View Full Version : aswMBR stop
jlb92100
2012-09-26, 16:16
Hi,
I am here because the infection Babylon toolbar prevents me from obtaining logs from aswMBR as you mentioned at "before you post".
Let's me explain you.
First I am using Spybot up to date and find Babylon toolbar items.
Spybot remove that without pb but still here when rescan immediately or after reset.
unfortunately I don't have the log ( but see below)
I try also Malewarebyte in safe mode, but nothing found.
With adwcleaner, removed but still there ( seem deseapear in Internet explorer, but still here in firefox, my default browser.)
SEE THE LOG AT THE END.
Finnaly I follow your Manual Removal Guide
- no indicated folders, but I have made inspection before and I know there is nothing.
- nothing found in registry
I try Regalyz, that remove the detection by spybot.
No pb with DDS.txt and attach.txt but blocked with aswMBR ( windows stop with no indication from OS).
I keep DDS.txt and Attach.txt at your request
Windows 7 - 64 bits uptodate
Thks in advance for your help, and sorry for my poor english ;>))
Jean-louis Baudoux
--------------------------------------
here is the log of adwcleaner.
# AdwCleaner v2.000 - Rapport créé le 23/09/2012 à 16:53:15
# Mis à jour le 30/08/2012 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : jlb - JLB-HP
# Mode de démarrage : Normal
# Exécuté depuis : D:\User_util\securite\anti_Babylon\adwcleaner.exe
# Option [Recherche]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Présent : C:\ProgramData\Browser Manager
***** [Registre] *****
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Présente : HKU\S-1-5-21-443515483-2991178796-696988582-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Donnée Présente : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Valeur Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Navigateurs] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Mozilla Firefox v15.0 (fr)
Nom du profil : default-1348409337555 [Profil par défaut]
Fichier : C:\Users\jlb\AppData\Roaming\Mozilla\Firefox\Profiles\fqj6eua6.default-1348409337555\prefs.js
Présente : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Présente : user_pref("browser.search.order.1", "Search the web (Babylon)");
Présente : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Présente : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3812_8&[...]
*************************
AdwCleaner[R19].txt - [1802 octets] - [23/09/2012 15:26:39]
AdwCleaner[R20].txt - [1909 octets] - [23/09/2012 16:53:15]
########## EOF - C:\AdwCleaner[R20].txt - [1970 octets] ##########
Hi,
I keep DDS.txt and Attach.txt at your request
Please copy-paste contents of DDS logs here.
jlb92100
2012-09-28, 10:29
Hi,
Thks to reply to me. Here after the DDS file
Jean-louis Baudoux
--------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by jlb at 19:25:41 on 2012-09-25
Microsoft Windows*7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3894.1724 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Motorola\Bluetooth\audiosrv.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\eMule\emule.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [tsnpstd3] C:\Windows\tsnpstd3.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\jlb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Envoyer à OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Ajouter au fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir au format PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CFE71F7E-F1CA-480B-B879-552ED7E2F7B2} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{0347C33E-8762-4905-BF09-768834316C61}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE7CD045-E861-484f-8273-0445EE161910}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [tsnpstd3] C:\Windows\tsnpstd3.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
AppInit_DLLs-X64: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jlb\AppData\Roaming\Mozilla\Firefox\Profiles\fqj6eua6.default-1348409337555\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-8-29 23208]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-8-29 3075920]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-8-28 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-28 44808]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2012-8-28 677128]
R2 cbVSCService11;Cobian Backup 11 Service « Volume Shadow Copy »;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-8-29 67584]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe [2011-2-25 87344]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-29 1153368]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-28 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2012-8-28 4181256]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2012-8-28 1096968]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-8-28 1028096]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ezSharedSvc;Easybits Services for Windows; [x]
S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-1 136176]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-8-29 66320]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-29 250568]
S3 BTMCOM;Bluetooth Serial Port;C:\Windows\system32\Drivers\btmcom.sys --> C:\Windows\system32\Drivers\btmcom.sys [?]
S3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\system32\Drivers\btmusb.sys --> C:\Windows\system32\Drivers\btmusb.sys [?]
S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-1 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-28 114144]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== File Associations ===============
.
.scr=SageThumbsImage.scr
.
=============== Created Last 30 ================
.
2012-09-25 07:35:56 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{019F887B-69D0-40C8-B7BA-B4CCF755778D}\mpengine.dll
2012-09-24 12:22:36 -------- d-----w- C:\Program Files\Unlocker
2012-09-22 21:42:44 -------- d-----w- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2012-09-22 21:31:53 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-09-22 21:31:52 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-09-22 21:31:52 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-09-21 18:17:50 -------- d-----w- C:\Program Files\ATI Technologies
2012-09-21 17:06:00 51032 ----a-r- C:\Windows\System32\AdobePDF.dll
2012-09-21 17:06:00 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-09-20 21:06:11 719872 ----a-w- C:\Windows\SysWow64\devil.dll
2012-09-20 21:06:11 70656 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
2012-09-20 21:06:11 70656 ----a-w- C:\Windows\SysWow64\i420vfw.dll
2012-09-20 21:06:11 369152 ----a-w- C:\Windows\SysWow64\avisynth.dll
2012-09-20 21:06:11 32256 ----a-w- C:\Windows\SysWow64\AVSredirect.dll
2012-09-20 21:06:11 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2012-09-20 20:46:46 -------- d-----w- C:\ProgramData\Browser Manager
2012-09-20 20:25:59 178688 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-09-20 20:25:54 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-09-19 16:26:22 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2012-09-19 16:20:03 -------- d-----w- C:\ProgramData\Stardock
2012-09-19 16:19:55 -------- d-----w- C:\Program Files (x86)\Stardock
2012-09-18 19:18:22 -------- d-----w- C:\Program Files\gs
2012-09-18 17:06:23 -------- d-----w- C:\Program Files (x86)\SageThumbs
2012-09-12 07:35:29 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-12 07:34:56 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 07:34:56 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 07:34:55 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 07:34:55 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 07:34:54 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 07:34:54 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 07:34:53 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-05 20:22:00 8107 ----a-w- C:\Windows\w7dsd.reg
2012-09-05 20:22:00 8089 ----a-w- C:\Windows\w7dse.reg
2012-09-05 20:22:00 275360 ----a-w- C:\Windows\System32\DreamScene.dll
2012-09-05 11:48:34 -------- d-----w- C:\Program Files (x86)\Unlocker
2012-09-05 09:35:27 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-09-05 08:41:10 -------- d-----w- C:\Users\jlb\dwhelper
2012-09-04 20:14:12 -------- d-----w- C:\Users\jlb\VirtualBox VMs
2012-09-04 19:32:28 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-09-04 19:32:27 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-09-04 19:32:23 -------- d-----w- C:\Program Files\Oracle
2012-09-04 13:03:23 -------- d-----w- C:\vhd
2012-09-04 12:18:18 -------- d-----w- C:\ubuntu
2012-09-04 09:48:55 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2012-09-04 09:48:54 -------- d-----w- C:\Windows\System32\wbem\en-US
2012-09-04 08:15:55 -------- d-----w- C:\Temp
2012-09-04 08:15:44 -------- d-----w- C:\Program Files\Motorola Inc
2012-09-03 21:55:42 -------- d-----w- C:\Users\jlb\AppData\Roaming\motorola
2012-09-03 21:55:28 -------- d-----w- C:\ProgramData\Motorola
2012-09-03 21:53:50 -------- d-----w- C:\ProgramData\Nero
2012-09-03 21:53:49 -------- d-----w- C:\Users\jlb\AppData\Local\Motorola
2012-09-03 21:53:49 -------- d-----w- C:\Program Files (x86)\Motorola Media Link
2012-09-03 21:53:07 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2012-09-03 21:53:05 -------- d-----w- C:\Program Files (x86)\Motorola
2012-09-03 21:52:23 -------- d-----w- C:\Users\jlb\AppData\Local\Downloaded Installations
2012-09-03 16:36:00 -------- d-----w- C:\Program Files (x86)\bankperfect
2012-09-03 16:31:29 -------- d-----w- C:\Program Files (x86)\MSI
2012-09-03 16:30:55 327168 ----a-w- C:\Windows\IsUninst.exe
2012-09-03 16:30:13 94208 ------w- C:\Windows\amcap.exe
2012-09-03 16:30:06 94208 ------w- C:\Windows\tsnpstd3.exe
2012-09-03 16:30:02 788480 ------w- C:\Windows\SysWow64\drivers\snpstd3.sys
2012-09-03 16:30:02 61440 ------w- C:\Windows\SysWow64\rsnpstd3.dll
2012-09-03 16:30:02 571904 ------w- C:\Windows\SysWow64\csnpstd3.dll
2012-09-03 16:30:02 20480 ------w- C:\Windows\usnpstd3.exe
2012-09-03 16:30:02 -------- d-----w- C:\Program Files (x86)\Common Files\snpstd3
2012-09-03 16:29:41 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-09-03 16:29:41 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-09-03 16:29:41 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-09-03 16:29:41 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-09-03 16:29:41 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-09-03 16:29:40 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-09-03 16:29:40 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-09-03 16:05:28 950272 ----a-w- C:\Windows\SysWow64\PQueen20.dll
2012-09-03 16:05:28 61440 ----a-w- C:\Windows\SysWow64\MFSIFLib2889.dll
2012-09-03 16:05:28 389120 ----a-w- C:\Windows\SysWow64\MCMLDS.dll
2012-09-03 16:05:28 110592 ----a-w- C:\Windows\SysWow64\pfudsrv.dll
2012-09-03 16:05:27 278528 ----a-w- C:\Windows\SysWow64\MFSLib2889.dll
2012-09-03 16:05:27 126976 ----a-w- C:\Windows\SysWow64\MFSBaseLib2889.dll
2012-09-03 16:05:27 -------- d-----w- C:\Program Files (x86)\DS_Dual3
2012-09-03 15:47:20 23040 ----a-w- C:\Windows\SysWow64\irisco32.dll
2012-09-03 15:46:38 -------- d-----w- C:\Program Files (x86)\Readiris Pro 9
2012-09-03 15:40:54 -------- d-----w- C:\Program Files (x86)\Canon
2012-09-03 15:40:38 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-09-03 15:40:38 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-09-03 15:40:38 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-09-03 15:40:38 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-09-03 15:40:37 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-09-03 14:51:27 64512 ----a-w- C:\Windows\System32\CNQU110.DLL
2012-09-03 14:51:27 193024 ----a-w- C:\Windows\System32\CNQL1213.DLL
2012-09-03 14:51:27 -------- d--h--w- C:\CanoScan
2012-09-03 14:47:31 -------- d-----w- C:\ProgramData\WEBREG
2012-09-03 14:47:01 -------- d-----w- C:\Users\jlb\AppData\Local\HP
2012-09-03 14:46:30 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-09-03 14:43:25 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2012-09-03 13:26:45 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-09-02 21:53:33 -------- d-----w- C:\Users\jlb\AppData\Roaming\XnView
2012-09-02 21:27:48 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-09-02 21:26:50 -------- d-----w- C:\Users\jlb\AppData\Roaming\uTorrent
2012-09-02 20:59:22 -------- d-----w- C:\ProgramData\eMule
2012-09-02 20:58:53 -------- d-----w- C:\Users\jlb\AppData\Local\eMule
2012-09-02 20:58:51 -------- d-----w- C:\Program Files (x86)\eMule
2012-09-02 20:48:25 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2012-09-02 20:48:25 -------- d-----r- C:\Users\jlb\SkyDrive
2012-09-02 20:47:59 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2012-09-02 20:46:59 -------- d-----w- C:\Program Files (x86)\MSECache
2012-09-01 20:01:00 -------- d-----w- C:\Users\jlb\AppData\Local\Yahoo
2012-09-01 20:00:56 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-09-01 16:36:38 -------- d-----w- C:\Users\jlb\.VirtualBox
2012-09-01 16:32:13 -------- d-----w- C:\Users\jlb\AppData\Roaming\Mobile Action
2012-09-01 16:32:13 -------- d-----w- C:\Program Files (x86)\Mobile Action
2012-08-31 22:28:52 -------- d-----w- C:\Users\jlb\AppData\Local\Google
2012-08-31 22:18:40 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-08-31 22:18:39 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2012-08-31 22:18:09 -------- d-----w- C:\Users\jlb\AppData\Roaming\Todae
2012-08-31 22:18:06 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-08-31 21:59:10 -------- d-----w- C:\Program Files (x86)\eRightSoft
2012-08-31 21:37:24 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2012-08-31 21:30:33 88 --sh--r- C:\Windows\SysWow64\4B198299A4.sys
2012-08-31 21:30:33 2932 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-08-31 21:30:10 -------- d-----w- C:\ProgramData\Corel
2012-08-31 21:22:08 -------- d-----w- C:\Windows\SysWow64\Spool
2012-08-31 21:20:32 -------- d-----w- C:\Program Files (x86)\Corel
2012-08-31 20:51:03 -------- d-----w- C:\Program Files (x86)\Microsoft Math 3.0
2012-08-31 18:11:02 -------- d-----w- C:\Program Files (x86)\XnView
2012-08-31 16:20:17 -------- d-----w- C:\Program Files (x86)\Macromedia
2012-08-31 16:20:17 -------- d-----w- C:\Program Files (x86)\Common Files\Macromedia
2012-08-31 16:19:51 262144 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll
2012-08-31 16:19:51 180224 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll
2012-08-31 16:19:50 409600 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll
2012-08-31 16:19:50 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll
2012-08-31 16:19:50 172032 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll
2012-08-31 16:19:49 761856 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
2012-08-31 16:19:49 540772 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll
2012-08-31 16:19:46 -------- d-----w- C:\Windows\Downloaded Installations
2012-08-31 12:39:45 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-08-31 12:34:14 -------- d-----w- C:\Users\jlb\AppData\Roaming\Macrovision
2012-08-31 12:23:05 -------- d-----w- C:\Users\jlb\AppData\Local\Adobe
2012-08-31 12:22:04 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-30 22:46:05 -------- d-----w- C:\Users\jlb\AppData\Local\HP MediaSmart Video
2012-08-30 22:22:36 -------- d-----w- C:\Users\jlb\AppData\Roaming\Auslogics
2012-08-30 21:55:14 -------- d-----w- C:\Users\jlb\AppData\Local\Microsoft Games
2012-08-29 21:43:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-29 21:43:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-29 21:38:47 -------- d-----w- C:\Program Files (x86)\jv16 PowerTools 2008
2012-08-29 21:26:14 -------- d-----w- C:\Users\jlb\AppData\Local\Macromedia
2012-08-29 21:25:20 -------- d-----w- C:\Program Files (x86)\Auslogics
2012-08-29 21:23:33 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-29 21:23:33 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-29 21:11:12 -------- d-----w- C:\Users\jlb\AppData\Local\NeoSmart_Technologies
2012-08-29 21:09:03 -------- d-----w- C:\Program Files (x86)\NeoSmart Technologies
2012-08-29 21:04:34 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2012-08-29 21:02:19 -------- d-----w- C:\Users\jlb\AppData\Roaming\TrueCrypt
2012-08-29 21:00:51 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2012-08-29 21:00:38 -------- d-----w- C:\Program Files\TrueCrypt
2012-08-29 20:57:44 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-08-29 19:59:33 -------- d-----w- C:\Users\jlb\AppData\Local\WindowsUpdate
2012-08-29 19:52:15 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-08-29 19:52:15 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-08-29 19:27:18 -------- d-----w- C:\Windows\System32\SPReview
2012-08-29 18:57:51 2560 ----a-w- C:\Windows\System32\drivers\fr-FR\rdpwd.sys.mui
2012-08-29 18:57:47 3072 ----a-w- C:\Windows\System32\drivers\fr-FR\serscan.sys.mui
2012-08-29 18:57:38 3584 ----a-w- C:\Windows\System32\drivers\fr-FR\tsusbflt.sys.mui
2012-08-29 18:53:59 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-08-29 18:52:59 958464 ----a-w- C:\Windows\System32\actxprxy.dll
2012-08-29 18:51:59 128512 ----a-w- C:\Windows\SysWow64\EhStorAPI.dll
2012-08-29 18:51:58 72192 ----a-w- C:\Windows\System32\fdeploy.dll
2012-08-29 18:51:58 71168 ----a-w- C:\Windows\System32\findstr.exe
2012-08-29 18:51:58 17920 ----a-w- C:\Windows\System32\fixmapi.exe
2012-08-29 18:51:57 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-08-29 18:48:42 -------- d-----w- C:\Windows\System32\EventProviders
2012-08-29 16:37:41 -------- d-----w- C:\Users\jlb\AppData\Local\Diagnostics
2012-08-29 16:29:42 -------- d-----w- C:\Users\jlb\AppData\Roaming\Malwarebytes
2012-08-29 16:29:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-29 16:29:25 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-29 16:29:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-29 16:22:22 -------- d-----w- C:\Program Files\CCleaner
2012-08-29 16:19:39 -------- d-----w- C:\Program Files\Defraggler
2012-08-29 16:08:29 -------- d-----w- C:\Program Files (x86)\RocketDock
2012-08-29 12:28:41 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-08-29 12:27:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-08-29 12:26:43 -------- d-----w- C:\Windows\SHELLNEW
2012-08-29 12:26:43 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-08-29 12:26:16 -------- d-----w- C:\Users\jlb\AppData\Local\Microsoft Help
2012-08-29 12:14:52 -------- d-----w- C:\Program Files (x86)\Alcohol Soft
2012-08-29 12:11:32 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-08-29 02:21:37 -------- d-----w- C:\Windows\ehome
2012-08-29 02:18:32 -------- d-----w- C:\ProgramData\Recovery
2012-08-28 21:52:25 -------- d-----w- C:\Users\jlb\AppData\Local\ElevatedDiagnostics
2012-08-28 21:48:48 -------- d-----w- C:\ProgramData\LightScribe
2012-08-28 21:43:47 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-28 21:38:52 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-28 21:38:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-28 21:38:51 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-28 21:38:25 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-28 21:38:12 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-28 21:38:12 -------- d-----w- C:\Program Files\AVAST Software
2012-08-28 21:13:57 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-28 20:48:05 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-08-28 20:48:05 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-28 20:48:04 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-08-28 20:48:04 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-08-28 20:48:04 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-08-28 20:48:04 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-08-28 20:48:04 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-08-28 20:48:04 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-08-28 20:48:04 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-08-28 20:48:04 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-08-28 20:48:04 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-08-28 20:47:13 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-08-28 20:47:13 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2012-08-28 20:47:13 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-08-28 20:47:13 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-08-28 20:47:13 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-08-28 20:47:13 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-08-28 20:47:13 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-08-28 20:47:13 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-08-28 20:47:13 229376 ----a-w- C:\Windows\System32\fsquirt.exe
2012-08-28 20:36:20 -------- d-----w- C:\Users\jlb\AppData\Local\Mozilla
2012-08-28 20:36:14 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-28 20:34:54 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-08-28 20:34:38 -------- d-----w- C:\Windows\SysWow64\Wat
2012-08-28 20:34:37 -------- d-----w- C:\Windows\System32\Wat
2012-08-28 19:55:06 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-08-28 19:51:21 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-08-28 19:39:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-08-28 19:39:59 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-08-28 19:39:59 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-08-28 19:39:59 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-08-28 19:39:59 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-28 19:39:59 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-28 19:39:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-08-28 19:35:22 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-08-28 19:35:22 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-08-28 19:35:16 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-28 19:35:16 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-28 19:35:16 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-28 19:35:15 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-28 19:33:59 2871808 ----a-w- C:\Windows\explorer.exe
2012-08-28 19:32:41 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-08-28 19:27:56 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-08-28 19:26:41 77312 ----a-w- C:\Windows\System32\packager.dll
2012-08-28 19:26:41 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-08-28 19:16:33 -------- d-----w- C:\Users\jlb\AppData\Local\ATI
2012-08-28 19:15:34 -------- d-----w- C:\Users\jlb\AppData\Roaming\hpqLog
2012-08-28 19:14:40 -------- d-----w- C:\Users\jlb\AppData\Local\Hewlett-Packard
2012-08-28 19:14:22 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-08-28 19:14:21 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-08-28 19:14:21 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-08-28 16:56:23 144347472 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc203C.tmp
2012-08-28 16:50:26 -------- d-----w- C:\Program Files (x86)\HP Games
2012-08-28 16:50:24 -------- d-----w- C:\ProgramData\WildTangent
2012-08-28 16:48:57 -------- d-----w- C:\ProgramData\Norton
2012-08-28 16:48:39 -------- d-----w- C:\ProgramData\NortonInstaller
2012-08-28 16:46:48 540920 ----a-w- C:\Program Files (x86)\Online Services\Omnifone\MusicStation.exe
2012-08-28 16:35:51 0 ----a-w- C:\Windows\ativpsrm.bin
2012-08-28 16:34:52 -------- d-----w- C:\Windows\Hewlett-Packard
2012-08-28 16:34:14 -------- d-----w- C:\Windows\Driver Cache
2012-08-28 16:34:14 -------- d-----w- C:\Program Files (x86)\HP
2012-08-28 16:34:06 52736 ----a-w- C:\Windows\System32\drivers\btmcom.sys
2012-08-28 16:33:49 336136 ----a-w- C:\Windows\System32\btmcls.dll
2012-08-28 16:33:48 3232768 ----a-w- C:\Windows\System32\drivers\btmusb.sys
2012-08-28 16:33:48 -------- d-----w- C:\Program Files\Motorola
2012-08-28 16:33:48 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2012-08-28 16:33:47 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2012-08-28 16:33:42 -------- d-----w- C:\Program Files (x86)\Ralink
2012-08-28 16:33:33 931168 ----a-w- C:\Windows\System32\drivers\netr28x.sys
2012-08-28 16:33:33 327008 ----a-w- C:\Windows\System32\RaCoInstx.dll
2012-08-28 16:33:33 -------- d-----w- C:\ProgramData\Ralink Driver
2012-08-28 16:32:37 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-08-28 16:32:20 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
2012-08-28 16:32:20 442368 ----a-w- C:\Windows\System32\AESTEC64.dll
2012-08-28 16:32:20 162304 ----a-w- C:\Windows\System32\AESTAC64.dll
2012-08-28 16:32:19 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2012-08-28 16:32:19 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-08-28 16:32:19 487424 ----a-w- C:\Windows\sttray64.exe
2012-08-28 16:32:19 3467264 ----a-w- C:\Windows\System32\stlang64.dll
2012-08-28 16:32:19 12800512 ----a-w- C:\Windows\System32\idtcpl64.cpl
2012-08-28 16:32:18 -------- d-----w- C:\Windows\System32\SRSLabs
2012-08-28 16:31:50 515584 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2012-08-28 16:31:50 209920 ----a-w- C:\Windows\System32\staco64.dll
2012-08-28 16:31:49 645632 ------w- C:\Windows\System32\stapi64.dll
2012-08-28 16:31:49 431616 ----a-w- C:\Windows\System32\stcplx64.dll
2012-08-28 16:31:49 1465344 ----a-w- C:\Windows\System32\stapo64.dll
2012-08-28 16:31:47 -------- d-----w- C:\Program Files\IDT
2012-08-28 16:31:44 7367200 ----a-w- C:\Windows\System32\RTSUSTORicon.dll
2012-08-28 16:31:41 232992 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys
2012-08-28 16:31:41 -------- d-----w- C:\Program Files (x86)\Realtek
2012-08-28 16:31:21 -------- d-----w- C:\Program Files\Validity Sensors
2012-08-28 16:31:10 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2012-08-28 16:30:55 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-08-28 16:30:36 -------- d-----w- C:\Program Files\Synaptics
2012-08-28 16:29:04 -------- d-----w- C:\Program Files\ATI
2012-08-28 16:29:03 -------- d-----w- C:\Program Files (x86)\ATI Technologies
.
==================== Find3M ====================
.
2012-08-29 19:21:42 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-08-29 19:21:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-08-28 18:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-20 15:23:52 166232 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-08-20 15:23:52 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-08-20 15:23:50 320856 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2006-05-03 10:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-06 22:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 19:27:13,26 ===============
Please post attach.txt contents too.
jlb92100
2012-09-29, 18:08
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows*7 Édition Familiale Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 28/08/2012 21:10:12
System Uptime: 25/09/2012 19:18:02 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 144A
Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | CPU | 1999/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 195 GiB total, 69,4 GiB free.
D: is FIXED (NTFS) - 250 GiB total, 84,871 GiB free.
E: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP63: 22/09/2012 18:15:30 - Windows Update
RP64: 22/09/2012 23:31:56 - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Français
Adobe Shockwave Player 11.5
Agatha Christie - Death on the Nile
Android Sync Manager WiFi
Archiveur WinRAR
µTorrent
AusLogics BoostSpeed
avast! Free Antivirus
BankPerfect 3.12
Bejeweled 2 Deluxe
BufferChm
CanoScan Toolbox Ver4.1
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cobian Backup 11 Gravity
Corel Paint Shop Pro Photo XI
CyberLink DVD Suite
D2400
D2400_Help
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Détection de l'application Winamp
DVD Menu Pack for HP MediaSmart Video
EasyBCD 2.1.2
Emsisoft Anti-Malware
eMule
Energy Star Digital Logo
ESU for Microsoft Windows 7
FATE
FileZilla Client 3.5.3
Galerie de photos Windows Live
Google Update Helper
Google*Earth
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IDT Audio
Insaniquarium Deluxe
Installation Windows Live
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Java Auto Updater
Java(TM) 6 Update 35
Jewel Quest II
Jewel Quest Solitaire
John Deere Drive Green
Junk Mail filter update
jv16 PowerTools 2008
K-Lite Codec Pack 9.2.0 (Basic)
LabelPrint
LightScribe System Software
Macromedia Dreamweaver 8
Macromedia Extension Manager
Magic Desktop
Malwarebytes Anti-Malware version 1.65.0.1400
MarketResearch
Microsoft Choice Guard
Microsoft Math 3.0
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (French) 2010
Microsoft Office Excel MUI (French) 2010
Microsoft Office Groove MUI (French) 2010
Microsoft Office InfoPath MUI (French) 2010
Microsoft Office OneNote MUI (French) 2010
Microsoft Office Outlook MUI (French) 2010
Microsoft Office PowerPoint MUI (French) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professionnel Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (French) 2010
Microsoft Office Publisher MUI (French) 2010
Microsoft Office Shared MUI (French) 2010
Microsoft Office Word MUI (French) 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Minolta DiMAGE Scan Dual3 ver 1.0
MotoHelper 2.1.32 Driver 5.4.0
MotoHelper MergeModules
MOTOROLA MEDIA LINK
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 15.0 (x86 fr)
Mozilla Firefox 15.0.1 (x86 fr)
Mozilla Maintenance Service
MSI Star Cam 370i
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyGuard Live
Notepad++
Outil de téléchargement Windows Live
Penguins!
PhotoNow!
Plants vs. Zombies
Polar Bowler
Power2Go
PowerDirector
PX Profile Update
Ralink RT3090 802.11b/g/n WiFi Adapter
Readiris Pro 9
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
RocketDock 1.3.5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Slingo Deluxe
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
SUPER © v2012.build.52 (July 7, 2012) version v2012.build.52
Toolbox
TrayApp
TrueCrypt
Ubuntu
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Virtual Villagers - The Secret City
VLC media player 2.0.3
WebReg
Wedding Dash
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live FolderShare
Windows Live Mail
Windows Live Messenger
Windows Live Writer
Yahoo! Install Manager
Yahoo! Widgets
Zuma Deluxe
.
==== End Of File ===========================
Hi,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
eMule
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please uninstall the programs listed above (in red).
When done post fresh DDS logs (dds.txt & attach.txt) contents + Spybot results.
jlb92100
2012-09-30, 22:35
nothing detected by spybot ( ending normaly)
here after the dds.txt and attch as zip file
I have remoded the 2 software installed by my son when I am on hollidays.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by jlb at 21:24:58 on 2012-09-30
Microsoft Windows*7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3894.1957 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Motorola\Bluetooth\audiosrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\tsnpstd3.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Programme d’aide de l’Assistant de connexion au compte Microsoft: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [tsnpstd3] C:\Windows\tsnpstd3.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\jlb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Envoyer à OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Ajouter au fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir au format PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CFE71F7E-F1CA-480B-B879-552ED7E2F7B2} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{0347C33E-8762-4905-BF09-768834316C61}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE7CD045-E861-484f-8273-0445EE161910}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [tsnpstd3] C:\Windows\tsnpstd3.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
AppInit_DLLs-X64: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jlb\AppData\Roaming\Mozilla\Firefox\Profiles\fqj6eua6.default-1348409337555\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=181d524200000000000060eb6943ca9a
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-8-29 23208]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-8-29 3075920]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-8-28 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-28 44808]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2012-8-28 677128]
R2 cbVSCService11;Cobian Backup 11 Service « Volume Shadow Copy »;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-8-29 67584]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe [2011-2-25 87344]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-29 1153368]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-28 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2012-8-28 4181256]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2012-8-28 1096968]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-8-28 1028096]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ezSharedSvc;Easybits Services for Windows; [x]
S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-1 136176]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-8-29 66320]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-29 250568]
S3 BTMCOM;Bluetooth Serial Port;C:\Windows\system32\Drivers\btmcom.sys --> C:\Windows\system32\Drivers\btmcom.sys [?]
S3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\system32\Drivers\btmusb.sys --> C:\Windows\system32\Drivers\btmusb.sys [?]
S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-1 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-28 114144]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== File Associations ===============
.
.scr=SageThumbsImage.scr
.
=============== Created Last 30 ================
.
2012-09-29 21:04:16 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{22817433-090B-40CE-AEBA-8EF69A8489E8}\offreg.dll
2012-09-28 07:20:04 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{22817433-090B-40CE-AEBA-8EF69A8489E8}\mpengine.dll
2012-09-27 11:07:04 -------- d-----w- C:\Users\jlb\AppData\Roaming\Windows Live Writer
2012-09-27 11:07:04 -------- d-----w- C:\Users\jlb\AppData\Local\Windows Live Writer
2012-09-27 10:33:47 -------- d-----w- C:\Users\jlb\Tracing
2012-09-27 10:27:38 -------- d-----w- C:\Windows\fr
2012-09-27 10:09:58 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2012-09-27 10:09:58 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2012-09-27 10:09:58 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2012-09-27 10:09:58 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2012-09-27 10:09:57 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2012-09-27 10:09:57 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-09-27 10:09:56 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2012-09-27 10:09:56 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-09-27 10:09:25 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-09-27 10:09:25 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-09-27 10:08:24 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\700d1361cd9c9805\DSETUP.dll
2012-09-27 10:08:24 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\700d1361cd9c9805\DXSETUP.exe
2012-09-27 10:08:24 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\700d1361cd9c9805\dsetup32.dll
2012-09-27 10:08:22 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\522e2761cd9c9804\DXSETUP.exe
2012-09-27 10:08:21 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\522e2761cd9c9804\DSETUP.dll
2012-09-27 10:08:21 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\522e2761cd9c9804\dsetup32.dll
2012-09-27 10:08:16 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28d60d71cd9c9802\DSETUP.dll
2012-09-27 10:08:16 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28d60d71cd9c9802\DXSETUP.exe
2012-09-27 10:08:16 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28d60d71cd9c9802\dsetup32.dll
2012-09-27 10:08:07 -------- d-----w- C:\Users\jlb\AppData\Local\Windows Live
2012-09-26 08:17:07 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-25 21:23:30 -------- d-----w- C:\Users\jlb\AppData\Roaming\Safer Networking
2012-09-25 21:22:56 -------- d-----w- C:\Program Files (x86)\Safer Networking
2012-09-24 12:22:36 -------- d-----w- C:\Program Files\Unlocker
2012-09-22 21:42:44 -------- d-----w- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2012-09-22 21:31:53 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-09-22 21:31:52 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-09-22 21:31:52 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-09-21 18:17:50 -------- d-----w- C:\Program Files\ATI Technologies
2012-09-21 17:06:00 51032 ----a-r- C:\Windows\System32\AdobePDF.dll
2012-09-21 17:06:00 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-09-20 21:06:11 719872 ----a-w- C:\Windows\SysWow64\devil.dll
2012-09-20 21:06:11 70656 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
2012-09-20 21:06:11 70656 ----a-w- C:\Windows\SysWow64\i420vfw.dll
2012-09-20 21:06:11 369152 ----a-w- C:\Windows\SysWow64\avisynth.dll
2012-09-20 21:06:11 32256 ----a-w- C:\Windows\SysWow64\AVSredirect.dll
2012-09-20 21:06:11 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2012-09-20 20:46:46 -------- d-----w- C:\ProgramData\Browser Manager
2012-09-20 20:25:59 178688 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-09-20 20:25:54 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-09-19 16:26:22 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2012-09-19 16:20:03 -------- d-----w- C:\ProgramData\Stardock
2012-09-19 16:19:55 -------- d-----w- C:\Program Files (x86)\Stardock
2012-09-18 19:18:22 -------- d-----w- C:\Program Files\gs
2012-09-18 17:06:23 -------- d-----w- C:\Program Files (x86)\SageThumbs
2012-09-12 07:35:29 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-12 07:34:56 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 07:34:56 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 07:34:55 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 07:34:55 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 07:34:54 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 07:34:54 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 07:34:53 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-05 20:22:00 8107 ----a-w- C:\Windows\w7dsd.reg
2012-09-05 20:22:00 8089 ----a-w- C:\Windows\w7dse.reg
2012-09-05 20:22:00 275360 ----a-w- C:\Windows\System32\DreamScene.dll
2012-09-05 11:48:34 -------- d-----w- C:\Program Files (x86)\Unlocker
2012-09-05 09:35:27 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-09-05 08:41:10 -------- d-----w- C:\Users\jlb\dwhelper
2012-09-04 20:14:12 -------- d-----w- C:\Users\jlb\VirtualBox VMs
2012-09-04 19:32:28 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-09-04 19:32:27 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-09-04 19:32:23 -------- d-----w- C:\Program Files\Oracle
2012-09-04 13:03:23 -------- d-----w- C:\vhd
2012-09-04 12:18:18 -------- d-----w- C:\ubuntu
2012-09-04 09:48:55 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2012-09-04 09:48:54 -------- d-----w- C:\Windows\System32\wbem\en-US
2012-09-04 08:15:55 -------- d-----w- C:\Temp
2012-09-04 08:15:44 -------- d-----w- C:\Program Files\Motorola Inc
2012-09-03 21:55:42 -------- d-----w- C:\Users\jlb\AppData\Roaming\motorola
2012-09-03 21:55:28 -------- d-----w- C:\ProgramData\Motorola
2012-09-03 21:53:50 -------- d-----w- C:\ProgramData\Nero
2012-09-03 21:53:49 -------- d-----w- C:\Users\jlb\AppData\Local\Motorola
2012-09-03 21:53:49 -------- d-----w- C:\Program Files (x86)\Motorola Media Link
2012-09-03 21:53:07 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2012-09-03 21:53:05 -------- d-----w- C:\Program Files (x86)\Motorola
2012-09-03 21:52:23 -------- d-----w- C:\Users\jlb\AppData\Local\Downloaded Installations
2012-09-03 16:36:00 -------- d-----w- C:\Program Files (x86)\bankperfect
2012-09-03 16:31:29 -------- d-----w- C:\Program Files (x86)\MSI
2012-09-03 16:30:55 327168 ----a-w- C:\Windows\IsUninst.exe
2012-09-03 16:30:13 94208 ------w- C:\Windows\amcap.exe
2012-09-03 16:30:06 94208 ------w- C:\Windows\tsnpstd3.exe
2012-09-03 16:30:02 788480 ------w- C:\Windows\SysWow64\drivers\snpstd3.sys
2012-09-03 16:30:02 61440 ------w- C:\Windows\SysWow64\rsnpstd3.dll
2012-09-03 16:30:02 571904 ------w- C:\Windows\SysWow64\csnpstd3.dll
2012-09-03 16:30:02 20480 ------w- C:\Windows\usnpstd3.exe
2012-09-03 16:30:02 -------- d-----w- C:\Program Files (x86)\Common Files\snpstd3
2012-09-03 16:29:41 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-09-03 16:29:41 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-09-03 16:29:41 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-09-03 16:29:41 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-09-03 16:29:41 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-09-03 16:29:40 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-09-03 16:29:40 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-09-03 16:05:28 950272 ----a-w- C:\Windows\SysWow64\PQueen20.dll
2012-09-03 16:05:28 61440 ----a-w- C:\Windows\SysWow64\MFSIFLib2889.dll
2012-09-03 16:05:28 389120 ----a-w- C:\Windows\SysWow64\MCMLDS.dll
2012-09-03 16:05:28 110592 ----a-w- C:\Windows\SysWow64\pfudsrv.dll
2012-09-03 16:05:27 278528 ----a-w- C:\Windows\SysWow64\MFSLib2889.dll
2012-09-03 16:05:27 126976 ----a-w- C:\Windows\SysWow64\MFSBaseLib2889.dll
2012-09-03 16:05:27 -------- d-----w- C:\Program Files (x86)\DS_Dual3
2012-09-03 15:47:20 23040 ----a-w- C:\Windows\SysWow64\irisco32.dll
2012-09-03 15:46:38 -------- d-----w- C:\Program Files (x86)\Readiris Pro 9
2012-09-03 15:40:54 -------- d-----w- C:\Program Files (x86)\Canon
2012-09-03 15:40:38 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-09-03 15:40:38 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-09-03 15:40:38 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-09-03 15:40:38 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-09-03 15:40:37 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-09-03 14:51:27 64512 ----a-w- C:\Windows\System32\CNQU110.DLL
2012-09-03 14:51:27 193024 ----a-w- C:\Windows\System32\CNQL1213.DLL
2012-09-03 14:51:27 -------- d--h--w- C:\CanoScan
2012-09-03 14:47:31 -------- d-----w- C:\ProgramData\WEBREG
2012-09-03 14:47:01 -------- d-----w- C:\Users\jlb\AppData\Local\HP
2012-09-03 14:46:30 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-09-03 14:43:25 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2012-09-03 13:26:45 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-09-02 21:53:33 -------- d-----w- C:\Users\jlb\AppData\Roaming\XnView
2012-09-02 21:26:50 -------- d-----w- C:\Users\jlb\AppData\Roaming\uTorrent
2012-09-02 20:59:22 -------- d-----w- C:\ProgramData\eMule
2012-09-02 20:58:53 -------- d-----w- C:\Users\jlb\AppData\Local\eMule
2012-09-02 20:48:25 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2012-09-02 20:48:25 -------- d-----r- C:\Users\jlb\SkyDrive
2012-09-02 20:47:59 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2012-09-02 20:46:59 -------- d-----w- C:\Program Files (x86)\MSECache
2012-09-01 20:01:00 -------- d-----w- C:\Users\jlb\AppData\Local\Yahoo
2012-09-01 20:00:56 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-09-01 16:36:38 -------- d-----w- C:\Users\jlb\.VirtualBox
2012-09-01 16:32:13 -------- d-----w- C:\Users\jlb\AppData\Roaming\Mobile Action
2012-09-01 16:32:13 -------- d-----w- C:\Program Files (x86)\Mobile Action
2012-08-31 22:28:52 -------- d-----w- C:\Users\jlb\AppData\Local\Google
2012-08-31 22:18:40 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-08-31 22:18:39 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2012-08-31 22:18:09 -------- d-----w- C:\Users\jlb\AppData\Roaming\Todae
2012-08-31 22:18:06 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-08-31 21:59:10 -------- d-----w- C:\Program Files (x86)\eRightSoft
2012-08-31 21:37:24 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2012-08-31 21:30:33 88 --sh--r- C:\Windows\SysWow64\4B198299A4.sys
2012-08-31 21:30:33 2880 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-08-31 21:30:10 -------- d-----w- C:\ProgramData\Corel
2012-08-31 21:22:08 -------- d-----w- C:\Windows\SysWow64\Spool
2012-08-31 21:20:32 -------- d-----w- C:\Program Files (x86)\Corel
2012-08-31 20:51:03 -------- d-----w- C:\Program Files (x86)\Microsoft Math 3.0
.
==================== Find3M ====================
.
2012-09-07 15:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-05 16:41:15 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-05 16:41:15 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-29 21:00:51 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2012-08-29 19:21:42 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-08-29 19:21:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-08-28 18:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-28 16:35:51 0 ----a-w- C:\Windows\ativpsrm.bin
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-21 09:13:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-20 15:23:52 166232 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-08-20 15:23:52 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-08-20 15:23:50 320856 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-07-28 01:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-07-28 00:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR
2012-07-26 17:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2012-07-26 17:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2012-07-26 17:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2012-07-26 17:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll
2012-07-26 17:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll
2012-07-26 13:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2012-07-26 13:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2012-07-26 13:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2012-07-26 13:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll
2012-07-26 13:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-17 13:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL
2012-07-17 12:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2006-05-03 10:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-06 22:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 21:26:20,39 ===============
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
jlb92100
2012-10-01, 18:42
Hi,
First Combofix
second dds.txt
third attach.txt
all attached as Zip files
thks for your reply.
Jean-Louis
Hi again,
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Open notepad and copy/paste the text in the quotebox below into it:
Firefox::
FF - ProfilePath - C:\Users\jlb\AppData\Roaming\Mozilla\Firefox\Profiles\fqj6eua6.default-1348409337555\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
Folder::
C:\Users\jlb\AppData\Roaming\uTorrent
C:\ProgramData\eMule
C:\Users\jlb\AppData\Local\eMule
DDS::
mWindow Title =
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Any issues left?
jlb92100
2012-10-02, 10:20
Hi,
here attached the files, except ESET just below.
D:\Documents\html\Kit Graphique\Kits Graphique\Adulte\Ladies-Club5\functions.php PHP/Obfuscated.F application
D:\Documents\RESEAU2000\COURS2011\_7 Seven\doc generale 7\W7-logon-background-changer.exe a variant of Win32/SoftonicDownloader.A application
D:\User_util\bureautique&html\adobe_macromedia\Acrobat9 pro\Adobe.Acrobat.9.0.Pro.Extended.Keymaker.Only-EDGE\keygen.exe probably a variant of Win32/Agent.DQPHVKD trojan
D:\User_util\images&videos\video\Setup_FreeVideoConverter.exe Win32/Toolbar.Widgi application
D:\User_util\securite\Sumo_ check updates\sumo.exe Win32/Adware.Linkular.AC application
D:\User_util\securite\unlocker\unlocker_unlocker_1.9.0_32_bits_francais_20237.exe Win32/Adware.ADON application
I know one of thread (Adobe keygen) but it is not necessary to use
And I don't use to install .....just here the text.
------------------
<snip>
------------------
Hi,
Delete D:\User_util\bureautique&html\adobe_macromedia\Acrobat9 pro\Adobe.Acrobat.9.0.Pro.Extended.Keymaker.Only-EDGE folder. Are there still problems left?
jlb92100
2012-10-03, 01:01
Hi,
the pb is still there.
Only AdwCleaner detect the babylon toolbar in firefox but don't remove.
find the log below
the jpeg image is the result of about:config (search babylon) after reset
Nothing detected by S&D, Malewarebyte and other stuff we test last week, including remove & reintall ffx I have made.
The result is certainly due to partial remove from my side.
? may be reinstalling the tollbar and after remove correcty with your prescription ?
here the log
_________________
# AdwCleaner v2.000 - Rapport créé le 02/10/2012 à 23:44:37
# Mis à jour le 30/08/2012 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : jlb - JLB-HP
# Mode de démarrage : Normal
# Exécuté depuis : D:\User_util\securite\anti_Babylon\adwcleaner.exe
# Option [Recherche]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Présent : C:\ProgramData\Browser Manager
***** [Registre] *****
Donnée Présente : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
***** [Navigateurs] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Mozilla Firefox v15.0 (fr)
Nom du profil : default-1348409337555 [Profil par défaut]
Fichier : C:\Users\jlb\AppData\Roaming\Mozilla\Firefox\Profiles\fqj6eua6.default-1348409337555\prefs.js
Présente : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Présente : user_pref("browser.search.order.1", "Search the web (Babylon)");
Présente : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
____________________
Hi,
I think it's time to restore default Firefox settings:
type about:support to the Firefox url address field. Then use Reset Firefox button (like shown here (http://people.mozilla.org/~mverdi/screenshots/reset-from-support-20110629-233613.jpg)).
jlb92100
2012-10-03, 11:58
Hi,
Still here after reseting Firefox.
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
AppInit_DLLs: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll c:\progra~3\browse~1\22643~1.41\{16cdf~1\browsemngr.dll
Folder::
C:\ProgramData\Browser Manager
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log and fresh DDS logs.
jlb92100
2012-10-03, 23:46
Hi,
interesting ....
attached the 3 files needed.
I don't rerun windows.
When I open firefox with new page, babylon is deseaper... Nice.
Windows update found a new strange update with NO description and size.
I don't accept...
here attched the capture as jpg. First time I see that.
My last utdate (by date) is the following :
------------
Definition Update for Windows Defender - KB915597 (Definition 1.137.635.0)
Date d'installation*: 28/09/2012 09:20
État de l'installation*: Réussite
------------
Let me know if you are aware of that .
So , I send you the stuff. I reset my omputer and I post the result immediately.
jlb92100
2012-10-04, 00:04
Hi,
Just after reset.
Nice. ffx have no Balylon tollbar.
the starnge update desapear even I don't accept to install before leaving.
Did you have made something explaning that ?
PERSO
my son is MSP at Microsoft France.
May be you are interesting to see ...
http://www.velersoftware.com/?lang=en
Best Regards
J-L Baudoux
Hi,
That update is not malicious so it's ok to install it if it still shows up :) Any symptoms left or shall we move on to the final steps?
jlb92100
2012-10-05, 23:40
Hi,
I have no symptom after 2 days.
Tks a lot for the remove.
We move on the final step as you propose?
Best regard
Jean-louis
Good. Let's see the final steps then :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool: