knightmarez28
2011-09-11, 06:34
So I'm doing random directory scans with spybot and I get to C:\windows\assemlby and apparently heuristic scans found over 40 fraud.windowsrecover and fraud.internetsecurity2011. Full scan of microsoft security essentials (updated about 5 am sept. 9), ad-aware (installed today), hijackthis (installed today) and spybot turns up nothing. Let me take that back, adaware did find some trojans and removed them successfully. Nothing major. Anyways, I did download the root analyzer as well and it didn't come up with anything. Computer bluescreened on me earlier and I've been fighting to get windows back in order ever since. Windows update last checked this morning as well so I have all the security updates and such. Anyways, I copied a full list of all the assemblies that were infected, guess I just want to know if it would be a false positive or what? Worse come to worse, I have no problems reformating as I have anything I want to keep on a separate drive and just a partition specifically for windows. I apologies if I'm posting in the wrong section or forgetting to take a step before posting, been staring at this screen for about 15 hours today (not all at once, of course).
Thanks in advance
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by David at 22:48:57 on 2011-09-10
Neo Reconia Windows Shine Edition 6.1.7601.1.1252.1.1033.18.4094.2598 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Notepad2\Notepad2.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDFiles.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = www.google.com
uSearch Page = hxxp://www.google.com/
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = www.google.com
mStart Page = www.google.com
mDefault_Search_URL = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/
mLocal Page = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com/
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
mWinlogon: Userinit=userinit.exe
BHO: FileServeManager: {00000001-ab3b-4334-9da2-ec6b2a02afc6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: blackviper.com\www
Trusted Zone: facebook.com\www
Trusted Zone: google.com\www
Trusted Zone: hotmail.com\www
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\www
Trusted Zone: msn.com\www
Trusted Zone: yahoo.com\www
Trusted Zone: youtube.com\www
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E98E8CDF-5B4C-4FBB-9A97-3586B896239A} : DhcpNameServer = 192.168.1.1
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\SysWow64\DreamScene.dll
IFEO: notepad.exe - "C:\Program Files\Notepad2\Notepad2.exe" /z
BHO-X64: FileServeManager: {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll
BHO-X64: FileServeManager - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\SysWow64\DreamScene.dll
IFEO-X64: notepad.exe - "C:\Program Files\Notepad2\Notepad2.exe" /z
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\lvbthuwk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-28 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-23 55424]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-3 1153368]
R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\uxpatch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2151640]
S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-9-6 21480]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-11 02:35:53 -------- d-----w- C:\Users\David\AppData\Roaming\Safer Networking
2011-09-11 02:35:14 -------- d-----w- C:\Program Files (x86)\Safer Networking
2011-09-10 23:25:10 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-09-10 22:52:12 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-09-10 22:04:01 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-09-10 22:02:31 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-09-10 22:02:29 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-09-10 21:10:12 388096 ----a-r- C:\Users\David\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-10 20:31:56 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-10 18:50:03 -------- d-----w- C:\Users\David\AppData\Local\Microangelo On Display
2011-09-10 18:50:03 -------- d-----w- C:\ProgramData\Microangelo On Display
2011-09-10 18:49:58 -------- d-----w- C:\Users\David\AppData\Roaming\Icons and Cursors
2011-09-10 18:46:39 -------- d-----w- C:\Windows\CheckSur
2011-09-10 18:25:18 -------- d-----w- C:\Users\David\AppData\Local\Apps
2011-09-10 15:18:28 -------- d-----w- C:\Users\David\AppData\Local\{5E143E51-2E42-47BD-9960-175BF1CD52C1}
2011-09-10 15:18:17 -------- d-----w- C:\Users\David\AppData\Local\{A67F6420-CBB2-406A-B2BF-F42BAB9CDF23}
2011-09-10 15:15:52 -------- d-----w- C:\Windows\PCHEALTH
2011-09-10 15:11:21 -------- d-----w- C:\Users\David\AppData\Local\{BEC64792-B349-49EA-891A-6B9D97964A7D}
2011-09-10 15:06:28 -------- d-----w- C:\Users\David\AppData\Local\{578661FF-BAD2-48FB-A1A5-44222177D9AF}
2011-09-10 11:37:41 8862544 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F5CE568-0309-4D0F-A75D-D51F572E7052}\mpengine.dll
2011-09-10 11:36:18 -------- d-----w- C:\Users\David\AppData\Local\{835E9A4C-F60A-4016-997C-CFA13316B571}
2011-09-10 11:36:07 -------- d-----w- C:\Users\David\AppData\Local\{080F4431-2DAB-40CF-8ACE-8BA9193D1451}
2011-09-09 18:25:28 -------- d-----w- C:\Users\David\AppData\Local\{81AF8F47-5926-47D8-B8E5-756FDB593A2A}
2011-09-09 18:25:17 -------- d-----w- C:\Users\David\AppData\Local\{710E31BC-0587-4005-B652-17C7166383F9}
2011-09-09 06:24:53 -------- d-----w- C:\Users\David\AppData\Local\{1A47C01B-BC3A-46EB-9BF8-BF2EBCF41B00}
2011-09-09 06:24:42 -------- d-----w- C:\Users\David\AppData\Local\{1FA76C31-69E5-40C5-8078-ABB389BF1FCF}
2011-09-08 18:34:09 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-08 18:34:08 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10DFC224-9A80-48C5-A753-CEF2F673705C}\gapaengine.dll
2011-09-08 18:24:15 -------- d-----w- C:\Users\David\AppData\Local\{92FE38A4-7543-46C6-8ED4-221DA7EBD261}
2011-09-08 18:24:03 -------- d-----w- C:\Users\David\AppData\Local\{72F8ACBC-7CE0-4471-B205-36171D86B36C}
2011-09-07 23:18:44 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-09-07 23:18:41 -------- d-----w- C:\Users\David\AppData\Local\PunkBuster
2011-09-07 23:18:13 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-09-07 23:18:13 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-09-07 23:18:12 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-07 23:18:12 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2011-09-07 23:15:59 508264 ----a-w- C:\Windows\System32\d3dx10_35.dll
2011-09-07 14:56:48 -------- d-----w- C:\Users\David\AppData\Local\{0FB352DA-2D88-4E9A-871E-CD25AB9A8D68}
2011-09-07 14:56:35 -------- d-----w- C:\Users\David\AppData\Local\{C178127B-925E-402E-86FF-E32323D6273F}
2011-09-07 07:28:12 -------- d-----w- C:\Program Files\Ventrilo
2011-09-07 07:27:49 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-09-07 00:44:10 114176 ----a-w- C:\Windows\SysWow64\PCWizard.cpl
2011-09-07 00:44:10 -------- d-----w- C:\Windows\Java
2011-09-07 00:44:07 -------- d-----w- C:\Program Files (x86)\CPUID
2011-09-06 23:20:19 203264 ----a-w- C:\Windows\System32\unrar.dll
2011-09-06 23:20:18 86016 ----a-w- C:\Windows\System32\ff_vfw.dll
2011-09-06 23:20:17 -------- d-----w- C:\Program Files\K-Lite Codec Pack x64
2011-09-06 23:14:32 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
2011-09-06 23:14:32 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2011-09-06 23:14:31 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-09-06 23:14:31 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-09-06 23:14:31 630784 ----a-w- C:\Windows\SysWow64\vp7vfw.dll
2011-09-06 23:14:31 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-09-06 23:14:31 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll
2011-09-06 23:06:46 -------- d-----w- C:\Users\David\AppData\Local\{7F13EEA4-1576-45D7-936E-B352793BF225}
2011-09-06 23:06:36 -------- d-----w- C:\Users\David\AppData\Local\{4C00F0F0-2489-48BF-9613-D7A890A02A5D}
2011-09-06 23:05:33 -------- d-----w- C:\ProgramData\DFX
2011-09-06 23:05:32 -------- d-----w- C:\Program Files\DFX
2011-09-06 23:05:32 -------- d-----w- C:\Program Files\Common Files\DFX
2011-09-06 23:04:03 -------- d-----w- C:\ATI
2011-09-06 11:06:11 -------- d-----w- C:\Users\David\AppData\Local\{4F5DDE9D-A18F-44C9-983E-1C1FD0F16437}
2011-09-06 11:06:01 -------- d-----w- C:\Users\David\AppData\Local\{3C505592-3BB3-42CD-9E24-4B67B649FBA7}
2011-09-06 11:06:00 -------- d-----w- C:\Users\David\AppData\Local\{96861AE6-5630-4D95-8180-467EE88E076B}
2011-09-06 10:43:11 -------- d-----w- C:\Program Files\PeerBlock
2011-09-06 08:00:39 -------- d-----w- C:\Program Files (x86)\WinASO
2011-09-06 06:32:07 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-06 06:24:23 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-09-06 05:45:16 -------- d-----w- C:\ProgramData\ServeZip
2011-09-06 05:45:16 -------- d-----w- C:\Program Files (x86)\ServeZip
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-09-06 01:41:23 -------- d-----w- C:\Users\David\AppData\Local\Adobe
2011-09-05 17:21:07 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2011-09-05 17:21:07 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2011-09-05 17:21:00 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-09-05 10:34:29 -------- d-----w- C:\Downloads
2011-09-05 10:32:24 -------- d-----w- C:\Users\David\AppData\Local\FileServe Manager
2011-09-05 10:31:51 -------- d-----w- C:\ProgramData\FileServe Limited
2011-09-05 10:31:51 -------- d-----w- C:\Program Files (x86)\FileServe Manager
2011-09-05 10:30:03 -------- d-----w- C:\ProgramData\Web Installer
2011-09-05 01:45:24 -------- d-----w- C:\Users\David\AppData\Roaming\Notepad2
2011-09-05 00:56:33 -------- d-----w- C:\Users\David\AppData\Roaming\DMCache
2011-09-04 17:10:25 8862544 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-04 17:09:41 -------- d-----w- C:\Users\David\AppData\Local\{A3BE5C33-3C6A-4C37-94F7-41D06CF37A52}
2011-09-04 17:09:28 -------- d-----w- C:\Users\David\AppData\Local\{2C5B1D1A-FD0C-4C26-9C24-2527BE9A0F6B}
2011-09-03 20:33:09 -------- d-----w- C:\Users\David\AppData\Local\{8CE458EA-9A42-43E5-B439-5652B5F18225}
2011-09-03 20:32:58 -------- d-----w- C:\Users\David\AppData\Local\{870A7AF8-0DB2-4031-A3F8-9F6DB417FC86}
2011-09-03 20:32:46 -------- d-----w- C:\Users\David\Tracing
2011-09-03 20:27:59 -------- d-----w- C:\Users\David\AppData\Local\Windows Live
2011-09-03 20:27:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-09-03 12:14:03 -------- d-----w- C:\Windows\SysWow64\Wat
2011-09-03 12:14:03 -------- d-----w- C:\Windows\System32\Wat
2011-09-03 09:16:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-09-03 09:16:44 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-09-03 08:08:22 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-09-03 08:08:21 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-09-03 07:48:33 -------- d-----w- C:\Users\David\AppData\Local\Apple Computer
2011-09-02 03:49:37 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2011-09-02 03:49:37 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2011-09-02 03:49:37 -------- d-----w- C:\Program Files (x86)\Application Updater
2011-09-02 03:49:32 -------- d-----w- C:\ProgramData\YouTube Downloader
2011-09-02 03:49:29 -------- d-----w- C:\Program Files (x86)\YouTube Downloader
2011-09-01 16:05:39 967 ----a-w- C:\Windows\ScUnin.pif
2011-09-01 16:05:38 94208 ----a-w- C:\Windows\ScUnin.exe
2011-08-31 22:17:40 -------- d-----w- C:\Program Files (x86)\Disktrix
2011-08-31 22:08:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 21:36:05 8199504 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-08-31 21:36:03 8862544 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA6AD033-116D-4E21-8E81-1104BECBCB5C}\mpengine.dll
2011-08-31 21:27:50 -------- d-----w- C:\Users\David\AppData\Local\AMD
2011-08-31 21:27:36 -------- d-----w- C:\Users\David\AppData\Local\ATI
2011-08-31 21:27:12 0 ----a-w- C:\Windows\ativpsrm.bin
2011-08-31 21:26:07 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-08-31 21:26:05 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-08-31 21:26:05 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-08-31 21:25:58 -------- d-----w- C:\ProgramData\AMD
2011-08-31 21:25:57 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2011-08-31 21:25:41 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-08-31 21:25:35 -------- d-----w- C:\Program Files\ATI Technologies
2011-08-31 21:25:31 -------- d-----w- C:\Program Files\ATI
2011-08-31 21:24:30 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-08-31 21:23:56 -------- d-----w- C:\Windows\System32\appmgmt
2011-08-31 21:20:23 -------- d-----w- C:\Users\David\AppData\Local\Mozilla
2011-08-31 21:15:23 1698408 ----a-w- C:\Windows\RtlExUpd.dll
2011-08-31 21:15:21 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-31 21:12:25 -------- d-----w- C:\Windows\SysWow64\directx
2011-08-31 21:10:29 -------- d-----w- C:\Program Files\Realtek
2011-08-31 21:10:22 -------- d--h--w- C:\Program Files (x86)\Temp
2011-08-31 21:10:20 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-08-31 21:10:20 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-08-31 21:10:20 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-08-31 21:10:20 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-08-31 21:10:19 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-08-31 21:10:19 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-08-31 21:10:18 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-08-31 21:09:13 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-08-31 21:09:13 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-08-31 21:09:13 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-08-31 21:09:09 -------- d-----w- C:\Program Files (x86)\Realtek
2011-08-31 21:00:59 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-31 21:00:59 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-31 21:00:59 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-31 20:29:53 -------- d-----w- C:\Users\David\AppData\Local\Apple
2011-08-26 22:22:30 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2011-08-24 14:49:10 56320 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-08-24 14:48:30 13601280 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-08-24 14:47:52 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-08-15 07:43:31 16530944 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2011-08-14 22:24:48 16531456 ----a-w- C:\Windows\System32\wmploc.DLL
.
==================== Find3M ====================
.
2011-09-10 18:11:55 705536 ----a-w- C:\Windows\SysWow64\imagesp1.dll
2011-09-10 18:11:54 20268032 ----a-w- C:\Windows\SysWow64\imageres.dll
2011-09-10 18:11:15 1792000 ----a-w- C:\Windows\SysWow64\authui.dll
2011-09-10 18:10:25 1493504 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2011-09-10 18:06:35 705536 ----a-w- C:\Windows\System32\imagesp1.dll
2011-09-10 18:06:34 20268032 ----a-w- C:\Windows\System32\imageres.dll
2011-09-10 18:05:44 1866240 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2011-09-10 18:04:59 1927680 ----a-w- C:\Windows\System32\authui.dll
2011-08-30 21:28:46 3069032 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-08-30 17:37:44 2518632 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-08-24 17:30:06 3201128 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-08-23 16:06:12 97896 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-08-20 01:10:26 64600 ----a-w- C:\Windows\System32\MBppld64.dll
2011-08-20 01:10:16 886360 ----a-w- C:\Windows\System32\MBAPO64.dll
2011-08-20 01:10:14 746072 ----a-w- C:\Windows\SysWow64\MBAPO32.dll
2011-08-19 18:54:12 1881704 ----a-w- C:\Windows\System32\RtkApi64.dll
2011-08-14 13:56:22 15331328 ----a-w- C:\Windows\System32\spwizimg.dll
2011-08-11 14:37:21 2560 ----a-w- C:\Windows\System32\bootstr.dll
2011-08-05 11:33:57 7680 ----a-w- C:\Windows\System32\spwizres.dll
2011-07-28 22:23:16 9980416 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-07-28 22:09:06 23921664 ----a-w- C:\Windows\System32\atio6axx.dll
2011-07-28 21:44:06 18388480 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-07-28 21:40:58 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-07-28 21:40:44 726528 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-07-28 21:39:14 852992 ----a-w- C:\Windows\System32\aticfx64.dll
2011-07-28 21:36:26 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-07-28 21:36:12 485376 ----a-w- C:\Windows\System32\atieclxx.exe
2011-07-28 21:35:34 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-07-28 21:34:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-07-28 21:34:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-07-28 21:33:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-07-28 21:33:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-07-28 21:33:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-07-28 21:33:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-07-28 21:33:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-07-28 21:30:26 4198912 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-07-28 21:20:36 4943360 ----a-w- C:\Windows\System32\atidxx64.dll
2011-07-28 21:12:14 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-07-28 21:11:42 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-07-28 21:11:30 3871744 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-07-28 21:11:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-07-28 21:11:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-07-28 21:11:04 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-07-28 21:11:02 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-07-28 21:10:50 9644544 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-07-28 21:09:10 4256768 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-07-28 21:07:24 8247296 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-07-28 21:03:58 4056064 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-07-28 21:02:28 5399040 ----a-w- C:\Windows\System32\atiumd64.dll
2011-07-28 21:01:50 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-07-28 20:54:52 378368 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-07-28 20:54:44 266240 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-07-28 20:54:34 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-07-28 20:54:30 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-07-28 20:54:30 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-07-28 20:54:26 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-07-28 20:54:18 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-07-28 20:54:10 309248 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-07-28 20:53:22 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-07-28 20:53:14 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-07-28 20:53:08 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-07-28 20:53:00 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-07-28 20:52:26 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-07-28 20:51:10 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-07-28 20:51:10 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-07-28 20:51:04 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-07-28 20:51:04 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-07-28 13:54:10 699904 ----a-w- C:\Windows\System32\taskmgr.exe
2011-07-28 12:19:14 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-07-28 12:18:58 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-07-28 12:18:48 16552960 ----a-w- C:\Windows\System32\amdocl64.dll
2011-07-28 04:55:14 2604376 ----a-w- C:\Windows\System32\WavesGUILib.dll
2011-07-28 04:55:08 2132824 ----a-w- C:\Windows\System32\MaxxAudioEQ.dll
2011-07-22 23:35:22 1247848 ----a-w- C:\Windows\System32\RTCOM64.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 14:22:20 3147368 ----a-w- C:\Windows\System32\RtkHDM64.dll
2011-07-12 14:22:20 2432104 ----a-w- C:\Windows\System32\RHDMEx64.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 22:49:16.60 ===============
Thanks in advance
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by David at 22:48:57 on 2011-09-10
Neo Reconia Windows Shine Edition 6.1.7601.1.1252.1.1033.18.4094.2598 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Notepad2\Notepad2.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDFiles.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = www.google.com
uSearch Page = hxxp://www.google.com/
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = www.google.com
mStart Page = www.google.com
mDefault_Search_URL = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/
mLocal Page = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com/
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
mWinlogon: Userinit=userinit.exe
BHO: FileServeManager: {00000001-ab3b-4334-9da2-ec6b2a02afc6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: blackviper.com\www
Trusted Zone: facebook.com\www
Trusted Zone: google.com\www
Trusted Zone: hotmail.com\www
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\www
Trusted Zone: msn.com\www
Trusted Zone: yahoo.com\www
Trusted Zone: youtube.com\www
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E98E8CDF-5B4C-4FBB-9A97-3586B896239A} : DhcpNameServer = 192.168.1.1
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\SysWow64\DreamScene.dll
IFEO: notepad.exe - "C:\Program Files\Notepad2\Notepad2.exe" /z
BHO-X64: FileServeManager: {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll
BHO-X64: FileServeManager - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\SysWow64\DreamScene.dll
IFEO-X64: notepad.exe - "C:\Program Files\Notepad2\Notepad2.exe" /z
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\lvbthuwk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-28 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-23 55424]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-3 1153368]
R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\uxpatch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2151640]
S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-9-6 21480]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-11 02:35:53 -------- d-----w- C:\Users\David\AppData\Roaming\Safer Networking
2011-09-11 02:35:14 -------- d-----w- C:\Program Files (x86)\Safer Networking
2011-09-10 23:25:10 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-09-10 22:52:12 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-09-10 22:04:01 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-09-10 22:02:31 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-09-10 22:02:29 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-09-10 21:10:12 388096 ----a-r- C:\Users\David\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-10 20:31:56 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-10 18:50:03 -------- d-----w- C:\Users\David\AppData\Local\Microangelo On Display
2011-09-10 18:50:03 -------- d-----w- C:\ProgramData\Microangelo On Display
2011-09-10 18:49:58 -------- d-----w- C:\Users\David\AppData\Roaming\Icons and Cursors
2011-09-10 18:46:39 -------- d-----w- C:\Windows\CheckSur
2011-09-10 18:25:18 -------- d-----w- C:\Users\David\AppData\Local\Apps
2011-09-10 15:18:28 -------- d-----w- C:\Users\David\AppData\Local\{5E143E51-2E42-47BD-9960-175BF1CD52C1}
2011-09-10 15:18:17 -------- d-----w- C:\Users\David\AppData\Local\{A67F6420-CBB2-406A-B2BF-F42BAB9CDF23}
2011-09-10 15:15:52 -------- d-----w- C:\Windows\PCHEALTH
2011-09-10 15:11:21 -------- d-----w- C:\Users\David\AppData\Local\{BEC64792-B349-49EA-891A-6B9D97964A7D}
2011-09-10 15:06:28 -------- d-----w- C:\Users\David\AppData\Local\{578661FF-BAD2-48FB-A1A5-44222177D9AF}
2011-09-10 11:37:41 8862544 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F5CE568-0309-4D0F-A75D-D51F572E7052}\mpengine.dll
2011-09-10 11:36:18 -------- d-----w- C:\Users\David\AppData\Local\{835E9A4C-F60A-4016-997C-CFA13316B571}
2011-09-10 11:36:07 -------- d-----w- C:\Users\David\AppData\Local\{080F4431-2DAB-40CF-8ACE-8BA9193D1451}
2011-09-09 18:25:28 -------- d-----w- C:\Users\David\AppData\Local\{81AF8F47-5926-47D8-B8E5-756FDB593A2A}
2011-09-09 18:25:17 -------- d-----w- C:\Users\David\AppData\Local\{710E31BC-0587-4005-B652-17C7166383F9}
2011-09-09 06:24:53 -------- d-----w- C:\Users\David\AppData\Local\{1A47C01B-BC3A-46EB-9BF8-BF2EBCF41B00}
2011-09-09 06:24:42 -------- d-----w- C:\Users\David\AppData\Local\{1FA76C31-69E5-40C5-8078-ABB389BF1FCF}
2011-09-08 18:34:09 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-08 18:34:08 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10DFC224-9A80-48C5-A753-CEF2F673705C}\gapaengine.dll
2011-09-08 18:24:15 -------- d-----w- C:\Users\David\AppData\Local\{92FE38A4-7543-46C6-8ED4-221DA7EBD261}
2011-09-08 18:24:03 -------- d-----w- C:\Users\David\AppData\Local\{72F8ACBC-7CE0-4471-B205-36171D86B36C}
2011-09-07 23:18:44 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-09-07 23:18:41 -------- d-----w- C:\Users\David\AppData\Local\PunkBuster
2011-09-07 23:18:13 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-09-07 23:18:13 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-09-07 23:18:12 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-07 23:18:12 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2011-09-07 23:15:59 508264 ----a-w- C:\Windows\System32\d3dx10_35.dll
2011-09-07 14:56:48 -------- d-----w- C:\Users\David\AppData\Local\{0FB352DA-2D88-4E9A-871E-CD25AB9A8D68}
2011-09-07 14:56:35 -------- d-----w- C:\Users\David\AppData\Local\{C178127B-925E-402E-86FF-E32323D6273F}
2011-09-07 07:28:12 -------- d-----w- C:\Program Files\Ventrilo
2011-09-07 07:27:49 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-09-07 00:44:10 114176 ----a-w- C:\Windows\SysWow64\PCWizard.cpl
2011-09-07 00:44:10 -------- d-----w- C:\Windows\Java
2011-09-07 00:44:07 -------- d-----w- C:\Program Files (x86)\CPUID
2011-09-06 23:20:19 203264 ----a-w- C:\Windows\System32\unrar.dll
2011-09-06 23:20:18 86016 ----a-w- C:\Windows\System32\ff_vfw.dll
2011-09-06 23:20:17 -------- d-----w- C:\Program Files\K-Lite Codec Pack x64
2011-09-06 23:14:32 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
2011-09-06 23:14:32 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2011-09-06 23:14:31 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-09-06 23:14:31 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-09-06 23:14:31 630784 ----a-w- C:\Windows\SysWow64\vp7vfw.dll
2011-09-06 23:14:31 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-09-06 23:14:31 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll
2011-09-06 23:06:46 -------- d-----w- C:\Users\David\AppData\Local\{7F13EEA4-1576-45D7-936E-B352793BF225}
2011-09-06 23:06:36 -------- d-----w- C:\Users\David\AppData\Local\{4C00F0F0-2489-48BF-9613-D7A890A02A5D}
2011-09-06 23:05:33 -------- d-----w- C:\ProgramData\DFX
2011-09-06 23:05:32 -------- d-----w- C:\Program Files\DFX
2011-09-06 23:05:32 -------- d-----w- C:\Program Files\Common Files\DFX
2011-09-06 23:04:03 -------- d-----w- C:\ATI
2011-09-06 11:06:11 -------- d-----w- C:\Users\David\AppData\Local\{4F5DDE9D-A18F-44C9-983E-1C1FD0F16437}
2011-09-06 11:06:01 -------- d-----w- C:\Users\David\AppData\Local\{3C505592-3BB3-42CD-9E24-4B67B649FBA7}
2011-09-06 11:06:00 -------- d-----w- C:\Users\David\AppData\Local\{96861AE6-5630-4D95-8180-467EE88E076B}
2011-09-06 10:43:11 -------- d-----w- C:\Program Files\PeerBlock
2011-09-06 08:00:39 -------- d-----w- C:\Program Files (x86)\WinASO
2011-09-06 06:32:07 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-06 06:24:23 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-09-06 05:45:16 -------- d-----w- C:\ProgramData\ServeZip
2011-09-06 05:45:16 -------- d-----w- C:\Program Files (x86)\ServeZip
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-06 02:48:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-09-06 01:41:23 -------- d-----w- C:\Users\David\AppData\Local\Adobe
2011-09-05 17:21:07 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2011-09-05 17:21:07 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2011-09-05 17:21:00 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-09-05 10:34:29 -------- d-----w- C:\Downloads
2011-09-05 10:32:24 -------- d-----w- C:\Users\David\AppData\Local\FileServe Manager
2011-09-05 10:31:51 -------- d-----w- C:\ProgramData\FileServe Limited
2011-09-05 10:31:51 -------- d-----w- C:\Program Files (x86)\FileServe Manager
2011-09-05 10:30:03 -------- d-----w- C:\ProgramData\Web Installer
2011-09-05 01:45:24 -------- d-----w- C:\Users\David\AppData\Roaming\Notepad2
2011-09-05 00:56:33 -------- d-----w- C:\Users\David\AppData\Roaming\DMCache
2011-09-04 17:10:25 8862544 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-04 17:09:41 -------- d-----w- C:\Users\David\AppData\Local\{A3BE5C33-3C6A-4C37-94F7-41D06CF37A52}
2011-09-04 17:09:28 -------- d-----w- C:\Users\David\AppData\Local\{2C5B1D1A-FD0C-4C26-9C24-2527BE9A0F6B}
2011-09-03 20:33:09 -------- d-----w- C:\Users\David\AppData\Local\{8CE458EA-9A42-43E5-B439-5652B5F18225}
2011-09-03 20:32:58 -------- d-----w- C:\Users\David\AppData\Local\{870A7AF8-0DB2-4031-A3F8-9F6DB417FC86}
2011-09-03 20:32:46 -------- d-----w- C:\Users\David\Tracing
2011-09-03 20:27:59 -------- d-----w- C:\Users\David\AppData\Local\Windows Live
2011-09-03 20:27:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-09-03 12:14:03 -------- d-----w- C:\Windows\SysWow64\Wat
2011-09-03 12:14:03 -------- d-----w- C:\Windows\System32\Wat
2011-09-03 09:16:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-09-03 09:16:44 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-09-03 08:08:22 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-09-03 08:08:21 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-09-03 07:48:33 -------- d-----w- C:\Users\David\AppData\Local\Apple Computer
2011-09-02 03:49:37 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2011-09-02 03:49:37 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2011-09-02 03:49:37 -------- d-----w- C:\Program Files (x86)\Application Updater
2011-09-02 03:49:32 -------- d-----w- C:\ProgramData\YouTube Downloader
2011-09-02 03:49:29 -------- d-----w- C:\Program Files (x86)\YouTube Downloader
2011-09-01 16:05:39 967 ----a-w- C:\Windows\ScUnin.pif
2011-09-01 16:05:38 94208 ----a-w- C:\Windows\ScUnin.exe
2011-08-31 22:17:40 -------- d-----w- C:\Program Files (x86)\Disktrix
2011-08-31 22:08:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 21:36:05 8199504 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-08-31 21:36:03 8862544 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA6AD033-116D-4E21-8E81-1104BECBCB5C}\mpengine.dll
2011-08-31 21:27:50 -------- d-----w- C:\Users\David\AppData\Local\AMD
2011-08-31 21:27:36 -------- d-----w- C:\Users\David\AppData\Local\ATI
2011-08-31 21:27:12 0 ----a-w- C:\Windows\ativpsrm.bin
2011-08-31 21:26:07 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-08-31 21:26:05 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-08-31 21:26:05 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-08-31 21:25:58 -------- d-----w- C:\ProgramData\AMD
2011-08-31 21:25:57 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2011-08-31 21:25:41 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-08-31 21:25:35 -------- d-----w- C:\Program Files\ATI Technologies
2011-08-31 21:25:31 -------- d-----w- C:\Program Files\ATI
2011-08-31 21:24:30 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-08-31 21:23:56 -------- d-----w- C:\Windows\System32\appmgmt
2011-08-31 21:20:23 -------- d-----w- C:\Users\David\AppData\Local\Mozilla
2011-08-31 21:15:23 1698408 ----a-w- C:\Windows\RtlExUpd.dll
2011-08-31 21:15:21 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-31 21:12:25 -------- d-----w- C:\Windows\SysWow64\directx
2011-08-31 21:10:29 -------- d-----w- C:\Program Files\Realtek
2011-08-31 21:10:22 -------- d--h--w- C:\Program Files (x86)\Temp
2011-08-31 21:10:20 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-08-31 21:10:20 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-08-31 21:10:20 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-08-31 21:10:20 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-08-31 21:10:19 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-08-31 21:10:19 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-08-31 21:10:18 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-08-31 21:09:13 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-08-31 21:09:13 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-08-31 21:09:13 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-08-31 21:09:09 -------- d-----w- C:\Program Files (x86)\Realtek
2011-08-31 21:00:59 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-31 21:00:59 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-31 21:00:59 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-31 20:29:53 -------- d-----w- C:\Users\David\AppData\Local\Apple
2011-08-26 22:22:30 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2011-08-24 14:49:10 56320 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-08-24 14:48:30 13601280 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-08-24 14:47:52 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-08-15 07:43:31 16530944 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2011-08-14 22:24:48 16531456 ----a-w- C:\Windows\System32\wmploc.DLL
.
==================== Find3M ====================
.
2011-09-10 18:11:55 705536 ----a-w- C:\Windows\SysWow64\imagesp1.dll
2011-09-10 18:11:54 20268032 ----a-w- C:\Windows\SysWow64\imageres.dll
2011-09-10 18:11:15 1792000 ----a-w- C:\Windows\SysWow64\authui.dll
2011-09-10 18:10:25 1493504 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2011-09-10 18:06:35 705536 ----a-w- C:\Windows\System32\imagesp1.dll
2011-09-10 18:06:34 20268032 ----a-w- C:\Windows\System32\imageres.dll
2011-09-10 18:05:44 1866240 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2011-09-10 18:04:59 1927680 ----a-w- C:\Windows\System32\authui.dll
2011-08-30 21:28:46 3069032 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-08-30 17:37:44 2518632 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-08-24 17:30:06 3201128 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-08-23 16:06:12 97896 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-08-20 01:10:26 64600 ----a-w- C:\Windows\System32\MBppld64.dll
2011-08-20 01:10:16 886360 ----a-w- C:\Windows\System32\MBAPO64.dll
2011-08-20 01:10:14 746072 ----a-w- C:\Windows\SysWow64\MBAPO32.dll
2011-08-19 18:54:12 1881704 ----a-w- C:\Windows\System32\RtkApi64.dll
2011-08-14 13:56:22 15331328 ----a-w- C:\Windows\System32\spwizimg.dll
2011-08-11 14:37:21 2560 ----a-w- C:\Windows\System32\bootstr.dll
2011-08-05 11:33:57 7680 ----a-w- C:\Windows\System32\spwizres.dll
2011-07-28 22:23:16 9980416 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-07-28 22:09:06 23921664 ----a-w- C:\Windows\System32\atio6axx.dll
2011-07-28 21:44:06 18388480 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-07-28 21:40:58 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-07-28 21:40:44 726528 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-07-28 21:39:14 852992 ----a-w- C:\Windows\System32\aticfx64.dll
2011-07-28 21:36:26 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-07-28 21:36:12 485376 ----a-w- C:\Windows\System32\atieclxx.exe
2011-07-28 21:35:34 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-07-28 21:34:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-07-28 21:34:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-07-28 21:33:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-07-28 21:33:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-07-28 21:33:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-07-28 21:33:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-07-28 21:33:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-07-28 21:30:26 4198912 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-07-28 21:20:36 4943360 ----a-w- C:\Windows\System32\atidxx64.dll
2011-07-28 21:12:14 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-07-28 21:11:42 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-07-28 21:11:30 3871744 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-07-28 21:11:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-07-28 21:11:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-07-28 21:11:04 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-07-28 21:11:02 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-07-28 21:10:50 9644544 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-07-28 21:09:10 4256768 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-07-28 21:07:24 8247296 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-07-28 21:03:58 4056064 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-07-28 21:02:28 5399040 ----a-w- C:\Windows\System32\atiumd64.dll
2011-07-28 21:01:50 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-07-28 20:54:52 378368 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-07-28 20:54:44 266240 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-07-28 20:54:34 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-07-28 20:54:30 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-07-28 20:54:30 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-07-28 20:54:26 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-07-28 20:54:18 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-07-28 20:54:10 309248 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-07-28 20:53:22 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-07-28 20:53:14 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-07-28 20:53:08 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-07-28 20:53:00 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-07-28 20:52:26 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-07-28 20:51:10 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-07-28 20:51:10 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-07-28 20:51:04 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-07-28 20:51:04 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-07-28 13:54:10 699904 ----a-w- C:\Windows\System32\taskmgr.exe
2011-07-28 12:19:14 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-07-28 12:18:58 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-07-28 12:18:48 16552960 ----a-w- C:\Windows\System32\amdocl64.dll
2011-07-28 04:55:14 2604376 ----a-w- C:\Windows\System32\WavesGUILib.dll
2011-07-28 04:55:08 2132824 ----a-w- C:\Windows\System32\MaxxAudioEQ.dll
2011-07-22 23:35:22 1247848 ----a-w- C:\Windows\System32\RTCOM64.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 14:22:20 3147368 ----a-w- C:\Windows\System32\RtkHDM64.dll
2011-07-12 14:22:20 2432104 ----a-w- C:\Windows\System32\RHDMEx64.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 22:49:16.60 ===============