Adware, malware and maybe more [Archive]

faududu

2012-08-18, 10:08

Hi, its my first time posting here.. My main problem was an adware called "text enhance" that I don't know how it got in my pc.. its really annoying when surfing on internet. But I saw a lot of stuff on internet showing how to remove it so I installed S&D, but it did not. Also all my MSN Messenger contacts are in status offline when Im logged in but they should not cuz they really are online(its really weird cuz yesterday it was working fine). Also my pc is kinda slow to open programs and etc. And I read the post ""BEFORE You POST" and followed carefully the steps but I COUDN'T complete the scan of aswMBR ..I updated it (avast database) and after 2~3min of scanning a message popped out saying "avast! Antirootkit stopped working".. then I have to close it.. I tried to scan 6 times but all failed whit same error message. I really dont know what to do and would be REALLY REALLY thankful if anyone can help me fix my system.. thanks you! :sad:

and ERUNT is already installed too..

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by fabio at 5:02:50 on 2012-08-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.4055.1992 [GMT -3:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\mqtgsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Users\fabio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fabio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.plusnetwork.com/?sp=hp
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: DownloadnSave Class: {55af2efc-897f-4591-161a-017415b58b15} - C:\ProgramData\DownloadnSave\bhoclass.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [Spotify Web Helper] "C:\Users\fabio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\fabio\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun: [<NO NAME>]
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
StartupFolder: C:\Users\fabio\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\fabio\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: pcapwsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 201.46.240.40 201.46.240.45
TCP: Interfaces\{55EF4148-6430-43FC-ABCB-B8A6328A97B3} : DhcpNameServer = 201.46.240.40 201.46.240.45
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{53707962-6F74-2D53-2644-206D7942484F}
{55AF2EFC-897F-4591-161A-017415B58B15}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun-x64: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun-x64: [(padrÆo)]
mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\fabio\AppData\Roaming\Mozilla\Firefox\Profiles\6g0ni99j.default\
FF - prefs.js: browser.startup.homepage - www.google.com.br
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\fabio\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\fabio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-4-23 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-4-23 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-26 1258856]
R2 pcapsvc;ProxyCap Service;C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [2010-9-18 635904]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-28 382312]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rzudd;Razer Keyboard Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]
R3 VKbms;Razer Gaming Device;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-23 250056]
S3 CYUSB;Cypress Generic USB Driver;C:\Windows\system32\Drivers\CYUSB.sys --> C:\Windows\system32\Drivers\CYUSB.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 rzdaendpt;%rzdaendpt.SvcDesc%;C:\Windows\system32\DRIVERS\rzdaendpt.sys --> C:\Windows\system32\DRIVERS\rzdaendpt.sys [?]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\rzvkeyboard.sys --> C:\Windows\system32\DRIVERS\rzvkeyboard.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-18 06:42:40 -------- d-----w- C:\Users\fabio\AppData\Local\{3C703C6A-49A2-4CEE-B198-55350F0C2294}
2012-08-18 05:59:29 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-18 05:59:29 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-18 05:53:26 -------- d-----w- C:\Program Files (x86)\Marcos Velasco Security
2012-08-18 05:49:55 -------- d-----w- C:\Program Files\CCleaner
2012-08-18 02:29:39 -------- d-----w- C:\Users\fabio\AppData\Local\Google
2012-08-18 00:51:00 0 ----a-w- C:\STF6273.tmp
2012-08-18 00:36:30 0 ----a-w- C:\STF19EE.tmp
2012-08-18 00:30:30 0 ----a-w- C:\STF9B9A.tmp
2012-08-18 00:27:34 0 ----a-w- C:\STFEB9C.tmp
2012-08-18 00:15:15 0 ----a-w- C:\STFA71C.tmp
2012-08-17 23:54:50 0 ----a-w- C:\STFF412.tmp
2012-08-17 23:13:34 0 ----a-w- C:\STF2D87.tmp
2012-08-17 23:06:11 0 ----a-w- C:\STF2B2C.tmp
2012-08-17 23:03:53 0 ----a-w- C:\STF1210.tmp
2012-08-17 22:15:18 -------- d-----w- C:\Program Files (x86)\EVGA Precision X
2012-08-17 18:42:04 -------- d-----w- C:\Users\fabio\AppData\Local\{A2373642-A510-4A1F-8012-87A790BEDE4D}
2012-08-17 18:41:28 -------- d-----w- C:\Users\fabio\AppData\Local\{2AB750DC-4520-432D-A710-776B24522C4E}
2012-08-17 07:26:56 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F26FCBAC-F8F4-4D9F-AEE8-B4EFE54E8873}\mpengine.dll
2012-08-17 06:13:16 -------- d-----w- C:\Users\fabio\AppData\Local\{559F74F0-AA26-45E1-93F4-AE730C6A277D}
2012-08-17 06:12:43 -------- d-----w- C:\Users\fabio\AppData\Local\{EDAD6600-4E32-4F4B-8163-A1508BEA5941}
2012-08-17 01:42:14 0 ----a-w- C:\STFBA65.tmp
2012-08-17 01:42:02 0 ----a-w- C:\STF8A02.tmp
2012-08-17 01:42:02 -------- d-----w- C:\Users\fabio\AppData\Local\Activision
2012-08-16 18:12:19 -------- d-----w- C:\Users\fabio\AppData\Local\{026B6A04-8C65-4D69-BF30-00865226B628}
2012-08-16 18:11:46 -------- d-----w- C:\Users\fabio\AppData\Local\{7779F669-6B8E-4515-941D-7C97E28CC868}
2012-08-16 06:11:10 -------- d-----w- C:\Users\fabio\AppData\Local\{32E556E4-6B9B-4E62-8590-B630199943DF}
2012-08-16 06:10:37 -------- d-----w- C:\Users\fabio\AppData\Local\{2D4F46EE-B32B-4BC8-A366-6D58C820C631}
2012-08-15 18:10:01 -------- d-----w- C:\Users\fabio\AppData\Local\{DFD4EE68-3B25-41F0-98E8-72D6562149E7}
2012-08-15 18:09:28 -------- d-----w- C:\Users\fabio\AppData\Local\{7C845D3D-F117-48B7-9F7D-C0BB64FB50A2}
2012-08-15 06:08:52 -------- d-----w- C:\Users\fabio\AppData\Local\{C0326F8F-4E37-4DAD-8590-7970649F54C2}
2012-08-15 02:18:40 -------- d-----w- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2012-08-14 23:33:13 -------- d-----w- C:\Users\fabio\AppData\Local\Darksiders2
2012-08-14 18:07:34 -------- d-----w- C:\Users\fabio\AppData\Local\{B6DF3D4C-EF24-46C7-ACA7-081463784146}
2012-08-14 18:07:01 -------- d-----w- C:\Users\fabio\AppData\Local\{A5962FF9-FBFA-4D92-B78E-13EC78FE5F03}
2012-08-14 06:06:24 -------- d-----w- C:\Users\fabio\AppData\Local\{CAC692A8-B8A9-4AA6-B363-7B18EE94AAEB}
2012-08-14 04:49:00 -------- d-----w- C:\Windows\SysWow64\no
2012-08-13 18:05:15 -------- d-----w- C:\Users\fabio\AppData\Local\{0DC9CA6E-FDAC-41F0-BBA5-FCA4F8BB935D}
2012-08-13 18:04:53 -------- d-----w- C:\Users\fabio\AppData\Local\{E690EE52-1423-44C4-BD8F-1798EDC655C9}
2012-08-13 02:31:53 -------- d-----w- C:\Users\fabio\AppData\Local\{69CFD28D-79A4-4A17-A5DF-894D3D483EDF}
2012-08-13 02:31:21 -------- d-----w- C:\Users\fabio\AppData\Local\{FF056F88-9AA3-4713-8049-1906D1BDEE25}
2012-08-12 14:30:44 -------- d-----w- C:\Users\fabio\AppData\Local\{ED5B8C21-6DF7-41CF-9067-66BFE72CF72E}
2012-08-12 14:30:22 -------- d-----w- C:\Users\fabio\AppData\Local\{DF21443C-B9D2-4315-AA9D-D1672FF8C798}
2012-08-12 01:59:48 -------- d-----w- C:\Users\fabio\AppData\Local\{1D3D6DBD-C426-4294-A2B8-469C4E03E6C5}
2012-08-12 01:59:14 -------- d-----w- C:\Users\fabio\AppData\Local\{852A291C-8E24-4931-BD5C-4EE95B9ADBFE}
2012-08-11 16:48:14 -------- d-----w- C:\Users\fabio\AppData\Local\SCE
2012-08-11 16:48:14 -------- d-----w- C:\Crash
2012-08-11 14:10:28 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-11 13:58:50 -------- d-----w- C:\Users\fabio\AppData\Local\{176A289D-A1C2-4C59-8914-305427780864}
2012-08-11 13:58:24 -------- d-----w- C:\Users\fabio\AppData\Local\{706D2FAA-0D5F-490C-9E03-0ADA91B7578F}
2012-08-11 03:32:18 -------- d-----w- C:\Program Files (x86)\Common Files\Thraex Software
2012-08-11 03:32:18 -------- d-----w- C:\PacSteamT
2012-08-11 01:54:29 -------- d-----w- C:\Users\fabio\AppData\Local\{C044C9E5-ADEC-44C1-BFDE-87CEAF1082FC}
2012-08-11 01:54:07 -------- d-----w- C:\Users\fabio\AppData\Local\{069E5D6F-45CE-4DAA-A63E-2E1EFDC8A429}
2012-08-10 03:29:27 -------- d-----w- C:\Users\fabio\AppData\Local\{852F1E2D-E966-4C24-9C0A-A16458249612}
2012-08-10 03:28:54 -------- d-----w- C:\Users\fabio\AppData\Local\{CEC18504-0EF9-44CD-9743-91D21A64E44B}
2012-08-09 21:21:17 -------- d-----w- C:\Users\fabio\AppData\Roaming\Razer
2012-08-09 21:19:24 85504 ----a-w- C:\Windows\SysWow64\DeathAdder64.cpl
2012-08-09 21:19:19 6656 ----a-w- C:\Windows\System32\drivers\hidkmdf.sys
2012-08-09 21:19:19 47104 ----a-w- C:\Windows\System32\drivers\CYUSB.sys
2012-08-09 21:19:19 13312 ----a-w- C:\Windows\System32\drivers\VKbms.sys
2012-08-09 21:19:19 12032 ----a-w- C:\Windows\System32\drivers\danew.sys
2012-08-09 20:53:18 -------- d-----w- C:\Users\fabio\AppData\Local\Razer
2012-08-09 20:19:03 65536 ----a-w- C:\Windows\SysWow64\Lycosa.cpl
2012-08-09 15:28:18 -------- d-----w- C:\Users\fabio\AppData\Local\{A06A64AC-EB44-418D-A845-85D5CD46CF7F}
2012-08-09 15:27:46 -------- d-----w- C:\Users\fabio\AppData\Local\{1DEFA9B6-EE38-4C99-BDF5-A7018721EAFF}
2012-08-09 03:27:11 -------- d-----w- C:\Users\fabio\AppData\Local\{58AE2445-23F6-4B94-B72C-C25A17FDC63A}
2012-08-09 03:26:38 -------- d-----w- C:\Users\fabio\AppData\Local\{A5DFB181-1EFC-42E1-9770-5DE2DBF77C4D}
2012-08-08 15:26:15 -------- d-----w- C:\Users\fabio\AppData\Local\{40B5A006-DC42-4F85-8D54-D5B80284EFAC}
2012-08-08 15:25:53 -------- d-----w- C:\Users\fabio\AppData\Local\{1B5860BE-6AD5-43AA-967B-A5A809FD8A0E}
2012-08-08 01:18:02 -------- d-----w- C:\Users\fabio\AppData\Local\{BC40EE98-3DB6-4E90-BC2E-5008CB32DE39}
2012-08-08 01:17:29 -------- d-----w- C:\Users\fabio\AppData\Local\{1D782CA7-CBD7-40B1-9DC3-6480B25BF1C7}
2012-08-07 13:17:05 -------- d-----w- C:\Users\fabio\AppData\Local\{77E535B4-8332-4C16-97E3-5CF8C558B0B5}
2012-08-07 13:16:43 -------- d-----w- C:\Users\fabio\AppData\Local\{D8656B23-CAD5-4943-9FB1-78F7F97E0FF9}
2012-08-07 00:43:41 -------- d-----w- C:\Windows\SysWow64\xlive
2012-08-07 00:43:28 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-08-06 15:26:17 -------- d-----w- C:\Users\fabio\AppData\Local\{486F74FE-CFB3-4776-A8B2-D87E71D33FC1}
2012-08-06 15:25:53 -------- d-----w- C:\Users\fabio\AppData\Local\{983DD1CE-25A2-4C13-9211-5CF1E5137E66}
2012-08-06 00:55:32 -------- d-----w- C:\Users\fabio\AppData\Local\{AA8DC56B-BA84-46F1-9EB7-AA65747A4E4B}
2012-08-05 12:54:24 -------- d-----w- C:\Users\fabio\AppData\Local\{982D20AD-EBF8-4F31-A33B-836B09F30D24}
2012-08-05 12:54:02 -------- d-----w- C:\Users\fabio\AppData\Local\{289B9CDC-1D72-4E7D-ABFF-606A1554635A}
2012-08-04 14:32:34 -------- d-----w- C:\Users\fabio\AppData\Local\{51EA21C4-AD7F-4C6C-B077-E52AE44A456E}
2012-08-04 14:32:12 -------- d-----w- C:\Users\fabio\AppData\Local\{137A4018-6CB4-444E-A18E-47042CA04AAA}
2012-08-04 02:29:44 -------- d-----w- C:\Users\fabio\AppData\Local\{EF56BE1B-B665-4B56-BCDB-742F90232DB8}
2012-08-04 02:29:09 -------- d-----w- C:\Users\fabio\AppData\Local\{DE37C6FD-417F-4BDB-BC8F-A263E57299E8}
2012-08-03 16:16:34 -------- d-----w- C:\Users\fabio\AppData\Local\Spotify
2012-08-03 16:16:05 -------- d-----w- C:\Users\fabio\AppData\Roaming\Spotify
2012-08-03 14:28:44 -------- d-----w- C:\Users\fabio\AppData\Local\{D15111F5-D753-48E1-BAB3-E3728FC50B3E}
2012-08-03 14:28:15 -------- d-----w- C:\Users\fabio\AppData\Local\{936BDCBD-0FCF-4755-A056-A98ADEC12D7B}
2012-08-03 03:47:12 -------- d-----w- C:\Users\fabio\AppData\Local\Skyrim
2012-08-03 01:11:43 -------- d-----w- C:\Users\fabio\AppData\Local\{11DA9C3E-08FB-45CA-81B7-C324CDC235A0}
2012-08-02 22:30:00 -------- d-----w- C:\ProgramData\Premium
2012-08-02 22:29:21 -------- d-----w- C:\Users\fabio\AppData\Roaming\SendSpace
2012-08-02 22:29:16 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2012-08-02 22:29:07 -------- d-----w- C:\ProgramData\DownloadnSave
2012-08-02 22:28:18 -------- d-----w- C:\ProgramData\InstallMate
2012-08-02 13:10:47 -------- d-----w- C:\Users\fabio\AppData\Local\{73BC8D60-B5FD-46F7-B694-CB23A0A3E8CA}
2012-08-02 13:10:25 -------- d-----w- C:\Users\fabio\AppData\Local\{6185A8D0-8EDF-4994-9364-BDCA65E8D58C}
2012-08-02 00:14:39 -------- d-----w- C:\Users\fabio\AppData\Local\{4898F6EA-84BD-40D6-B5C7-66F80BD65845}
2012-08-02 00:14:06 -------- d-----w- C:\Users\fabio\AppData\Local\{F6732041-8855-464D-B897-248384FAA63D}
2012-08-01 12:13:43 -------- d-----w- C:\Users\fabio\AppData\Local\{AD6C05DD-DD87-4A80-8B19-75897E5B201F}
2012-08-01 12:13:10 -------- d-----w- C:\Users\fabio\AppData\Local\{F79FF4C8-1BC9-44A4-9B6C-478633F9000F}
2012-08-01 11:13:00 -------- d-----w- C:\Users\fabio\AppData\Local\FLT
2012-08-01 00:12:34 -------- d-----w- C:\Users\fabio\AppData\Local\{A76E4CF3-2527-4542-A8CB-A6B51A4DB130}
2012-08-01 00:12:01 -------- d-----w- C:\Users\fabio\AppData\Local\{7ADF8954-9618-4F20-B4D8-8D8FF2291649}
2012-07-31 12:11:26 -------- d-----w- C:\Users\fabio\AppData\Local\{58CF0BD1-13AF-49D0-808C-F6C117CDBBAB}
2012-07-31 12:11:04 -------- d-----w- C:\Users\fabio\AppData\Local\{E750A80A-9AF5-4229-8DD9-BDC1D79E7651}
2012-07-30 22:04:59 -------- d-----w- C:\Users\fabio\AppData\Local\{B19EA27A-DD14-4C3E-B3F2-8D0B6AC34337}
2012-07-30 10:03:52 -------- d-----w- C:\Users\fabio\AppData\Local\{07077EE5-1D5E-42D9-BE26-3996138FEFDC}
2012-07-30 10:03:30 -------- d-----w- C:\Users\fabio\AppData\Local\{F2B950B3-861C-4CC1-B035-1A3180816B66}
2012-07-29 13:03:05 -------- d-----w- C:\Users\fabio\AppData\Local\{19721826-D4E5-4CB0-B742-864EC8873E12}
2012-07-29 13:02:43 -------- d-----w- C:\Users\fabio\AppData\Local\{56CDC2C0-0E8A-4957-831F-F2E2A0E3F050}
2012-07-29 00:35:26 -------- d-----w- C:\Users\fabio\AppData\Local\{998F8490-72FE-4DF8-BE7F-76D64FBF1AB4}
2012-07-29 00:34:53 -------- d-----w- C:\Users\fabio\AppData\Local\{B2A0AA93-4EB8-4A66-BEF9-49616BEA0336}
2012-07-28 14:38:28 -------- d-----w- C:\Users\fabio\AppData\Roaming\LongHorn
2012-07-28 12:34:16 -------- d-----w- C:\Users\fabio\AppData\Local\{82E54792-747D-4BBE-82B9-6F02D6141305}
2012-07-28 12:33:43 -------- d-----w- C:\Users\fabio\AppData\Local\{9D1DFC43-463B-4668-B095-40F6E9E8BBAA}
2012-07-28 00:33:08 -------- d-----w- C:\Users\fabio\AppData\Local\{37202CF7-D8E3-4C84-BD09-0EE940F659A3}
2012-07-28 00:32:36 -------- d-----w- C:\Users\fabio\AppData\Local\{726AA03F-1115-4589-B39F-038DBEF140EA}
2012-07-27 09:19:16 -------- d-----w- C:\Program Files\Valve
2012-07-27 07:29:16 -------- d-----w- C:\Users\fabio\AppData\Local\{4DCD81C2-821A-4811-AD72-2C39E2C701CE}
2012-07-27 07:28:53 -------- d-----w- C:\Users\fabio\AppData\Local\{9D36EE3E-1372-4284-B5CA-0370BA89A44F}
2012-07-26 14:56:48 -------- d-----w- C:\ProgramData\Electronic Arts
2012-07-26 14:56:48 -------- d-----w- C:\ProgramData\EA Core
2012-07-26 06:14:29 -------- d-----w- C:\Users\fabio\AppData\Local\{790E6EB1-9D91-455D-8610-65500FA12F51}
2012-07-26 06:13:57 -------- d-----w- C:\Users\fabio\AppData\Local\{16E6D4C5-FAAC-4A6B-AADC-D4C92AB8A00C}
2012-07-25 18:13:34 -------- d-----w- C:\Users\fabio\AppData\Local\{8658324D-3248-4411-B190-C5906341B985}
2012-07-25 18:13:02 -------- d-----w- C:\Users\fabio\AppData\Local\{BA617474-F36C-4FC2-984F-0A4F7DE5C9DF}
2012-07-25 06:12:37 -------- d-----w- C:\Users\fabio\AppData\Local\{02929B6D-F9C7-4E65-9DB6-2A5B5D2E58CB}
2012-07-25 06:12:04 -------- d-----w- C:\Users\fabio\AppData\Local\{D0FE929B-C2A5-419A-A4B7-654FA6D3EC49}
2012-07-24 18:11:40 -------- d-----w- C:\Users\fabio\AppData\Local\{7AF8654B-2BA4-4B8C-9B5F-1989D173FAAE}
2012-07-24 18:11:10 -------- d-----w- C:\Users\fabio\AppData\Local\{98AE1590-47FA-4F46-9E3E-0BCB6F62069C}
2012-07-24 01:43:59 -------- d-----w- C:\Users\fabio\AppData\Local\{B44C0AAD-B59C-4EDE-A658-504045299ED8}
2012-07-24 01:43:26 -------- d-----w- C:\Users\fabio\AppData\Local\{7E099B73-19FC-4DFE-81E6-EBAAB4E639E3}
2012-07-23 13:42:51 -------- d-----w- C:\Users\fabio\AppData\Local\{E0927300-1344-4BD1-8116-1C99FA9CB16C}
2012-07-23 13:42:18 -------- d-----w- C:\Users\fabio\AppData\Local\{4DA58A98-9A3D-4EFC-816E-7604AB852787}
2012-07-23 01:41:42 -------- d-----w- C:\Users\fabio\AppData\Local\{34DEA3F6-9851-4540-B987-EC184629E153}
2012-07-23 01:41:20 -------- d-----w- C:\Users\fabio\AppData\Local\{91E2B13A-AD19-4554-9A04-58FB5BFB0E35}
2012-07-22 11:07:10 -------- d-----w- C:\Users\fabio\AppData\Local\{A56F77FB-0B19-4479-8102-10B07D701B4F}
2012-07-21 23:06:14 -------- d-----w- C:\Users\fabio\AppData\Local\{89C4D8F9-0EE5-40C3-BD16-36309607DD41}
2012-07-21 23:05:41 -------- d-----w- C:\Users\fabio\AppData\Local\{73FC35A2-E869-46F7-9860-28E054E0F560}
2012-07-21 11:05:06 -------- d-----w- C:\Users\fabio\AppData\Local\{B39E9326-28A6-4415-8950-BE2F440CF070}
2012-07-20 23:04:11 -------- d-----w- C:\Users\fabio\AppData\Local\{340509FA-1362-4CC2-9EB2-0C0C4DAEB39B}
2012-07-20 11:03:15 -------- d-----w- C:\Users\fabio\AppData\Local\{EE9817E2-9462-4399-8D9E-167D64670F8E}
2012-07-20 11:02:43 -------- d-----w- C:\Users\fabio\AppData\Local\{F7CFA5C6-E768-4952-9652-1C0F5B61F221}
2012-07-19 23:42:19 -------- d-----w- C:\Users\fabio\AppData\Roaming\Might & Magic Heroes VI
2012-07-19 23:42:19 -------- d-----w- C:\Users\fabio\AppData\Local\Ubisoft Game Launcher
2012-07-19 23:02:06 -------- d-----w- C:\Users\fabio\AppData\Local\{044DB1F2-2D2F-4DE4-B70E-F96AA3D30EEE}
2012-07-19 23:01:43 -------- d-----w- C:\Users\fabio\AppData\Local\{7EEE6B83-68A5-4A4A-96CD-277584435B01}
.
==================== Find3M ====================
.
2012-08-15 07:16:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 07:16:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-11 17:15:11 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-11 17:15:11 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-11 17:10:40 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-08-11 16:47:17 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-19 02:42:10 480256 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-16 02:38:20 26112 ----a-w- C:\Windows\System32\drivers\rzdaendpt.sys
2012-07-16 02:38:18 7168 ----a-w- C:\Windows\System32\drivers\rzkbdhid.sys
2012-07-16 02:38:18 22528 ----a-w- C:\Windows\System32\drivers\rzvkeyboard.sys
2012-07-16 02:38:14 101376 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2012-07-16 02:32:52 143360 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2012-07-16 02:32:48 165888 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 23:53:23 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-06-29 23:53:23 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-28 23:55:57 3266408 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-06-28 23:55:46 6193000 ----a-w- C:\Windows\System32\nvcpl.dll
2012-06-28 23:55:40 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-06-28 23:55:39 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-06-28 23:55:39 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-06-28 20:44:42 428904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-06-06 23:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-04 07:59:20 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-06-04 07:59:20 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 18:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 18:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 15:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-29 03:38:50 330240 ----a-w- C:\Windows\MASetupCaller.dll
2012-05-23 21:50:06 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
.
============= FINISH: 5:03:26,21 ===============

shelf life

2012-08-24, 00:50

hi faududu,

Your post is a few days old. If you still need help simply reply back.

faududu

2012-08-24, 01:29

yea please.. :)

shelf life

2012-08-24, 03:43

Two things to start with: did you pay for this---> Optimizer Pro
Next download, install, update and run Malwarebytes and post its log;

Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/malwarebytes_free/) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

faududu

2012-08-25, 03:54

No I did not pay for this optimizer pro and I dont remember downloading it..
I Did everything you said and here is the log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Versão da Base de Dados: v2012.08.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
fabio :: FABIO-PC [administrador]

Proteção: Permitir

24/08/2012 21:23:10
mbam-log-2012-08-24 (21-23-10).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 531223
Tempo decorrido: 1 hora(s), 16 minuto(s), 36 segundo(s)

Processos de Memória Detectados: 1
C:\ProgramData\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> 1716 -> Será deletado na próxima inicialização.

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro1 (Trojan.Dropper) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A8B0DBDE-8119-48B0-8088-D12DA01C36BA} (PUP.DownloadnSave) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 2
C:\ProgramData\DownloadnSave (PUP.DownloadnSave) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\DownloadnSave\data (PUP.DownloadnSave) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 10
C:\ProgramData\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> Será deletado na próxima inicialização.
C:\Users\fabio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53P6YXVW\updater[1].exe (Trojan.Dropper) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\fabio\Desktop\gamirage.rar.exe (Affiliate.Downloader) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\DownloadnSave\content.js (PUP.DownloadnSave) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\DownloadnSave\background.html (PUP.DownloadnSave) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\DownloadnSave\lekjpidpelecajaalpiokbnkajndjefp.crx (PUP.DownloadnSave) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\DownloadnSave\settings.ini (PUP.DownloadnSave) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\DownloadnSave\uninstall.exe (PUP.DownloadnSave) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\DownloadnSave\data\content.js (PUP.DownloadnSave) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\DownloadnSave\data\jsondb.js (PUP.DownloadnSave) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

shelf life

2012-08-25, 22:10

You can remove optimizer pro via the add/remove programs panel. Malwarebytes removed some items. Hows it looking on your end now?

faududu

2012-08-26, 01:56

It definitely looks way better, I would like to thank you sooo much!
But I have just one question.. the malwarebytes moved a lot of items to quarantine should I do anything there ? thanks!

shelf life

2012-08-26, 04:00

ok good. Your welcome. You dont have to do anything. Malwarebytes quarantined and then deleted them successfully after you rebooted.
The free version of malwarebytes needs to be updated manually and a scan started manually. Its good practice to keep it updated even if you dont do a scan at that time.

If all is good, some tips for you:

10 Tips for Prevention and Avoidance of Malware
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes, media players, browser plugins and add-ons. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Vista and Windows 7 and 8 attempt to address.

8) Install and understand the *limitations* of a software firewall.

9) The why and how to secure (http://www.cert.org/tech_tips/securing_browser/) your browser for safer surfing.

10) Warez, cracks, keygens etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will also encounter malware. A file can be named anything, be nothing but malware or have malware bundled in it.
Do you really trust the source?

More info/tips with pictures in links below.

Happy Safe Surfing.