PDA

View Full Version : I'm infected



Crone
2012-04-16, 14:00
Currently running in safe mode. When I start computer I can get to login screen, once I type in my password it will sit on loading and not go any further. Unfortunately I have already run malware, spyware and registry repair programs in hope to fix this. I appreciate any help.

Spybot did not find anything the last time I ran it, it did previously but deleted it.

Cheers,
Jordan.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514
Run by P6T at 22:41:52 on 2012-04-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12278.10866 [GMT -7:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\P6T\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\P6T\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\P6T\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\P6T\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\P6T\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Registry Mechanic\RegMech.exe
C:\Users\P6T\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - D:\Program Files\Java\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - D:\Program Files\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Program Files\Java\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - D:\Program Files\Avast\aswWebRepIE.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
uRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "D:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [avast] "D:\Program Files\Avast\avastUI.exe" /nogui
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{5F89A65B-20A0-442B-8FD1-11ED0A599DC7} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{ACE1DA61-551F-4E0C-B8D8-7B862EA5B203} : DhcpNameServer = 10.1.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\Avast\aswWebRepIE.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\Avast\aswWebRepIE.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "D:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [avast] "D:\Program Files\Avast\avastUI.exe" /nogui
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;D:\Program Files\Avast\AvastSvc.exe [2012-4-16 44768]
S2 avast! Firewall;avast! Firewall;D:\Program Files\Avast\afwServ.exe [2012-4-16 131288]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-16 654408]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-4-16 583640]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 XoftSpyService;XoftSpyService;C:\Program Files (x86)\Common Files\XoftSpySE\6\xoftspyservice.exe [2010-9-29 582424]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 253088]
.
=============== Created Last 30 ================
.
2012-04-17 05:25:18 -------- d-----w- C:\Users\P6T\AppData\Roaming\GlarySoft
2012-04-17 05:24:58 -------- d-----w- C:\Program Files (x86)\Glarysoft
2012-04-17 05:14:08 -------- d-----w- C:\Program Files (x86)\Wise PC Doctor
2012-04-17 05:11:20 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-04-17 05:01:50 -------- d-----w- C:\ProgramData\ParetoLogic
2012-04-17 05:01:50 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2012-04-17 05:01:46 -------- d-----w- C:\ProgramData\XoftSpySE
2012-04-17 05:01:46 -------- d-----w- C:\Program Files (x86)\Common Files\XoftSpySE
2012-04-17 05:01:20 -------- d-----w- C:\Program Files (x86)\XoftSpySE6
2012-04-17 04:38:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-17 04:38:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-17 04:35:45 -------- d-----w- C:\Users\P6T\AppData\Local\adawarebp
2012-04-17 04:35:17 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-04-17 04:26:33 -------- d-----w- C:\Users\P6T\AppData\Roaming\Registry Mechanic
2012-04-17 04:24:55 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx
2012-04-17 04:24:55 40408 ----a-w- C:\Windows\System32\CleanMFT64.exe
2012-04-17 04:24:55 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx
2012-04-17 04:24:55 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx
2012-04-17 04:24:54 658432 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2012-04-17 04:24:54 506368 ----a-w- C:\Windows\SysWow64\msxml.dll
2012-04-17 04:24:53 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-17 04:20:35 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-04-17 04:20:29 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-04-17 04:18:35 -------- d-----w- C:\Users\P6T\AppData\Roaming\Ad-Aware Antivirus
2012-04-17 03:57:05 -------- d-----w- C:\Users\P6T\AppData\Roaming\Malwarebytes
2012-04-17 03:56:58 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-17 03:56:57 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-17 03:56:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-16 18:54:12 141144 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-04-16 18:53:45 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-04-16 18:53:45 28504 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-04-16 18:53:45 258904 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-04-16 18:53:43 817496 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-04-16 18:53:38 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-04-16 18:53:05 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2012-04-16 18:49:36 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1BE69B6D-7EBD-403A-8115-2AA51DDAC4B3}\mpengine.dll
2012-04-16 18:44:53 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-16 18:44:53 -------- d-----w- C:\Windows\System32\Wat
2012-04-16 18:17:46 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A2C8BF55-5AD1-4CEA-8B8A-FF3625D43BF8}\gapaengine.dll
2012-04-16 17:59:30 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-16 17:59:20 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-16 17:44:39 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-16 17:44:38 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-16 17:44:38 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-16 17:41:13 41184 ----a-w- C:\Windows\avastSS.scr
2012-04-16 17:41:04 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-16 17:32:13 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-16 17:32:13 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-16 17:32:13 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-16 17:32:07 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-16 17:32:07 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-16 17:32:07 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-16 17:32:07 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-16 17:01:18 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-04-16 17:01:17 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-04-16 16:59:53 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-04-16 16:58:46 566208 ----a-w- C:\Windows\System32\winresume.efi
2012-04-16 16:58:44 642944 ----a-w- C:\Windows\System32\winload.efi
2012-04-16 16:58:44 605552 ----a-w- C:\Windows\System32\winload.exe
2012-04-16 16:58:44 518672 ----a-w- C:\Windows\System32\winresume.exe
2012-04-16 16:58:44 20352 ----a-w- C:\Windows\System32\kdusb.dll
2012-04-16 16:58:44 19328 ----a-w- C:\Windows\System32\kd1394.dll
2012-04-16 16:58:44 17792 ----a-w- C:\Windows\System32\kdcom.dll
2012-04-16 16:56:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-04-16 16:56:59 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-04-16 16:56:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-04-16 16:56:34 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-04-16 16:55:30 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-04-16 16:55:30 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-04-16 16:55:30 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-04-16 16:55:30 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-04-16 16:55:23 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-16 16:55:22 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-04-16 16:53:26 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-04-16 16:51:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-04-16 16:51:52 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-04-16 16:51:44 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-04-16 16:51:44 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-04-16 16:50:56 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-16 16:50:55 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-04-16 16:50:47 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF4AC92F-FCA0-4E29-A278-29E9A76EC9D5}\mpengine.dll
2012-04-16 16:49:13 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-04-16 16:49:13 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-04-16 16:49:05 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-04-16 16:49:05 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-04-16 16:49:05 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-04-16 16:49:05 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-04-16 16:45:33 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-04-16 16:45:33 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-04-16 16:45:33 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-04-16 16:45:33 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-04-16 16:40:33 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2012-04-16 16:40:33 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2012-04-16 16:36:26 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-04-16 16:36:26 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-04-16 16:36:26 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-04-16 16:36:26 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2012-04-16 16:36:26 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2012-04-16 16:36:11 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-04-16 16:36:11 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-04-16 16:36:03 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-04-16 16:35:43 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-04-16 16:35:43 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-04-16 16:35:34 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-04-16 16:35:29 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-04-16 16:35:29 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-04-16 16:33:32 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-16 16:33:32 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-16 16:31:31 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-04-16 16:30:40 -------- d-----w- C:\Windows\PCHEALTH
2012-04-16 16:30:39 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-16 16:26:19 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-16 16:24:15 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-04-16 16:23:50 -------- d-----w- C:\Users\P6T\AppData\Local\Microsoft Help
2012-04-16 03:08:57 -------- d-----w- C:\Program Files (x86)\SpeedFan
2012-04-16 03:06:55 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-16 02:46:46 -------- d-----w- C:\Users\P6T\AppData\Roaming\uTorrent
2012-04-16 02:02:53 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-16 02:02:53 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-16 02:02:53 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-16 02:02:50 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-16 02:02:49 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-16 02:02:49 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-16 02:02:49 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-16 02:02:49 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-15 05:57:36 -------- d-----w- C:\Users\P6T\AppData\Local\Skyrim
2012-04-15 04:36:36 -------- d-----w- C:\Users\P6T\AppData\Local\SKIDROW
2012-04-15 04:18:24 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2012-04-15 03:31:44 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2012-04-15 03:31:13 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-15 03:31:13 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-15 03:31:11 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-04-15 03:16:43 -------- d-----w- C:\ProgramData\EA Logs
2012-04-15 03:14:08 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-04-15 03:13:58 -------- d-----w- C:\Users\P6T\AppData\Local\Origin
2012-04-15 03:13:58 -------- d-----w- C:\ProgramData\Origin
2012-04-15 03:12:18 -------- d-----w- C:\Users\P6T\AppData\Roaming\Origin
2012-04-14 07:29:43 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2012-04-14 07:29:43 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2012-04-14 07:29:43 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2012-04-14 07:29:43 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2012-04-14 07:29:42 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2012-04-14 07:29:42 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-04-14 05:39:55 -------- d-----w- C:\Users\P6T\riotsGamesLogs
2012-04-14 05:38:11 -------- d-----w- C:\Users\P6T\AppData\Roaming\LolClient
2012-04-14 05:33:56 -------- d-----w- C:\Windows\SysWow64\directx
2012-04-14 05:08:40 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-04-14 04:06:59 -------- d-----w- C:\Users\P6T\AppData\Local\ElevatedDiagnostics
2012-04-14 04:03:33 -------- d-----w- C:\MATS
2012-04-14 03:46:16 -------- d-----w- C:\Windows\System32\appmgmt
2012-04-14 03:29:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-14 03:29:08 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-14 03:26:08 -------- d-----w- C:\ProgramData\Solidshield
2012-04-14 03:19:38 -------- d-----w- C:\ProgramData\Electronic Arts
2012-04-14 03:19:38 -------- d-----w- C:\ProgramData\EA Core
2012-04-14 03:05:54 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-04-14 03:05:50 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-04-14 03:05:05 -------- d-----w- C:\Users\P6T\AppData\Roaming\DAEMON Tools Lite
2012-04-14 03:05:00 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-04-14 02:56:42 -------- d-----w- C:\Users\P6T\AppData\Local\Google
2012-04-14 02:48:38 -------- d-----w- C:\Users\P6T\AppData\Local\Deployment
2012-04-14 02:48:38 -------- d-----w- C:\Users\P6T\AppData\Local\Apps
2012-04-12 05:50:27 -------- d-----w- C:\Windows\Panther
2012-04-12 04:55:53 -------- d-sh--w- C:\Recovery
2012-04-12 04:52:22 0 ----a-w- C:\Windows\ativpsrm.bin
.
==================== Find3M ====================
.
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-14 19:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 22:42:02.10 ===============

shelf life
2012-04-28, 01:26
hi Crone,

Your post is several days old. If you still need help simply reply back.