Dewey5718
2011-12-14, 22:54
I have had this trojan bug on my PC since Aug. of last year . I have done clean install after another , the BUG keeps coming back . I have a Dell Insiron 518/519 .Came with Windows Vista Ultimate SP1 ,upgraded to SP2 .Through working with MSN tech support , They sent me Win-Vista Ultimate 32 bit , and another disk with same OS but 64 bit . At no cost .SOOOO goood .Every thing I would do to try and stay ahead of the bug , it would take someting away from me . It denied me access to program after program unt il I did my first clean install. Shorten the stoty a little .After each forrmat and install the bug came back . It went to school and learned from each format .on the third format it denied me the ability to format
I dud the pull the battery and kept turned off for a day and started all over again . The bug has taken over my DSL WIFI router account ,asigned it to my Name-PC with different passwords . Two lap tops are wireless and they are ok.My Android phone was infected by the bug vie USB connection . This before I knew re; the bug.I have tried Comodo system ,All scans showed clean as well as four others that showwed clean . Spybot S@D has been the only one to pick up on maleware on my PC .
I may have not entered enough info , if so please feel free to email me with you questions and i will answer them
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dewey at 12:15:00 on 2011-12-14
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4093.2199 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Spybot - Search & Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\desktop\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\desktop\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\desktop\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Dewey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\desktop(x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Dewey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.65
TCP: Interfaces\{4A313AA1-6FD6-4D10-B325-4B8829654E73} : DhcpNameServer = 192.168.0.1 205.171.3.65
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\desktop\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-11 366152]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-11 1153368]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-12-13 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-12-13 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-12-13 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-12-13 169624]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-11 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-11 136176]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-11 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-14 18:10:02 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C767B598-D646-48CD-A7AD-309F87235EFE}\offreg.dll
2011-12-14 18:09:58 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C767B598-D646-48CD-A7AD-309F87235EFE}\mpengine.dll
2011-12-14 13:04:56 -------- d-----w- C:\ProgramData\UAB
2011-12-14 13:04:50 -------- d-----w- C:\Users\Dewey\AppData\Local\PC_Drivers_Headquarters
2011-12-14 13:04:30 -------- d-----w- C:\ProgramData\PC Drivers HeadQuarters
2011-12-14 02:52:50 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2011-12-14 02:52:47 -------- dc----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-12-14 01:53:55 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-14 01:53:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 01:53:53 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-14 01:53:45 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 01:53:45 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 01:53:44 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 01:53:40 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-12-14 01:53:40 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-12-13 05:59:06 -------- d-----w- C:\Users\Dewey\AppData\Roaming\Safer Networking
2011-12-13 05:58:16 -------- dc----w- C:\desktop(x86)
2011-12-12 19:56:15 -------- d-----w- C:\Users\Dewey\AppData\Local\Deployment
2011-12-12 19:56:15 -------- d-----w- C:\Users\Dewey\AppData\Local\Apps
2011-12-12 14:04:51 -------- dc----w- C:\Program Files (x86)\Advanced Port Scanner
2011-12-12 13:40:10 125952 ----a-w- C:\Windows\RTKAUDIOSERVICE.EXE
2011-12-12 13:39:27 525792 ----a-w- C:\Windows\DIFxAPI.dll
2011-12-12 13:39:25 1245696 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-12-12 13:39:15 315392 ----a-w- C:\Windows\HideWin.exe
2011-12-12 05:40:40 -------- d-----w- C:\Users\Dewey\AppData\Roaming\OpenOffice.org
2011-12-12 05:19:28 -------- dc----w- C:\Program Files (x86)\OpenOffice.org 3
2011-12-12 04:28:31 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-12-12 04:27:28 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-12 02:11:47 -------- d-----w- C:\Users\Dewey\AppData\Local\Adobe
2011-12-12 02:11:10 -------- d-----w- C:\Users\Dewey\AppData\Local\Google
2011-12-12 01:19:14 275360 ----a-w- C:\Windows\System32\DreamScene.dll
2011-12-11 21:57:19 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-12-11 21:57:19 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-12-11 20:22:37 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-11 20:02:52 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-12-11 13:46:27 -------- d-----w- C:\Program Files (x86)\MagicISO
2011-12-11 13:18:18 -------- d-----w- C:\Users\Dewey\AppData\Roaming\Malwarebytes
2011-12-11 13:18:08 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-11 13:18:05 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-11 10:04:32 -------- d-----w- C:\Users\Dewey\AppData\Local\Apple Computer
2011-12-11 10:03:45 -------- dc----w- C:\Program Files\Bonjour
2011-12-11 10:03:45 -------- dc----w- C:\Program Files (x86)\Bonjour
2011-12-11 10:03:17 -------- d-----w- C:\Users\Dewey\AppData\Local\Apple
2011-12-11 05:15:26 -------- d-----w- C:\Windows\pss
2011-12-11 02:44:31 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-12-11 02:44:25 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2011-12-11 02:44:13 2048 ----a-w- C:\Program Files (x86)\Microsoft Games\Tinker\SparkResource.dll
2011-12-11 02:44:12 333312 ----a-w- C:\Program Files (x86)\Microsoft Games\Tinker\SparkGDF.dll
2011-12-11 02:44:11 1307136 ----a-w- C:\Program Files (x86)\Microsoft Games\Tinker\Tinker.exe
2011-12-11 02:43:54 877912 ----a-w- C:\Windows\System32\gpprefcl.dll
2011-12-11 02:43:54 675152 ----a-w- C:\Windows\SysWow64\gpprefcl.dll
2011-12-11 02:43:40 -------- dc----w- C:\Program Files\BitLocker
2011-12-11 02:43:12 1343880 ----a-w- C:\Windows\System32\SecureKeyBackupCPL.dll
2011-12-11 02:42:18 1585488 -c--a-w- C:\Program Files\Microsoft Games\HoldEm\HoldEm.exe
2011-12-11 00:49:18 -------- d-----w- C:\Users\Dewey\AppData\Roaming\GenuineRegistryDoctor
2011-12-11 00:49:18 -------- d-----w- C:\ProgramData\GenuineRegistryDoctor
2011-12-11 00:13:22 -------- d-----w- C:\Users\Dewey\AppData\Local\HP
2011-12-11 00:09:37 -------- d-----w- C:\ProgramData\WEBREG
2011-12-11 00:09:00 -------- d-----w- C:\Program Files (x86)\Yahoo!
2011-12-11 00:05:29 254464 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp083.dll
2011-12-11 00:04:33 362328 ----a-w- C:\Windows\System32\hpzids40.dll
2011-12-11 00:04:31 134144 ----a-w- C:\Windows\System32\hpf3l083.dll
2011-12-11 00:04:27 966656 ----a-w- C:\Windows\System32\hposwia_d02a.dll
2011-12-11 00:04:27 761856 ----a-w- C:\Windows\System32\hpost_d02a.dll
2011-12-11 00:04:27 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
2011-12-11 00:04:27 512512 ----a-w- C:\Windows\System32\hposc_d02a.dll
2011-12-11 00:03:58 -------- dc----w- C:\Program Files (x86)\Common Files\HP
2011-12-11 00:03:56 -------- dc----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2011-12-11 00:03:36 -------- dc----w- C:\Program Files (x86)\HP
2011-12-10 23:33:19 98304 ----a-w- C:\Windows\SysWow64\redmonnt.dll
2011-12-10 21:57:36 -------- d-----w- C:\Windows\System32\appmgmt
2011-12-10 21:27:45 -------- d-----w- C:\Program Files (x86)\RegWork
2011-12-10 18:45:43 442368 ----a-w- C:\Windows\System32\winhttp.dll
2011-12-10 18:45:43 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll
2011-12-10 18:45:39 28160 ----a-w- C:\Windows\System32\drivers\en-US\http.sys.mui
2011-12-10 18:45:30 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-12-10 18:45:30 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2011-12-10 18:45:30 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2011-12-10 18:45:30 17920 ----a-w- C:\Windows\System32\netevent.dll
2011-12-10 18:45:30 12288 ----a-w- C:\Windows\System32\sscore.dll
2011-12-10 18:41:31 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-12-10 18:41:31 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-12-10 18:28:52 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{95453A7E-EBAA-4A95-AD79-859C0447514D}\gapaengine.dll
2011-12-10 18:15:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-12-10 18:15:21 -------- dc----w- C:\Program Files\Microsoft Security Client
2011-12-10 18:15:09 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-12-10 18:07:07 -------- d-----w- C:\Users\Dewey\AppData\Local\ElevatedDiagnostics
2011-12-10 15:55:27 -------- dc----w- C:\desktop
2011-12-10 15:39:33 -------- dc----w- C:\Program Files (x86)\Free Offers from Freeze.com
2011-12-10 15:39:30 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2011-12-10 15:39:28 -------- d-----w- C:\ProgramData\W3i
2011-12-10 15:39:28 -------- d-----w- C:\Program Files (x86)\W3i
2011-12-10 13:54:33 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-12-10 13:54:33 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-12-10 13:54:33 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-12-10 13:54:32 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-12-10 13:26:12 -------- d-----w- C:\Users\Dewey\AppData\Local\Microsoft Games
2011-12-10 13:00:39 372736 ----a-w- C:\Windows\System32\unregmp2.exe
2011-12-10 12:58:55 3765288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-10 12:58:51 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6098507B-CF97-4E86-8518-7F9849F5736C}\mpengine.dll
2011-12-10 12:58:50 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-10 12:58:33 1927680 ----a-w- C:\Windows\System32\gameux.dll
2011-12-10 12:58:33 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2011-12-10 12:48:15 -------- d-----w- C:\Windows\SysWow64\spool
2011-12-10 12:48:15 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2011-12-10 12:48:14 -------- dc----w- C:\Program Files\Windows Portable Devices
2011-12-10 12:44:09 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2011-12-10 12:44:09 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-12-10 12:44:09 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-12-10 12:44:09 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-12-10 12:44:09 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-12-10 12:44:09 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2011-12-10 12:42:11 37888 ----a-w- C:\Windows\System32\BthMtpContextHandler.dll
2011-12-10 12:21:49 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-12-10 12:21:49 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-12-10 12:21:49 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-12-10 12:21:49 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-12-10 12:21:49 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-12-10 12:21:49 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-12-10 12:21:49 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-12-10 12:21:49 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-12-10 12:21:49 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-12-10 12:21:49 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-12-10 12:19:31 32768 ----a-w- C:\Windows\System32\nshhttp.dll
2011-12-10 12:19:31 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll
2011-12-10 12:19:30 620032 ----a-w- C:\Windows\System32\drivers\http.sys
2011-12-10 12:19:30 33792 ----a-w- C:\Windows\System32\httpapi.dll
2011-12-10 12:19:30 30720 ----a-w- C:\Windows\SysWow64\httpapi.dll
2011-12-10 12:08:58 975360 ----a-w- C:\Windows\System32\inetcomm.dll
2011-12-10 12:07:54 991104 ----a-w- C:\Windows\System32\winresume.efi
2011-12-10 12:06:34 441856 ----a-w- C:\Windows\System32\WSDApi.dll
2011-12-10 12:06:34 355328 ----a-w- C:\Windows\SysWow64\WSDApi.dll
2011-12-10 12:06:33 731136 ----a-w- C:\Windows\System32\mstsc.exe
2011-12-10 12:06:33 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-12-10 12:06:33 2425344 ----a-w- C:\Windows\System32\mstscax.dll
2011-12-10 12:06:33 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-12-10 12:06:32 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-12-10 12:06:32 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-12-10 12:06:31 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-12-10 12:06:31 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-12-10 12:06:31 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2011-12-10 12:02:59 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-12-10 12:02:59 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-12-10 12:02:59 1162240 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-12-10 12:02:59 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-12-10 12:01:02 677376 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2011-12-10 12:01:02 1305600 ----a-w- C:\Windows\System32\rpcrt4.dll
2011-12-10 11:59:29 73216 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-12-10 11:59:29 69632 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-12-10 11:59:29 57856 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-12-10 11:59:29 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2011-12-10 11:59:29 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-12-10 11:59:29 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2011-12-10 11:59:29 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-12-10 11:59:29 100352 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-12-10 11:59:10 28672 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-12-10 11:59:10 25088 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-12-10 11:59:10 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-12-10 11:58:44 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2011-12-10 11:58:44 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2011-12-10 11:26:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-10 11:15:12 150016 ----a-w- C:\Windows\System32\drivers\Rtlh64.sys
2011-12-10 11:15:11 -------- d-----w- C:\Program Files (x86)\Realtek
2011-12-10 11:14:51 -------- dc----w- C:\dell
2011-12-10 11:13:59 45056 ----a-r- C:\Users\Dewey\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2011-12-10 11:13:54 -------- dc----w- C:\Program Files (x86)\Dell
2011-12-10 11:13:54 -------- d-----w- C:\Windows\SysWow64\vmm32
2011-12-10 11:13:41 -------- d-sh--w- C:\Windows\Installer
2011-12-10 11:10:53 0 ----a-w- C:\Windows\ativpsrm.bin
2011-12-10 11:07:17 98304 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-12-10 11:07:17 104960 ----a-w- C:\Windows\System32\cabview.dll
2011-12-10 11:07:16 218624 ----a-w- C:\Windows\System32\wintrust.dll
2011-12-10 11:07:16 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-12-07 00:26:40 4448256 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
==================== Find3M ====================
.
2011-12-10 13:25:59 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-20 21:06:18 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-20 14:04:40 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
.
============= FINISH: 12:15:46.19 ===============
I dud the pull the battery and kept turned off for a day and started all over again . The bug has taken over my DSL WIFI router account ,asigned it to my Name-PC with different passwords . Two lap tops are wireless and they are ok.My Android phone was infected by the bug vie USB connection . This before I knew re; the bug.I have tried Comodo system ,All scans showed clean as well as four others that showwed clean . Spybot S@D has been the only one to pick up on maleware on my PC .
I may have not entered enough info , if so please feel free to email me with you questions and i will answer them
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dewey at 12:15:00 on 2011-12-14
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4093.2199 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Spybot - Search & Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\desktop\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\desktop\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\desktop\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Dewey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\desktop(x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Dewey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.65
TCP: Interfaces\{4A313AA1-6FD6-4D10-B325-4B8829654E73} : DhcpNameServer = 192.168.0.1 205.171.3.65
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\desktop\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-11 366152]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-11 1153368]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-12-13 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-12-13 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-12-13 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-12-13 169624]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-11 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-11 136176]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-11 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-14 18:10:02 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C767B598-D646-48CD-A7AD-309F87235EFE}\offreg.dll
2011-12-14 18:09:58 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C767B598-D646-48CD-A7AD-309F87235EFE}\mpengine.dll
2011-12-14 13:04:56 -------- d-----w- C:\ProgramData\UAB
2011-12-14 13:04:50 -------- d-----w- C:\Users\Dewey\AppData\Local\PC_Drivers_Headquarters
2011-12-14 13:04:30 -------- d-----w- C:\ProgramData\PC Drivers HeadQuarters
2011-12-14 02:52:50 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2011-12-14 02:52:47 -------- dc----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-12-14 01:53:55 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-14 01:53:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 01:53:53 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-14 01:53:45 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 01:53:45 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 01:53:44 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 01:53:40 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-12-14 01:53:40 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-12-13 05:59:06 -------- d-----w- C:\Users\Dewey\AppData\Roaming\Safer Networking
2011-12-13 05:58:16 -------- dc----w- C:\desktop(x86)
2011-12-12 19:56:15 -------- d-----w- C:\Users\Dewey\AppData\Local\Deployment
2011-12-12 19:56:15 -------- d-----w- C:\Users\Dewey\AppData\Local\Apps
2011-12-12 14:04:51 -------- dc----w- C:\Program Files (x86)\Advanced Port Scanner
2011-12-12 13:40:10 125952 ----a-w- C:\Windows\RTKAUDIOSERVICE.EXE
2011-12-12 13:39:27 525792 ----a-w- C:\Windows\DIFxAPI.dll
2011-12-12 13:39:25 1245696 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-12-12 13:39:15 315392 ----a-w- C:\Windows\HideWin.exe
2011-12-12 05:40:40 -------- d-----w- C:\Users\Dewey\AppData\Roaming\OpenOffice.org
2011-12-12 05:19:28 -------- dc----w- C:\Program Files (x86)\OpenOffice.org 3
2011-12-12 04:28:31 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-12-12 04:27:28 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-12 02:11:47 -------- d-----w- C:\Users\Dewey\AppData\Local\Adobe
2011-12-12 02:11:10 -------- d-----w- C:\Users\Dewey\AppData\Local\Google
2011-12-12 01:19:14 275360 ----a-w- C:\Windows\System32\DreamScene.dll
2011-12-11 21:57:19 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-12-11 21:57:19 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-12-11 20:22:37 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-11 20:02:52 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-12-11 13:46:27 -------- d-----w- C:\Program Files (x86)\MagicISO
2011-12-11 13:18:18 -------- d-----w- C:\Users\Dewey\AppData\Roaming\Malwarebytes
2011-12-11 13:18:08 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-11 13:18:05 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-11 10:04:32 -------- d-----w- C:\Users\Dewey\AppData\Local\Apple Computer
2011-12-11 10:03:45 -------- dc----w- C:\Program Files\Bonjour
2011-12-11 10:03:45 -------- dc----w- C:\Program Files (x86)\Bonjour
2011-12-11 10:03:17 -------- d-----w- C:\Users\Dewey\AppData\Local\Apple
2011-12-11 05:15:26 -------- d-----w- C:\Windows\pss
2011-12-11 02:44:31 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-12-11 02:44:25 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2011-12-11 02:44:13 2048 ----a-w- C:\Program Files (x86)\Microsoft Games\Tinker\SparkResource.dll
2011-12-11 02:44:12 333312 ----a-w- C:\Program Files (x86)\Microsoft Games\Tinker\SparkGDF.dll
2011-12-11 02:44:11 1307136 ----a-w- C:\Program Files (x86)\Microsoft Games\Tinker\Tinker.exe
2011-12-11 02:43:54 877912 ----a-w- C:\Windows\System32\gpprefcl.dll
2011-12-11 02:43:54 675152 ----a-w- C:\Windows\SysWow64\gpprefcl.dll
2011-12-11 02:43:40 -------- dc----w- C:\Program Files\BitLocker
2011-12-11 02:43:12 1343880 ----a-w- C:\Windows\System32\SecureKeyBackupCPL.dll
2011-12-11 02:42:18 1585488 -c--a-w- C:\Program Files\Microsoft Games\HoldEm\HoldEm.exe
2011-12-11 00:49:18 -------- d-----w- C:\Users\Dewey\AppData\Roaming\GenuineRegistryDoctor
2011-12-11 00:49:18 -------- d-----w- C:\ProgramData\GenuineRegistryDoctor
2011-12-11 00:13:22 -------- d-----w- C:\Users\Dewey\AppData\Local\HP
2011-12-11 00:09:37 -------- d-----w- C:\ProgramData\WEBREG
2011-12-11 00:09:00 -------- d-----w- C:\Program Files (x86)\Yahoo!
2011-12-11 00:05:29 254464 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp083.dll
2011-12-11 00:04:33 362328 ----a-w- C:\Windows\System32\hpzids40.dll
2011-12-11 00:04:31 134144 ----a-w- C:\Windows\System32\hpf3l083.dll
2011-12-11 00:04:27 966656 ----a-w- C:\Windows\System32\hposwia_d02a.dll
2011-12-11 00:04:27 761856 ----a-w- C:\Windows\System32\hpost_d02a.dll
2011-12-11 00:04:27 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
2011-12-11 00:04:27 512512 ----a-w- C:\Windows\System32\hposc_d02a.dll
2011-12-11 00:03:58 -------- dc----w- C:\Program Files (x86)\Common Files\HP
2011-12-11 00:03:56 -------- dc----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2011-12-11 00:03:36 -------- dc----w- C:\Program Files (x86)\HP
2011-12-10 23:33:19 98304 ----a-w- C:\Windows\SysWow64\redmonnt.dll
2011-12-10 21:57:36 -------- d-----w- C:\Windows\System32\appmgmt
2011-12-10 21:27:45 -------- d-----w- C:\Program Files (x86)\RegWork
2011-12-10 18:45:43 442368 ----a-w- C:\Windows\System32\winhttp.dll
2011-12-10 18:45:43 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll
2011-12-10 18:45:39 28160 ----a-w- C:\Windows\System32\drivers\en-US\http.sys.mui
2011-12-10 18:45:30 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-12-10 18:45:30 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2011-12-10 18:45:30 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2011-12-10 18:45:30 17920 ----a-w- C:\Windows\System32\netevent.dll
2011-12-10 18:45:30 12288 ----a-w- C:\Windows\System32\sscore.dll
2011-12-10 18:41:31 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-12-10 18:41:31 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-12-10 18:28:52 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{95453A7E-EBAA-4A95-AD79-859C0447514D}\gapaengine.dll
2011-12-10 18:15:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-12-10 18:15:21 -------- dc----w- C:\Program Files\Microsoft Security Client
2011-12-10 18:15:09 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-12-10 18:07:07 -------- d-----w- C:\Users\Dewey\AppData\Local\ElevatedDiagnostics
2011-12-10 15:55:27 -------- dc----w- C:\desktop
2011-12-10 15:39:33 -------- dc----w- C:\Program Files (x86)\Free Offers from Freeze.com
2011-12-10 15:39:30 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2011-12-10 15:39:28 -------- d-----w- C:\ProgramData\W3i
2011-12-10 15:39:28 -------- d-----w- C:\Program Files (x86)\W3i
2011-12-10 13:54:33 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-12-10 13:54:33 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-12-10 13:54:33 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-12-10 13:54:32 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-12-10 13:26:12 -------- d-----w- C:\Users\Dewey\AppData\Local\Microsoft Games
2011-12-10 13:00:39 372736 ----a-w- C:\Windows\System32\unregmp2.exe
2011-12-10 12:58:55 3765288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-10 12:58:51 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6098507B-CF97-4E86-8518-7F9849F5736C}\mpengine.dll
2011-12-10 12:58:50 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-10 12:58:33 1927680 ----a-w- C:\Windows\System32\gameux.dll
2011-12-10 12:58:33 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2011-12-10 12:48:15 -------- d-----w- C:\Windows\SysWow64\spool
2011-12-10 12:48:15 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2011-12-10 12:48:14 -------- dc----w- C:\Program Files\Windows Portable Devices
2011-12-10 12:44:09 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2011-12-10 12:44:09 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-12-10 12:44:09 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-12-10 12:44:09 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-12-10 12:44:09 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-12-10 12:44:09 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2011-12-10 12:42:11 37888 ----a-w- C:\Windows\System32\BthMtpContextHandler.dll
2011-12-10 12:21:49 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-12-10 12:21:49 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-12-10 12:21:49 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-12-10 12:21:49 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-12-10 12:21:49 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-12-10 12:21:49 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-12-10 12:21:49 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-12-10 12:21:49 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-12-10 12:21:49 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-12-10 12:21:49 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-12-10 12:19:31 32768 ----a-w- C:\Windows\System32\nshhttp.dll
2011-12-10 12:19:31 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll
2011-12-10 12:19:30 620032 ----a-w- C:\Windows\System32\drivers\http.sys
2011-12-10 12:19:30 33792 ----a-w- C:\Windows\System32\httpapi.dll
2011-12-10 12:19:30 30720 ----a-w- C:\Windows\SysWow64\httpapi.dll
2011-12-10 12:08:58 975360 ----a-w- C:\Windows\System32\inetcomm.dll
2011-12-10 12:07:54 991104 ----a-w- C:\Windows\System32\winresume.efi
2011-12-10 12:06:34 441856 ----a-w- C:\Windows\System32\WSDApi.dll
2011-12-10 12:06:34 355328 ----a-w- C:\Windows\SysWow64\WSDApi.dll
2011-12-10 12:06:33 731136 ----a-w- C:\Windows\System32\mstsc.exe
2011-12-10 12:06:33 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-12-10 12:06:33 2425344 ----a-w- C:\Windows\System32\mstscax.dll
2011-12-10 12:06:33 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-12-10 12:06:32 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-12-10 12:06:32 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-12-10 12:06:31 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-12-10 12:06:31 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-12-10 12:06:31 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2011-12-10 12:02:59 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-12-10 12:02:59 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-12-10 12:02:59 1162240 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-12-10 12:02:59 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-12-10 12:01:02 677376 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2011-12-10 12:01:02 1305600 ----a-w- C:\Windows\System32\rpcrt4.dll
2011-12-10 11:59:29 73216 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-12-10 11:59:29 69632 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-12-10 11:59:29 57856 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-12-10 11:59:29 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2011-12-10 11:59:29 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-12-10 11:59:29 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2011-12-10 11:59:29 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-12-10 11:59:29 100352 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-12-10 11:59:10 28672 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-12-10 11:59:10 25088 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-12-10 11:59:10 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-12-10 11:58:44 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2011-12-10 11:58:44 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2011-12-10 11:26:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-10 11:15:12 150016 ----a-w- C:\Windows\System32\drivers\Rtlh64.sys
2011-12-10 11:15:11 -------- d-----w- C:\Program Files (x86)\Realtek
2011-12-10 11:14:51 -------- dc----w- C:\dell
2011-12-10 11:13:59 45056 ----a-r- C:\Users\Dewey\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2011-12-10 11:13:54 -------- dc----w- C:\Program Files (x86)\Dell
2011-12-10 11:13:54 -------- d-----w- C:\Windows\SysWow64\vmm32
2011-12-10 11:13:41 -------- d-sh--w- C:\Windows\Installer
2011-12-10 11:10:53 0 ----a-w- C:\Windows\ativpsrm.bin
2011-12-10 11:07:17 98304 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-12-10 11:07:17 104960 ----a-w- C:\Windows\System32\cabview.dll
2011-12-10 11:07:16 218624 ----a-w- C:\Windows\System32\wintrust.dll
2011-12-10 11:07:16 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-12-07 00:26:40 4448256 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
==================== Find3M ====================
.
2011-12-10 13:25:59 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-20 21:06:18 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-20 14:04:40 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
.
============= FINISH: 12:15:46.19 ===============