft Forefront Client Security Antimalware Service] "C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\0a5ttuft.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Maria\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-1-21 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-1-21 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-1-21 83120]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [2010-7-20 16384]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [2007-4-5 77216]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
R3 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-1-31 91520]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-22 155752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-21 1255736]
=============== Created Last 30 ================
2011-01-31 14:26:39 -------- d-----w- C:\Program Files (x86)\Microsoft Forefront
2011-01-31 14:23:43 3488136 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-31 14:23:38 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{51210F02-4215-474F-8376-86B629B02C2C}\mpengine.dll
2011-01-31 14:22:25 91520 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2011-01-31 14:04:51 -------- d-----w- C:\Users\Maria\.thumbnails
2011-01-31 13:24:21 -------- d-----w- C:\Program Files\Microsoft Forefront
2011-01-31 12:14:35 251904 ----a-w- C:\Windows\Rgosua.exe
2011-01-31 09:29:08 -------- d-----w- C:\Users\Maria\AppData\Roaming\SimfaticForms
2011-01-31 09:28:54 -------- d-----w- C:\Program Files (x86)\Simfatic Solutions
2011-01-30 18:05:41 -------- d-----w- C:\Users\Maria\AppData\Local\CCP
2011-01-30 14:23:31 -------- d-----w- C:\PROGRA~3\CCP
2011-01-28 11:04:27 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-01-28 10:08:22 -------- d-----w- C:\Users\Maria\AppData\Local\Microsoft Help
2011-01-28 10:04:18 -------- d-----w- C:\Windows\System32\appmgmt
2011-01-28 06:49:58 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{95726591-3F3D-445B-945F-46B861F3EE7F}\mpengine.dll
2011-01-27 09:06:50 -------- d-----w- C:\Users\Maria\AppData\Roaming\OpenOffice.org
2011-01-27 09:06:09 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-01-27 08:55:44 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-01-27 08:55:26 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-01-26 22:32:34 -------- d-----w- C:\Users\Maria\AppData\Local\Cooliris
2011-01-26 22:13:28 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-01-26 22:12:18 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-26 22:12:18 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-26 15:03:23 -------- d-----w- C:\Users\Maria\AppData\Roaming\CoreFTP
2011-01-26 14:44:08 -------- d-----w- C:\Users\Maria\AppData\Local\ElevatedDiagnostics
2011-01-26 14:08:10 -------- d-----w- C:\Users\Maria\.gimp-2.6
2011-01-26 13:44:12 -------- d-----w- C:\Users\Maria\AppData\Roaming\AVSMedia
2011-01-26 13:44:11 -------- d-----w- C:\PROGRA~3\AVS4YOU
2011-01-26 12:21:08 -------- d-----w- C:\Users\Maria\AppData\Roaming\Digsby
2011-01-26 12:21:08 -------- d-----w- C:\Users\Maria\AppData\Local\Digsby
2011-01-26 12:21:08 -------- d-----w- C:\PROGRA~3\Digsby
2011-01-26 12:20:39 -------- d-----w- C:\Program Files (x86)\Digsby
2011-01-26 12:11:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-01-26 12:11:40 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-01-26 12:02:45 -------- d-----w- C:\Users\Maria\AppData\Local\Google
2011-01-26 11:54:11 -------- d-----w- C:\Windows\el-GR
2011-01-26 11:54:06 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2011-01-26 11:54:06 -------- d-----w- C:\Windows\SysWow64\wbem\el-GR
2011-01-26 11:54:06 -------- d-----w- C:\Windows\SysWow64\el
2011-01-26 11:54:06 -------- d-----w- C:\Windows\SysWow64\drivers\el-GR
2011-01-26 11:54:02 -------- d-----w- C:\Windows\System32\el
2011-01-26 11:54:01 -------- d-----w- C:\Windows\System32\drivers\UMDF\el-GR
2011-01-26 11:54:01 -------- d-----w- C:\Windows\System32\drivers\el-GR
2011-01-26 11:54:00 -------- d-----w- C:\Windows\System32\wbem\el-GR
2011-01-26 11:51:59 74752 ----a-w- C:\Windows\System32\drivers\el-GR\ntfs.sys.mui
2011-01-26 10:37:51 -------- d-----w- C:\Users\Maria\AppData\Local\Electronic Arts
2011-01-26 09:56:07 190992 ----a-w- C:\Windows\System32\BtCoreIf.dll
2011-01-26 09:48:11 1847296 ----a-w- C:\Windows\System32\athurx.sys
2011-01-26 09:48:11 -------- d-----w- C:\Windows\Options
2011-01-26 09:47:49 -------- d-----w- C:\PROGRA~3\TP-LINK
2011-01-25 23:06:04 -------- d-----w- C:\PROGRA~3\Electronic Arts
2011-01-25 22:10:28 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2011-01-25 22:02:51 -------- d-----w- C:\Users\Maria\AppData\Local\Microsoft Games
2011-01-25 21:23:14 96272 ----a-w- C:\Windows\System32\KemXML.dll
2011-01-25 21:23:14 235536 ----a-w- C:\Windows\System32\KemUtil.dll
2011-01-25 21:23:14 235536 ----a-w- C:\Windows\System32\kemutb.dll
2011-01-25 21:23:14 159248 ----a-w- C:\Windows\System32\KemWnd.dll
2011-01-25 21:22:53 -------- d-----w- C:\Program Files\Common Files\Logitech
2011-01-25 21:03:02 108336 ----a-r- C:\Windows\SysWow64\MSWINSCK.OCX
2011-01-25 21:03:01 1071088 ----a-r- C:\Windows\SysWow64\MSCOMCTL.OCX
2011-01-25 20:58:04 -------- d-----w- C:\Users\Maria\AppData\Local\Diagnostics
2011-01-22 13:57:22 -------- d-----w- C:\Windows\SysWow64\directx
2011-01-22 13:36:06 -------- d-----w- C:\Users\Maria\AppData\Local\PassMark
2011-01-22 13:35:59 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2011-01-22 13:35:59 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2011-01-22 13:35:59 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2011-01-22 13:35:51 -------- d-----w- C:\PROGRA~3\Passmark
2011-01-22 13:35:50 -------- d-----w- C:\Program Files\PerformanceTest
2011-01-22 11:35:09 151552 ----a-w- C:\Windows\SysWow64\nvRegDev.dll
2011-01-22 11:34:59 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-01-22 11:34:59 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-01-22 11:34:59 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-01-22 11:34:59 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-01-22 11:34:59 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-01-22 11:34:59 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-01-22 11:34:58 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-01-22 11:20:35 -------- d-----w- C:\Program Files (x86)\PicLensIE
2011-01-21 16:45:29 -------- d-----w- C:\Program Files\CCleaner
2011-01-21 16:25:21 48648 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-01-21 15:25:00 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-01-21 15:24:47 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-01-21 15:24:45 -------- d-----w- C:\Windows\PCHEALTH
2011-01-21 15:17:14 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-01-21 15:13:26 -------- d-----w- C:\Users\Maria\AppData\Roaming\Avira
2011-01-21 10:47:57 -------- d-----w- C:\Windows\SysWow64\Wat
2011-01-21 10:47:57 -------- d-----w- C:\Windows\System32\Wat
2011-01-21 10:42:11 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-01-21 10:42:11 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-01-21 10:37:48 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-01-21 10:37:48 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-01-21 10:37:48 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-01-21 10:37:48 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-01-21 10:37:48 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-01-21 10:37:48 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-01-21 10:37:48 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-01-21 10:37:48 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-01-21 10:37:48 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-01-21 10:37:48 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-01-21 10:37:34 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-01-21 10:33:28 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-01-21 10:30:25 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-01-21 10:20:47 -------- d-----w- C:\Users\Maria\AppData\Local\Hewlett-Packard
2011-01-21 10:05:42 -------- d-----w- C:\Users\Maria\AppData\Roaming\hpqLog
2011-01-21 10:05:33 -------- d-----w- C:\PROGRA~3\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2011-01-21 10:04:57 -------- d--h--w- C:\system.sav
2011-01-21 10:04:45 -------- d-----w- C:\Users\Maria\AppData\Local\Adobe
2011-01-21 10:04:44 -------- d-----w- C:\Users\Maria\AppData\Roaming\WinBatch
2011-01-21 09:47:54 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-01-21 09:47:54 -------- d-----w- C:\Program Files (x86)\Avira
2011-01-21 09:47:54 -------- d-----w- C:\PROGRA~3\Avira
2011-01-21 06:51:45 -------- d-----w- C:\Windows\Panther
2011-01-20 21:17:34 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-20 21:02:55 255592 ----a-w- C:\Windows\System32\nvcohda6.dll
2011-01-20 21:02:54 -------- d-----w- C:\NVIDIA
2011-01-20 21:01:55 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-01-20 21:00:21 -------- d-sh--w- C:\Windows\Installer
2011-01-20 21:00:21 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2011-01-20 21:00:19 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-01-20 20:58:33 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-01-20 20:58:33 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-01-20 20:58:32 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-01-20 20:58:32 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-01-07 18:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-01-07 18:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
2011-01-07 18:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-01-07 18:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-01-07 18:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
==================== Find3M ====================
2010-12-02 09:12:08 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
2010-11-11 23:10:56 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2010-11-11 23:10:49 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
============= FINISH: 18:37:09,72 ===============
Win32.FraudLoad.edt: [SBI $8454102F] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2892782065-912110638-3787730535-1000\Software\NtWqIVLZEWZU
Win32.Palevo: [SBI $7F17E86A] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2892782065-912110638-3787730535-1000\Software\CE8SIIFGSU
Right Media: Tracking cookie (Internet Explorer: Maria) (Cookie, nothing done)
WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-01-26 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-01-25 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2011-01-25 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-01-18 Includes\Spyware.sbi (*)
2011-01-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-01-25 Includes\TrojansC-02.sbi (*)
2011-01-13 Includes\TrojansC-03.sbi (*)
2011-01-25 Includes\TrojansC-04.sbi (*)
2011-01-25 Includes\TrojansC-05.sbi (*)
2010-12-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
I am including the DDS file and the attach zip as per instructions. Please help, I've got an IE that pops up ads every five minutes even though I am not using it at all... Also, I have Avira and it's working most substandardly, and I just installed Forefront, and a funny thing happens, forefront pops up a "changes to settings" alert saying that the avira application registration is scheduled, which isn't cause i've already have it paid for and its renew time in 9/2011, and a little bit after that I get the IE popping up ads everywhere. I am tempted to unistall Avira, but I will wait until I hear from you. Please, I use this computer for my job, it is imperative that all the passwords and files are safe... I cannot risk doing anything until I get rid of those things :(
Oh, I forgot also, something also makes my cursor go haywire, it moves wherever it wishes, and there is considerable lag during that as well.
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Maria at 18:36:28,20 on ƒœ¬ 31/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1253.30.1033.18.8191.5514 [GMT 2:00]
AV: Microsoft Forefront Client Security *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Forefront Client Security *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Rgosua.exe
C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\mrt.exe
C:\Windows\system32\mrt.exe
C:\Users\Maria\AppData\Local\Temp\Rnm.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Maria\AppData\Local\Temp\Rnl.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Maria\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - C:\Program Files (x86)\PicLensIE\cooliris.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Maria\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [CE8SIIFGSU] C:\Users\Maria\AppData\Local\Temp\Rnl.exe
uRunOnce: [SpybotDeletingD5497] cmd.exe /c del "C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [LayoutM] KLayMgr.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRunOnce: [SpybotDeletingA2597] command.com /c del "C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job"
mRunOnce: [SpybotDeletingC8819] cmd.exe /c del "C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job"
StartupFolder: C:\Users\Maria\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
StartupFolder: C:\Users\Maria\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - C:\Program Files (x86)\PicLensIE\cooliris.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://affiliates.piclens.com/shared/plinstll.cab
mRun-x64: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [Microsoft Forefront Client Security Antimalware Service] "C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\0a5ttuft.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Maria\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-1-21 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-1-21 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-1-21 83120]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [2010-7-20 16384]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [2007-4-5 77216]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
R3 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-1-31 91520]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-22 155752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-21 1255736]
=============== Created Last 30 ================
2011-01-31 14:26:39 -------- d-----w- C:\Program Files (x86)\Microsoft Forefront
2011-01-31 14:23:43 3488136 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-31 14:23:38 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{51210F02-4215-474F-8376-86B629B02C2C}\mpengine.dll
2011-01-31 14:22:25 91520 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2011-01-31 14:04:51 -------- d-----w- C:\Users\Maria\.thumbnails
2011-01-31 13:24:21 -------- d-----w- C:\Program Files\Microsoft Forefront
2011-01-31 12:14:35 251904 ----a-w- C:\Windows\Rgosua.exe
2011-01-31 09:29:08 -------- d-----w- C:\Users\Maria\AppData\Roaming\SimfaticForms
2011-01-31 09:28:54 -------- d-----w- C:\Program Files (x86)\Simfatic Solutions
2011-01-30 18:05:41 -------- d-----w- C:\Users\Maria\AppData\Local\CCP
2011-01-30 14:23:31 -------- d-----w- C:\PROGRA~3\CCP
2011-01-28 11:04:27 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-01-28 10:08:22 -------- d-----w- C:\Users\Maria\AppData\Local\Microsoft Help
2011-01-28 10:04:18 -------- d-----w- C:\Windows\System32\appmgmt
2011-01-28 06:49:58 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{95726591-3F3D-445B-945F-46B861F3EE7F}\mpengine.dll
2011-01-27 09:06:50 -------- d-----w- C:\Users\Maria\AppData\Roaming\OpenOffice.org
2011-01-27 09:06:09 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-01-27 08:55:44 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-01-27 08:55:26 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-01-26 22:32:34 -------- d-----w- C:\Users\Maria\AppData\Local\Cooliris
2011-01-26 22:13:28 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-01-26 22:12:18 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-26 22:12:18 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-26 15:03:23 -------- d-----w- C:\Users\Maria\AppData\Roaming\CoreFTP
2011-01-26 14:44:08 -------- d-----w- C:\Users\Maria\AppData\Local\ElevatedDiagnostics
2011-01-26 14:08:10 -------- d-----w- C:\Users\Maria\.gimp-2.6
2011-01-26 13:44:12 -------- d-----w- C:\Users\Maria\AppData\Roaming\AVSMedia
2011-01-26 13:44:11 -------- d-----w- C:\PROGRA~3\AVS4YOU
2011-01-26 12:21:08 -------- d-----w- C:\Users\Maria\AppData\Roaming\Digsby
2011-01-26 12:21:08 -------- d-----w- C:\Users\Maria\AppData\Local\Digsby
2011-01-26 12:21:08 -------- d-----w- C:\PROGRA~3\Digsby
2011-01-26 12:20:39 -------- d-----w- C:\Program Files (x86)\Digsby
2011-01-26 12:11:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-01-26 12:11:40 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-01-26 12:02:45 -------- d-----w- C:\Users\Maria\AppData\Local\Google
2011-01-26 11:54:11 -------- d-----w- C:\Windows\el-GR
2011-01-26 11:54:06 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2011-01-26 11:54:06 -------- d-----w- C:\Windows\SysWow64\wbem\el-GR
2011-01-26 11:54:06 -------- d-----w- C:\Windows\SysWow64\el
2011-01-26 11:54:06 -------- d-----w- C:\Windows\SysWow64\drivers\el-GR
2011-01-26 11:54:02 -------- d-----w- C:\Windows\System32\el
2011-01-26 11:54:01 -------- d-----w- C:\Windows\System32\drivers\UMDF\el-GR
2011-01-26 11:54:01 -------- d-----w- C:\Windows\System32\drivers\el-GR
2011-01-26 11:54:00 -------- d-----w- C:\Windows\System32\wbem\el-GR
2011-01-26 11:51:59 74752 ----a-w- C:\Windows\System32\drivers\el-GR\ntfs.sys.mui
2011-01-26 10:37:51 -------- d-----w- C:\Users\Maria\AppData\Local\Electronic Arts
2011-01-26 09:56:07 190992 ----a-w- C:\Windows\System32\BtCoreIf.dll
2011-01-26 09:48:11 1847296 ----a-w- C:\Windows\System32\athurx.sys
2011-01-26 09:48:11 -------- d-----w- C:\Windows\Options
2011-01-26 09:47:49 -------- d-----w- C:\PROGRA~3\TP-LINK
2011-01-25 23:06:04 -------- d-----w- C:\PROGRA~3\Electronic Arts
2011-01-25 22:10:28 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2011-01-25 22:02:51 -------- d-----w- C:\Users\Maria\AppData\Local\Microsoft Games
2011-01-25 21:23:14 96272 ----a-w- C:\Windows\System32\KemXML.dll
2011-01-25 21:23:14 235536 ----a-w- C:\Windows\System32\KemUtil.dll
2011-01-25 21:23:14 235536 ----a-w- C:\Windows\System32\kemutb.dll
2011-01-25 21:23:14 159248 ----a-w- C:\Windows\System32\KemWnd.dll
2011-01-25 21:22:53 -------- d-----w- C:\Program Files\Common Files\Logitech
2011-01-25 21:03:02 108336 ----a-r- C:\Windows\SysWow64\MSWINSCK.OCX
2011-01-25 21:03:01 1071088 ----a-r- C:\Windows\SysWow64\MSCOMCTL.OCX
2011-01-25 20:58:04 -------- d-----w- C:\Users\Maria\AppData\Local\Diagnostics
2011-01-22 13:57:22 -------- d-----w- C:\Windows\SysWow64\directx
2011-01-22 13:36:06 -------- d-----w- C:\Users\Maria\AppData\Local\PassMark
2011-01-22 13:35:59 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2011-01-22 13:35:59 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2011-01-22 13:35:59 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2011-01-22 13:35:51 -------- d-----w- C:\PROGRA~3\Passmark
2011-01-22 13:35:50 -------- d-----w- C:\Program Files\PerformanceTest
2011-01-22 11:35:09 151552 ----a-w- C:\Windows\SysWow64\nvRegDev.dll
2011-01-22 11:34:59 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-01-22 11:34:59 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-01-22 11:34:59 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-01-22 11:34:59 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-01-22 11:34:59 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-01-22 11:34:59 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-01-22 11:34:58 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-01-22 11:20:35 -------- d-----w- C:\Program Files (x86)\PicLensIE
2011-01-21 16:45:29 -------- d-----w- C:\Program Files\CCleaner
2011-01-21 16:25:21 48648 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-01-21 15:25:00 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-01-21 15:24:47 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-01-21 15:24:45 -------- d-----w- C:\Windows\PCHEALTH
2011-01-21 15:17:14 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-01-21 15:13:26 -------- d-----w- C:\Users\Maria\AppData\Roaming\Avira
2011-01-21 10:47:57 -------- d-----w- C:\Windows\SysWow64\Wat
2011-01-21 10:47:57 -------- d-----w- C:\Windows\System32\Wat
2011-01-21 10:42:11 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-01-21 10:42:11 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-01-21 10:37:48 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-01-21 10:37:48 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-01-21 10:37:48 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-01-21 10:37:48 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-01-21 10:37:48 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-01-21 10:37:48 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-01-21 10:37:48 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-01-21 10:37:48 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-01-21 10:37:48 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-01-21 10:37:48 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-01-21 10:37:34 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-01-21 10:33:28 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-01-21 10:30:25 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-01-21 10:20:47 -------- d-----w- C:\Users\Maria\AppData\Local\Hewlett-Packard
2011-01-21 10:05:42 -------- d-----w- C:\Users\Maria\AppData\Roaming\hpqLog
2011-01-21 10:05:33 -------- d-----w- C:\PROGRA~3\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2011-01-21 10:04:57 -------- d--h--w- C:\system.sav
2011-01-21 10:04:45 -------- d-----w- C:\Users\Maria\AppData\Local\Adobe
2011-01-21 10:04:44 -------- d-----w- C:\Users\Maria\AppData\Roaming\WinBatch
2011-01-21 09:47:54 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-01-21 09:47:54 -------- d-----w- C:\Program Files (x86)\Avira
2011-01-21 09:47:54 -------- d-----w- C:\PROGRA~3\Avira
2011-01-21 06:51:45 -------- d-----w- C:\Windows\Panther
2011-01-20 21:17:34 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-20 21:02:55 255592 ----a-w- C:\Windows\System32\nvcohda6.dll
2011-01-20 21:02:54 -------- d-----w- C:\NVIDIA
2011-01-20 21:01:55 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-01-20 21:00:21 -------- d-sh--w- C:\Windows\Installer
2011-01-20 21:00:21 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2011-01-20 21:00:19 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-01-20 20:58:33 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-01-20 20:58:33 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-01-20 20:58:32 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-01-20 20:58:32 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-01-07 18:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-01-07 18:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
2011-01-07 18:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-01-07 18:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-01-07 18:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
==================== Find3M ====================
2010-12-02 09:12:08 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
2010-11-11 23:10:56 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2010-11-11 23:10:49 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
============= FINISH: 18:37:09,72 ===============