.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by E at 12:48:19 on 2011-12-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.3957.2582 [GMT -2:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\Rezip.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\windows\system32\Dwm.exe
C:\windows\explorer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
uWinlogon: Shell=C:\Users\E\AppData\Local\ce680107\X
BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files (x86)\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DACE21EB-C065-4551-A94F-E84A92815EA3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DACE21EB-C065-4551-A94F-E84A92815EA3}\D4943425F454C4544525F4E4943414 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DACE21EB-C065-4551-A94F-E84A92815EA3}\E4F647560205164756C6C6960214365627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F37648D8-9DE9-4418-BD56-F15E07CCD79D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F7BABD8C-D1ED-4CB1-92B7-CD9B5C4B5BEF} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1
www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\E\AppData\Roaming\Mozilla\Firefox\Profiles\dw69y0it.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\E\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\E\AppData\Roaming\Mozilla\Firefox\Profiles\dw69y0it.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cpuz135;cpuz135;\??\C:\windows\system32\drivers\cpuz135_x64.sys --> C:\windows\system32\drivers\cpuz135_x64.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-20 2253120]
R2 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-6-19 311296]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-20 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\system32\drivers\btwampfl.sys --> C:\windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-23 13:07:18 -------- d-----w- C:\Users\E\AppData\Roaming\Malwarebytes
2011-12-23 13:07:13 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-23 13:07:10 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-12-23 13:07:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-23 12:41:23 -------- d-----w- C:\Program Files\CCleaner
2011-12-20 16:25:34 837952 ----a-w- C:\windows\System32\easyupdatusapiu64.dll
2011-12-20 16:25:34 5067584 ----a-w- C:\windows\System32\nvsvc64.dll
2011-12-20 16:25:34 3074368 ----a-w- C:\windows\System32\nvsvcr.dll
2011-12-20 16:25:34 222528 ----a-w- C:\windows\System32\nvmctray.dll
2011-12-20 16:25:34 1640768 ----a-w- C:\windows\System32\nvvsvc.exe
2011-12-20 16:25:34 137536 ----a-w- C:\windows\System32\nvshext.dll
2011-12-20 16:25:34 10406208 ----a-w- C:\windows\System32\nvcpl.dll
2011-12-20 16:25:28 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-12-20 14:33:09 -------- d-----w- C:\windows\SysWow64\xlive
2011-12-20 14:33:09 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-12-19 21:30:32 -------- d-----w- C:\Users\E\AppData\Local\{F4C015FD-78A4-42DB-86B3-7732219E245E}
2011-12-19 21:30:16 -------- d-----w- C:\Users\E\AppData\Local\{B6296749-CFFA-4B2C-91C4-AE132B049E2A}
2011-12-18 16:58:33 -------- d-----w- C:\Users\E\AppData\Local\{9CCB8F46-460A-41BC-97C7-5D2B0DB8DBF7}
2011-12-18 16:58:17 -------- d-----w- C:\Users\E\AppData\Local\{C147D067-4273-485F-A55E-8302FFCFBD2E}
2011-12-17 17:44:03 -------- d-----w- C:\Users\E\AppData\Local\{904EFC0F-ECD2-4630-9701-9432DB3A2623}
2011-12-17 17:43:51 -------- d-----w- C:\Users\E\AppData\Local\{29D9269D-9B92-4A7A-91FA-EEC68833EA62}
2011-12-17 01:55:11 -------- d-sh--w- C:\Users\E\AppData\Local\ce680107
2011-12-15 23:02:22 -------- d-----w- C:\Users\E\AppData\Local\{B8F56DFF-31C3-4FEB-96B0-B30D735E0D4D}
2011-12-15 23:02:10 -------- d-----w- C:\Users\E\AppData\Local\{98394B84-B4A4-4237-BD78-44DD61C381B9}
2011-12-11 21:26:40 -------- d-----w- C:\Users\E\AppData\Local\{566F2CEC-DF02-469E-A739-0DF091C705E1}
2011-12-11 21:26:28 -------- d-----w- C:\Users\E\AppData\Local\{FFC2298B-7E4C-40A4-999A-D2383A11C736}
2011-12-10 15:54:46 -------- d-----w- C:\Users\E\AppData\Local\{29E4E099-0D35-47AF-BF7C-149E3FA08DCB}
2011-12-10 15:54:33 -------- d-----w- C:\Users\E\AppData\Local\{3A12E647-46B0-415A-B011-DB4D9944BFDD}
2011-12-09 16:53:28 -------- d-----w- C:\Users\E\AppData\Local\{82758853-90D7-486A-9E8A-742D31BA3B8A}
2011-12-09 16:53:16 -------- d-----w- C:\Users\E\AppData\Local\{47FC946E-6D68-490C-A256-827B7A971263}
2011-12-08 21:42:33 -------- d-----w- C:\Users\E\AppData\Local\{9B6E2117-0EF6-476B-B6D4-376BC8137935}
2011-12-08 21:42:20 -------- d-----w- C:\Users\E\AppData\Local\{2E43068C-D7D4-438B-8936-458DB6E99C78}
2011-12-07 23:37:38 -------- d-----w- C:\Users\E\AppData\Local\{AA937318-9A6D-4DDE-B7F3-AF5B3B4205CA}
2011-12-07 23:37:27 -------- d-----w- C:\Users\E\AppData\Local\{9E9917EA-65F1-4298-9A7D-43FA5687180F}
2011-12-04 13:38:08 -------- d-----w- C:\Users\E\AppData\Local\{C2D99A13-EB89-4D0D-96ED-2F012A360C17}
2011-12-04 13:37:41 -------- d-----w- C:\Users\E\AppData\Local\{C02C163F-A7A7-4105-B61D-F0D8FA3DC29F}
2011-11-30 21:28:09 -------- d-----w- C:\Users\E\AppData\Local\{F4771FB4-6EEE-4FA8-86FC-9DEB1B71E672}
2011-11-30 21:27:47 -------- d-----w- C:\Users\E\AppData\Local\{51537D06-52E1-42E8-81E8-2C3126B48ECF}
2011-11-30 00:34:10 -------- d-----w- C:\Users\E\AppData\Local\{12B35E7B-F0B9-4556-8561-A166BBFC3AC5}
2011-11-30 00:33:46 -------- d-----w- C:\Users\E\AppData\Local\{045B7D23-FD34-4CCD-993F-EBEC89A8CDC2}
2011-11-29 20:34:26 -------- d-----w- C:\Program Files (x86)\Alcohol Soft
2011-11-29 20:28:23 503352 ----a-w- C:\windows\System32\drivers\sptd.sys
2011-11-29 20:19:43 -------- d-----w- C:\windows\SysWow64\WinDir
2011-11-29 20:19:41 31117824 ----a-w- C:\Users\E\AppData\Roaming\Alcohol 120 7.0 Setup.exe
2011-11-24 18:06:33 -------- d-----w- C:\Users\E\AppData\Local\{60DF692C-5BD1-463E-8D71-099DDC09067C}
2011-11-24 18:06:10 -------- d-----w- C:\Users\E\AppData\Local\{75728587-96F2-4136-91F4-75B8F373CC16}
2011-11-23 20:00:50 -------- d-----w- C:\Users\E\AppData\Local\{997745F0-EAF7-4922-9248-50D519161FE2}
2011-11-23 20:00:25 -------- d-----w- C:\Users\E\AppData\Local\{345712DB-94E0-4B50-AA3C-62A0DD189C85}
.
==================== Find3M ====================
.
2011-12-19 15:44:04 332288 ----a-w- C:\windows\System32\uxtheme.dll
2011-12-19 15:44:03 2851328 ----a-w- C:\windows\System32\themeui.dll
2011-12-19 15:44:01 44544 ----a-w- C:\windows\System32\themeservice.dll
2011-12-04 13:24:23 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:49:13,75 ===============