Desuka
2011-02-25, 05:01
Hello guys,
I need some help in removing a Win32/Olmarik.AJL trojan that unfortunately infected my system 1 or 2 days ago. I have Windows 7 and ESET Nod32, nod found the trojan and it seems to happen every time my machine reboots, the 'unable to clean' message will pop up by nod32.
Here is my DDS log,
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Eleazar at 11:49:09.15 on Fri 25/02/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.65.1033.18.6135.3650 [GMT 8:00]
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
E:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
E:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
E:\Programs\RocketDock\RocketDock.exe
C:\Program Files (x86)\TruDirect\TruDirectTray.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Programs\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
E:\Programs\Internet Download Manager\IDMan.exe
E:\Downloads\IDM\dds.EXE
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - E:\Programs\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\Programs\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - E:\Programs\MICROS~1\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RocketDock] "E:\Programs\RocketDock\RocketDock.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe"
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [BCSSync] "E:\Programs\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TRUDIR~1.LNK - C:\Program Files (x86)\TruDirect\TruDirectTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - E:\Programs\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - E:\Programs\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - E:\Programs\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - E:\Programs\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - E:\Programs\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Programs\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - E:\Programs\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {42229A60-A3C4-4693-9176-24457C625D2C} = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\Programs\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Programs\Internet Download Manager\IDMIECC64.dll
BHO-X64: IDM Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 74.208.10.249 gs.apple.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Eleazar\AppData\Roaming\Mozilla\Firefox\Profiles\u184d9dc.default\
FF - component: C:\Users\Eleazar\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: C:\Users\Eleazar\AppData\Roaming\Mozilla\Firefox\Profiles\u184d9dc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Eleazar\AppData\Roaming\Mozilla\Firefox\Profiles\u184d9dc.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: E:\Programs\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Programs\Adobe\Acrobat 10.0\Acrobat\browser\nppdf32.dll
FF - plugin: E:\Programs\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Programs\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: E:\Programs\MICROS~1\Office14\NPSPWRAP.DLL
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Hide Menubar: hidemenubar@moztw.org - %profile%\extensions\hidemenubar@moztw.org
FF - Ext: Tab Progress Bar: tabprogressbar@studio17.wordpress.com - %profile%\extensions\tabprogressbar@studio17.wordpress.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: Facebook PhotoZoom: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} - %profile%\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - C:\Users\Eleazar\AppData\Roaming\IDM\idmmzcc3
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - E:\Programs\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
============= SERVICES / DRIVERS ===============
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-29 735960]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2009-9-29 123200]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2010-12-24 142424]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\system32\nlssrv32.exe --> C:\Windows\system32\nlssrv32.exe [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-9 369256]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;E:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-4-19 1401672]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2011-1-30 12032]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816]
R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\Dnetr28ux.sys [2009-8-6 987648]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-12-25 155752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-25 347680]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;E:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-2-25 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CYUSB;Cypress Generic USB Driver;C:\Windows\System32\drivers\CYUSB.sys [2011-1-30 47104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;E:\Programs\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2010-4-19 22528]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
=============== Created Last 30 ================
2011-02-25 03:13:59 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\Malwarebytes
2011-02-25 03:13:50 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-25 03:13:49 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-25 03:13:47 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-25 03:13:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-25 03:06:08 -------- d-----w- C:\Users\Eleazar\AppData\Local\{85A21E95-E25E-40E7-BDAC-F900C40004F9}
2011-02-24 17:33:58 -------- d-----w- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-02-24 17:33:50 -------- d-----w- C:\Windows\SysWow64\xlive
2011-02-24 17:33:50 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-02-24 15:05:43 -------- d-----w- C:\Users\Eleazar\AppData\Local\{5F966DC1-9180-463B-A8B5-5728F5AA2617}
2011-02-24 06:14:31 -------- d-----w- C:\Users\Eleazar\AppData\Local\FalloutNV
2011-02-24 03:05:17 -------- d-----w- C:\Users\Eleazar\AppData\Local\{FE7DE889-DC76-4EA4-8AE4-721A08CC68F9}
2011-02-23 19:00:14 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-23 19:00:14 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-23 14:50:21 -------- d-----w- C:\Users\Eleazar\AppData\Local\{5C1C41C3-8F81-45AD-BA4E-428F60C6D3F4}
2011-02-23 02:51:51 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-23 02:51:51 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-23 02:51:51 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-23 02:51:51 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 02:51:46 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{8562CEC6-A2A1-4B15-8FBB-6866BF11463D}\mpengine.dll
2011-02-23 02:50:08 -------- d-----w- C:\Users\Eleazar\AppData\Local\{8512DF8C-FEE1-4A37-A63E-0CD93A1CF185}
2011-02-22 07:52:50 -------- d-----w- C:\Users\Eleazar\AppData\Local\{DF46094F-C4E6-4AF9-8A15-3E4231BAB4A6}
2011-02-22 04:42:36 -------- d-----w- C:\Users\Eleazar\AppData\Local\{85696A02-037B-45E7-B04F-AF09FF3198FC}
2011-02-21 16:42:11 -------- d-----w- C:\Users\Eleazar\AppData\Local\{5A6EB57C-127A-41C2-B49A-C4E1502B13A3}
2011-02-21 13:03:31 -------- d-----w- C:\Program Files (x86)\Kamuse
2011-02-21 04:41:42 -------- d-----w- C:\Users\Eleazar\AppData\Local\{7DB7902D-91B7-4F89-B2FD-F50F76334D16}
2011-02-20 16:41:07 -------- d-----w- C:\Users\Eleazar\AppData\Local\{5BF8B7D6-9720-4959-99D3-D152A4829E34}
2011-02-20 04:40:54 -------- d-----w- C:\Users\Eleazar\AppData\Local\{47AAA521-6AB0-4011-BB02-C3E02C94DFE0}
2011-02-19 16:40:24 -------- d-----w- C:\Users\Eleazar\AppData\Local\{A4650CBD-4C7B-4B0F-961E-F716EDE8581A}
2011-02-19 04:39:59 -------- d-----w- C:\Users\Eleazar\AppData\Local\{9062BACE-9D7E-47FF-A9E9-44C49A700F14}
2011-02-18 16:39:34 -------- d-----w- C:\Users\Eleazar\AppData\Local\{2268E31B-7096-49E5-8060-BF148244F90E}
2011-02-18 04:39:22 -------- d-----w- C:\Users\Eleazar\AppData\Local\{CB6470A8-8A8B-4D22-A7E0-FD3469687FFD}
2011-02-17 15:09:48 -------- d-----w- C:\Users\Eleazar\AppData\Local\{EC6F0F60-9672-45B7-9A45-F209ECC292DF}
2011-02-17 03:09:35 -------- d-----w- C:\Users\Eleazar\AppData\Local\{42FE9D65-265D-4771-833E-14AB67886A22}
2011-02-16 15:09:10 -------- d-----w- C:\Users\Eleazar\AppData\Local\{1B12FF83-EAB4-4956-8880-6433F94544CA}
2011-02-16 03:08:45 -------- d-----w- C:\Users\Eleazar\AppData\Local\{2DA641AA-5A9D-4472-80C3-3257AED46FCC}
2011-02-15 15:08:20 -------- d-----w- C:\Users\Eleazar\AppData\Local\{AAE27336-26F9-45D4-854F-67A3180D0330}
2011-02-15 03:08:07 -------- d-----w- C:\Users\Eleazar\AppData\Local\{6EF70DB5-AF74-4B7E-91FE-FE8753E93345}
2011-02-14 18:48:34 -------- d-----w- C:\Users\Eleazar\AppData\Local\{F2CC1484-4A4A-44A0-BB21-7FC1C61DA3A4}
2011-02-14 06:48:34 -------- d-----w- C:\Users\Eleazar\AppData\Local\{172B484B-D682-4942-AF14-26A62A7882C6}
2011-02-14 06:15:16 -------- d-----w- C:\Users\Eleazar\AppData\Local\CrashRpt
2011-02-13 18:48:07 -------- d-----w- C:\Users\Eleazar\AppData\Local\{D635955F-00D2-4C12-9DAC-58B62907653B}
2011-02-13 06:47:53 -------- d-----w- C:\Users\Eleazar\AppData\Local\{31E0AF61-3EDF-49AC-9BFE-010925B8D5A9}
2011-02-12 15:51:34 -------- d-----w- C:\Users\Eleazar\AppData\Local\{411E264C-EC3D-4F5F-A5A9-4EE4D9942059}
2011-02-12 05:09:59 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\Rainmeter
2011-02-12 04:52:12 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll.1
2011-02-12 04:52:12 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2011-02-12 03:51:09 -------- d-----w- C:\Users\Eleazar\AppData\Local\{1E8E181A-C841-43FD-8288-A6261366B525}
2011-02-12 02:44:28 -------- d-----w- C:\PROGRA~3\ALM
2011-02-11 15:50:44 -------- d-----w- C:\Users\Eleazar\AppData\Local\{8D982EC7-F211-41D4-A6B7-1F15B4C2010A}
2011-02-11 07:19:25 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-02-11 07:19:15 -------- d-----w- C:\Windows\PCHEALTH
2011-02-11 07:19:15 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-02-11 07:17:23 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-02-11 07:17:07 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-02-11 07:17:04 -------- d-----w- C:\Windows\SHELLNEW
2011-02-11 05:16:07 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-02-11 03:50:19 -------- d-----w- C:\Users\Eleazar\AppData\Local\{6EFA2A3B-5F45-4D42-AF07-DC153B8ED76A}
2011-02-10 13:00:51 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-02-10 03:49:41 -------- d-----w- C:\Users\Eleazar\AppData\Local\{DE8E9B06-22C8-4FDB-A353-5CDCDF7F0212}
2011-02-10 03:11:47 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-09 15:49:16 -------- d-----w- C:\Users\Eleazar\AppData\Local\{C4022296-7FE2-491E-B820-F72531F4B360}
2011-02-09 05:11:25 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\ColorCop
2011-02-09 03:49:03 -------- d-----w- C:\Users\Eleazar\AppData\Local\{EE2D12AB-8AF0-4980-BC3E-49017C6600DF}
2011-02-08 15:48:38 -------- d-----w- C:\Users\Eleazar\AppData\Local\{4726CDA3-E4A7-4172-8C1B-F9AE60937C75}
2011-02-08 03:48:38 -------- d-----w- C:\Users\Eleazar\AppData\Local\{D7C19C73-B104-490A-8B6E-71A5C7CEA8F4}
2011-02-07 15:48:12 -------- d-----w- C:\Users\Eleazar\AppData\Local\{595576FB-8F8F-4175-8713-FAB18DBE548D}
2011-02-07 13:44:44 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\ToneFXsCreator
2011-02-07 03:47:46 -------- d-----w- C:\Users\Eleazar\AppData\Local\{AED75D14-3983-4742-8136-61FDE0CF0E76}
2011-02-06 09:50:24 -------- d-----w- C:\Users\Eleazar\AppData\Local\{5BD0DE67-53DF-4D25-A277-16470F0AC6EF}
2011-02-06 09:47:35 -------- d-----w- C:\Program Files\iTunes
2011-02-06 09:47:35 -------- d-----w- C:\Program Files\iPod
2011-02-06 08:03:14 -------- d-----w- C:\Users\Eleazar\.shsh
2011-02-06 05:08:05 -------- d-----w- C:\Users\Eleazar\AppData\Local\{4892782F-D7CE-41F1-BB4D-B2BC7E54E2CE}
2011-02-05 15:45:46 -------- d-----w- C:\Users\Eleazar\AppData\Local\{177298FA-B8B9-4D13-B2E0-296B9948297C}
2011-02-05 03:45:20 -------- d-----w- C:\Users\Eleazar\AppData\Local\{3B1C9B60-B5D1-4FE4-AC88-8569B29ACB2D}
2011-02-04 15:07:23 -------- d-----w- C:\Users\Eleazar\AppData\Local\{4354D9D7-1E31-47BF-845B-71DEBDD98719}
2011-02-04 12:10:36 -------- d-----w- C:\PROGRA~3\Solidshield
2011-02-04 08:44:44 -------- d-----w- C:\PROGRA~3\xOcean
2011-02-04 08:44:41 -------- d-----w- C:\Program Files (x86)\BlastShark
2011-02-04 08:23:42 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\RIFT
2011-02-04 03:07:23 -------- d-----w- C:\Users\Eleazar\AppData\Local\{17C6B93B-3E5D-4007-9777-41A41525CA52}
2011-02-03 14:19:03 -------- d-----w- C:\Users\Eleazar\AppData\Local\{749FD71C-074E-4A57-A800-4EDACE17FD78}
2011-02-03 02:18:50 -------- d-----w- C:\Users\Eleazar\AppData\Local\{BCE8C31C-6242-496C-BDC4-591195407800}
2011-02-02 15:33:03 -------- d-----w- C:\Users\Eleazar\AppData\Local\EA Games
2011-02-02 14:02:49 -------- d-----w- C:\Users\Eleazar\AppData\Local\{69C989D1-4257-4AEE-8B71-2A6715ECC712}
2011-02-02 02:04:05 -------- d-----w- C:\PROGRA~3\DVDneXtCOPY
2011-02-02 02:02:49 -------- d-----w- C:\Users\Eleazar\AppData\Local\{BDA52BA2-CBF5-4524-B4EF-C1A85897CE7E}
2011-02-01 14:02:24 -------- d-----w- C:\Users\Eleazar\AppData\Local\{FB252568-38F5-465A-A492-152801173AA3}
2011-01-31 11:37:58 -------- d-----w- C:\Users\Eleazar\AppData\Local\{AC1EB945-9C82-4F8F-913B-4F3C6A0CA248}
2011-01-30 10:02:34 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\Razer
2011-01-30 10:01:17 85504 ----a-w- C:\Windows\SysWow64\DeathAdder64.cpl
2011-01-30 10:01:15 7552 ----a-w- C:\Windows\System32\drivers\vHidDev.sys
2011-01-30 10:01:15 47104 ----a-w- C:\Windows\System32\drivers\CYUSB.sys
2011-01-30 10:01:15 12032 ----a-w- C:\Windows\System32\drivers\danew.sys
2011-01-30 09:32:10 -------- d-----w- C:\Users\Eleazar\AppData\Local\{C70F6C09-141F-4DDE-B3D6-E9C588BDAFD3}
2011-01-29 13:32:11 -------- d-----w- C:\Users\Eleazar\AppData\Local\{53D2FA98-75BA-4043-BFF5-5952FD6AAB8F}
2011-01-29 01:25:59 -------- d-----w- C:\Users\Eleazar\AppData\Local\{640193E5-C089-4BEB-B35E-1E14F57A70FD}
2011-01-28 12:00:09 -------- d-----w- C:\Users\Eleazar\AppData\Local\{42133F0A-DE87-4D93-94CC-3CF70EA88630}
2011-01-27 14:24:30 -------- d-----w- C:\Users\Eleazar\AppData\Local\storage
2011-01-27 14:15:00 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-01-27 14:15:00 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2011-01-27 14:15:00 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2011-01-27 14:15:00 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2011-01-27 14:14:59 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2011-01-27 14:14:59 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-01-27 11:43:19 -------- d-----w- C:\Users\Eleazar\AppData\Local\{D90B9E6A-EAF9-47AC-B9A6-E20671D6E659}
2011-01-26 12:19:48 -------- d-----w- C:\Users\Eleazar\AppData\Local\{C41FAB83-131B-4837-B4A5-1541160436B4}
==================== Find3M ====================
2011-02-12 05:02:16 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2011-02-12 05:02:14 2851328 ----a-w- C:\Windows\System32\themeui.dll
2011-02-12 05:02:12 44544 ----a-w- C:\Windows\System32\themeservice.dll
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-11 11:35:55 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-01-11 11:33:49 1142 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2011-01-10 06:22:57 4082688 ----a-w- C:\Windows\System32\authui.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-07 04:51:06 4082688 ----a-w- C:\Windows\System32\authui-black.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2011-01-03 14:51:45 794906 ----a-w- C:\Windows\unins000.exe
2010-12-25 03:54:00 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-12-25 01:42:55 16896 ----a-w- C:\Windows\AsTaskSched.dll
2010-12-23 19:09:44 142424 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-29 09:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 09:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
============= FINISH: 11:49:19.25 ===============
Thanks for reading and please help!
I need some help in removing a Win32/Olmarik.AJL trojan that unfortunately infected my system 1 or 2 days ago. I have Windows 7 and ESET Nod32, nod found the trojan and it seems to happen every time my machine reboots, the 'unable to clean' message will pop up by nod32.
Here is my DDS log,
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Eleazar at 11:49:09.15 on Fri 25/02/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.65.1033.18.6135.3650 [GMT 8:00]
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
E:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
E:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
E:\Programs\RocketDock\RocketDock.exe
C:\Program Files (x86)\TruDirect\TruDirectTray.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Programs\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
E:\Programs\Internet Download Manager\IDMan.exe
E:\Downloads\IDM\dds.EXE
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - E:\Programs\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\Programs\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - E:\Programs\MICROS~1\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RocketDock] "E:\Programs\RocketDock\RocketDock.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe"
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [BCSSync] "E:\Programs\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TRUDIR~1.LNK - C:\Program Files (x86)\TruDirect\TruDirectTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - E:\Programs\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - E:\Programs\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - E:\Programs\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - E:\Programs\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - E:\Programs\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Programs\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - E:\Programs\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {42229A60-A3C4-4693-9176-24457C625D2C} = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\Programs\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Programs\Internet Download Manager\IDMIECC64.dll
BHO-X64: IDM Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 74.208.10.249 gs.apple.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Eleazar\AppData\Roaming\Mozilla\Firefox\Profiles\u184d9dc.default\
FF - component: C:\Users\Eleazar\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: C:\Users\Eleazar\AppData\Roaming\Mozilla\Firefox\Profiles\u184d9dc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Eleazar\AppData\Roaming\Mozilla\Firefox\Profiles\u184d9dc.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: E:\Programs\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Programs\Adobe\Acrobat 10.0\Acrobat\browser\nppdf32.dll
FF - plugin: E:\Programs\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Programs\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: E:\Programs\MICROS~1\Office14\NPSPWRAP.DLL
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Hide Menubar: hidemenubar@moztw.org - %profile%\extensions\hidemenubar@moztw.org
FF - Ext: Tab Progress Bar: tabprogressbar@studio17.wordpress.com - %profile%\extensions\tabprogressbar@studio17.wordpress.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: Facebook PhotoZoom: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} - %profile%\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - C:\Users\Eleazar\AppData\Roaming\IDM\idmmzcc3
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - E:\Programs\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
============= SERVICES / DRIVERS ===============
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-29 735960]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2009-9-29 123200]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2010-12-24 142424]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\system32\nlssrv32.exe --> C:\Windows\system32\nlssrv32.exe [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-9 369256]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;E:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-4-19 1401672]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2011-1-30 12032]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816]
R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\Dnetr28ux.sys [2009-8-6 987648]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-12-25 155752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-25 347680]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;E:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-2-25 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CYUSB;Cypress Generic USB Driver;C:\Windows\System32\drivers\CYUSB.sys [2011-1-30 47104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;E:\Programs\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2010-4-19 22528]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
=============== Created Last 30 ================
2011-02-25 03:13:59 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\Malwarebytes
2011-02-25 03:13:50 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-25 03:13:49 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-25 03:13:47 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-25 03:13:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-25 03:06:08 -------- d-----w- C:\Users\Eleazar\AppData\Local\{85A21E95-E25E-40E7-BDAC-F900C40004F9}
2011-02-24 17:33:58 -------- d-----w- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-02-24 17:33:50 -------- d-----w- C:\Windows\SysWow64\xlive
2011-02-24 17:33:50 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-02-24 15:05:43 -------- d-----w- C:\Users\Eleazar\AppData\Local\{5F966DC1-9180-463B-A8B5-5728F5AA2617}
2011-02-24 06:14:31 -------- d-----w- C:\Users\Eleazar\AppData\Local\FalloutNV
2011-02-24 03:05:17 -------- d-----w- C:\Users\Eleazar\AppData\Local\{FE7DE889-DC76-4EA4-8AE4-721A08CC68F9}
2011-02-23 19:00:14 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-23 19:00:14 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-23 14:50:21 -------- d-----w- C:\Users\Eleazar\AppData\Local\{5C1C41C3-8F81-45AD-BA4E-428F60C6D3F4}
2011-02-23 02:51:51 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-23 02:51:51 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-23 02:51:51 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-23 02:51:51 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 02:51:46 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{8562CEC6-A2A1-4B15-8FBB-6866BF11463D}\mpengine.dll
2011-02-23 02:50:08 -------- d-----w- C:\Users\Eleazar\AppData\Local\{8512DF8C-FEE1-4A37-A63E-0CD93A1CF185}
2011-02-22 07:52:50 -------- d-----w- C:\Users\Eleazar\AppData\Local\{DF46094F-C4E6-4AF9-8A15-3E4231BAB4A6}
2011-02-22 04:42:36 -------- d-----w- C:\Users\Eleazar\AppData\Local\{85696A02-037B-45E7-B04F-AF09FF3198FC}
2011-02-21 16:42:11 -------- d-----w- C:\Users\Eleazar\AppData\Local\{5A6EB57C-127A-41C2-B49A-C4E1502B13A3}
2011-02-21 13:03:31 -------- d-----w- C:\Program Files (x86)\Kamuse
2011-02-21 04:41:42 -------- d-----w- C:\Users\Eleazar\AppData\Local\{7DB7902D-91B7-4F89-B2FD-F50F76334D16}
2011-02-20 16:41:07 -------- d-----w- C:\Users\Eleazar\AppData\Local\{5BF8B7D6-9720-4959-99D3-D152A4829E34}
2011-02-20 04:40:54 -------- d-----w- C:\Users\Eleazar\AppData\Local\{47AAA521-6AB0-4011-BB02-C3E02C94DFE0}
2011-02-19 16:40:24 -------- d-----w- C:\Users\Eleazar\AppData\Local\{A4650CBD-4C7B-4B0F-961E-F716EDE8581A}
2011-02-19 04:39:59 -------- d-----w- C:\Users\Eleazar\AppData\Local\{9062BACE-9D7E-47FF-A9E9-44C49A700F14}
2011-02-18 16:39:34 -------- d-----w- C:\Users\Eleazar\AppData\Local\{2268E31B-7096-49E5-8060-BF148244F90E}
2011-02-18 04:39:22 -------- d-----w- C:\Users\Eleazar\AppData\Local\{CB6470A8-8A8B-4D22-A7E0-FD3469687FFD}
2011-02-17 15:09:48 -------- d-----w- C:\Users\Eleazar\AppData\Local\{EC6F0F60-9672-45B7-9A45-F209ECC292DF}
2011-02-17 03:09:35 -------- d-----w- C:\Users\Eleazar\AppData\Local\{42FE9D65-265D-4771-833E-14AB67886A22}
2011-02-16 15:09:10 -------- d-----w- C:\Users\Eleazar\AppData\Local\{1B12FF83-EAB4-4956-8880-6433F94544CA}
2011-02-16 03:08:45 -------- d-----w- C:\Users\Eleazar\AppData\Local\{2DA641AA-5A9D-4472-80C3-3257AED46FCC}
2011-02-15 15:08:20 -------- d-----w- C:\Users\Eleazar\AppData\Local\{AAE27336-26F9-45D4-854F-67A3180D0330}
2011-02-15 03:08:07 -------- d-----w- C:\Users\Eleazar\AppData\Local\{6EF70DB5-AF74-4B7E-91FE-FE8753E93345}
2011-02-14 18:48:34 -------- d-----w- C:\Users\Eleazar\AppData\Local\{F2CC1484-4A4A-44A0-BB21-7FC1C61DA3A4}
2011-02-14 06:48:34 -------- d-----w- C:\Users\Eleazar\AppData\Local\{172B484B-D682-4942-AF14-26A62A7882C6}
2011-02-14 06:15:16 -------- d-----w- C:\Users\Eleazar\AppData\Local\CrashRpt
2011-02-13 18:48:07 -------- d-----w- C:\Users\Eleazar\AppData\Local\{D635955F-00D2-4C12-9DAC-58B62907653B}
2011-02-13 06:47:53 -------- d-----w- C:\Users\Eleazar\AppData\Local\{31E0AF61-3EDF-49AC-9BFE-010925B8D5A9}
2011-02-12 15:51:34 -------- d-----w- C:\Users\Eleazar\AppData\Local\{411E264C-EC3D-4F5F-A5A9-4EE4D9942059}
2011-02-12 05:09:59 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\Rainmeter
2011-02-12 04:52:12 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll.1
2011-02-12 04:52:12 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2011-02-12 03:51:09 -------- d-----w- C:\Users\Eleazar\AppData\Local\{1E8E181A-C841-43FD-8288-A6261366B525}
2011-02-12 02:44:28 -------- d-----w- C:\PROGRA~3\ALM
2011-02-11 15:50:44 -------- d-----w- C:\Users\Eleazar\AppData\Local\{8D982EC7-F211-41D4-A6B7-1F15B4C2010A}
2011-02-11 07:19:25 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-02-11 07:19:15 -------- d-----w- C:\Windows\PCHEALTH
2011-02-11 07:19:15 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-02-11 07:17:23 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-02-11 07:17:07 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-02-11 07:17:04 -------- d-----w- C:\Windows\SHELLNEW
2011-02-11 05:16:07 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-02-11 03:50:19 -------- d-----w- C:\Users\Eleazar\AppData\Local\{6EFA2A3B-5F45-4D42-AF07-DC153B8ED76A}
2011-02-10 13:00:51 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-02-10 03:49:41 -------- d-----w- C:\Users\Eleazar\AppData\Local\{DE8E9B06-22C8-4FDB-A353-5CDCDF7F0212}
2011-02-10 03:11:47 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-09 15:49:16 -------- d-----w- C:\Users\Eleazar\AppData\Local\{C4022296-7FE2-491E-B820-F72531F4B360}
2011-02-09 05:11:25 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\ColorCop
2011-02-09 03:49:03 -------- d-----w- C:\Users\Eleazar\AppData\Local\{EE2D12AB-8AF0-4980-BC3E-49017C6600DF}
2011-02-08 15:48:38 -------- d-----w- C:\Users\Eleazar\AppData\Local\{4726CDA3-E4A7-4172-8C1B-F9AE60937C75}
2011-02-08 03:48:38 -------- d-----w- C:\Users\Eleazar\AppData\Local\{D7C19C73-B104-490A-8B6E-71A5C7CEA8F4}
2011-02-07 15:48:12 -------- d-----w- C:\Users\Eleazar\AppData\Local\{595576FB-8F8F-4175-8713-FAB18DBE548D}
2011-02-07 13:44:44 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\ToneFXsCreator
2011-02-07 03:47:46 -------- d-----w- C:\Users\Eleazar\AppData\Local\{AED75D14-3983-4742-8136-61FDE0CF0E76}
2011-02-06 09:50:24 -------- d-----w- C:\Users\Eleazar\AppData\Local\{5BD0DE67-53DF-4D25-A277-16470F0AC6EF}
2011-02-06 09:47:35 -------- d-----w- C:\Program Files\iTunes
2011-02-06 09:47:35 -------- d-----w- C:\Program Files\iPod
2011-02-06 08:03:14 -------- d-----w- C:\Users\Eleazar\.shsh
2011-02-06 05:08:05 -------- d-----w- C:\Users\Eleazar\AppData\Local\{4892782F-D7CE-41F1-BB4D-B2BC7E54E2CE}
2011-02-05 15:45:46 -------- d-----w- C:\Users\Eleazar\AppData\Local\{177298FA-B8B9-4D13-B2E0-296B9948297C}
2011-02-05 03:45:20 -------- d-----w- C:\Users\Eleazar\AppData\Local\{3B1C9B60-B5D1-4FE4-AC88-8569B29ACB2D}
2011-02-04 15:07:23 -------- d-----w- C:\Users\Eleazar\AppData\Local\{4354D9D7-1E31-47BF-845B-71DEBDD98719}
2011-02-04 12:10:36 -------- d-----w- C:\PROGRA~3\Solidshield
2011-02-04 08:44:44 -------- d-----w- C:\PROGRA~3\xOcean
2011-02-04 08:44:41 -------- d-----w- C:\Program Files (x86)\BlastShark
2011-02-04 08:23:42 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\RIFT
2011-02-04 03:07:23 -------- d-----w- C:\Users\Eleazar\AppData\Local\{17C6B93B-3E5D-4007-9777-41A41525CA52}
2011-02-03 14:19:03 -------- d-----w- C:\Users\Eleazar\AppData\Local\{749FD71C-074E-4A57-A800-4EDACE17FD78}
2011-02-03 02:18:50 -------- d-----w- C:\Users\Eleazar\AppData\Local\{BCE8C31C-6242-496C-BDC4-591195407800}
2011-02-02 15:33:03 -------- d-----w- C:\Users\Eleazar\AppData\Local\EA Games
2011-02-02 14:02:49 -------- d-----w- C:\Users\Eleazar\AppData\Local\{69C989D1-4257-4AEE-8B71-2A6715ECC712}
2011-02-02 02:04:05 -------- d-----w- C:\PROGRA~3\DVDneXtCOPY
2011-02-02 02:02:49 -------- d-----w- C:\Users\Eleazar\AppData\Local\{BDA52BA2-CBF5-4524-B4EF-C1A85897CE7E}
2011-02-01 14:02:24 -------- d-----w- C:\Users\Eleazar\AppData\Local\{FB252568-38F5-465A-A492-152801173AA3}
2011-01-31 11:37:58 -------- d-----w- C:\Users\Eleazar\AppData\Local\{AC1EB945-9C82-4F8F-913B-4F3C6A0CA248}
2011-01-30 10:02:34 -------- d-----w- C:\Users\Eleazar\AppData\Roaming\Razer
2011-01-30 10:01:17 85504 ----a-w- C:\Windows\SysWow64\DeathAdder64.cpl
2011-01-30 10:01:15 7552 ----a-w- C:\Windows\System32\drivers\vHidDev.sys
2011-01-30 10:01:15 47104 ----a-w- C:\Windows\System32\drivers\CYUSB.sys
2011-01-30 10:01:15 12032 ----a-w- C:\Windows\System32\drivers\danew.sys
2011-01-30 09:32:10 -------- d-----w- C:\Users\Eleazar\AppData\Local\{C70F6C09-141F-4DDE-B3D6-E9C588BDAFD3}
2011-01-29 13:32:11 -------- d-----w- C:\Users\Eleazar\AppData\Local\{53D2FA98-75BA-4043-BFF5-5952FD6AAB8F}
2011-01-29 01:25:59 -------- d-----w- C:\Users\Eleazar\AppData\Local\{640193E5-C089-4BEB-B35E-1E14F57A70FD}
2011-01-28 12:00:09 -------- d-----w- C:\Users\Eleazar\AppData\Local\{42133F0A-DE87-4D93-94CC-3CF70EA88630}
2011-01-27 14:24:30 -------- d-----w- C:\Users\Eleazar\AppData\Local\storage
2011-01-27 14:15:00 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-01-27 14:15:00 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2011-01-27 14:15:00 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2011-01-27 14:15:00 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2011-01-27 14:14:59 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2011-01-27 14:14:59 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-01-27 11:43:19 -------- d-----w- C:\Users\Eleazar\AppData\Local\{D90B9E6A-EAF9-47AC-B9A6-E20671D6E659}
2011-01-26 12:19:48 -------- d-----w- C:\Users\Eleazar\AppData\Local\{C41FAB83-131B-4837-B4A5-1541160436B4}
==================== Find3M ====================
2011-02-12 05:02:16 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2011-02-12 05:02:14 2851328 ----a-w- C:\Windows\System32\themeui.dll
2011-02-12 05:02:12 44544 ----a-w- C:\Windows\System32\themeservice.dll
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-11 11:35:55 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-01-11 11:33:49 1142 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2011-01-10 06:22:57 4082688 ----a-w- C:\Windows\System32\authui.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-07 04:51:06 4082688 ----a-w- C:\Windows\System32\authui-black.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2011-01-03 14:51:45 794906 ----a-w- C:\Windows\unins000.exe
2010-12-25 03:54:00 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-12-25 01:42:55 16896 ----a-w- C:\Windows\AsTaskSched.dll
2010-12-23 19:09:44 142424 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-29 09:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 09:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
============= FINISH: 11:49:19.25 ===============
Thanks for reading and please help!