.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by Savage at 1:19:05 on 2011-05-21
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4060.1893 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_77d0b692\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_77d0b692\AESTSr64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe
C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\BitDefender\SetupInformation\{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}\setup.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Savage\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IMJYEMP8\dds[1].scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRunOnce-x64: [LinkInstaller] "C:\Program Files\Common Files\LinkInstaller.exe"
Hosts: 127.0.0.1
www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Savage\AppData\Roaming\Mozilla\Firefox\Profiles\0kmwkioy.default\
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_77d0b692\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_77d0b692\AESTSr64.exe [?]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-5-21 386344]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-20 1153368]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-1-20 93696]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
.
=============== Created Last 30 ================
.
2011-05-21 04:49:47 -------- d-----w- C:\Program Files\BitDefender
2011-05-21 04:43:21 -------- d-----w- C:\ProgramData\47780000-2c75-466f-41e5-e9e9273b2984
2011-05-21 04:39:32 -------- d-----w- C:\Users\Savage\AppData\Roaming\QuickScan
2011-05-21 04:39:14 -------- d-----w- C:\Program Files\Common Files\BitDefender
2011-05-21 04:36:56 327368 ----a-w- C:\Windows\SysWow64\drivers\bdfsfltr.sys
2011-05-21 04:36:54 133015 ----a-w- C:\ProgramData\bdinstall.bin
2011-05-21 04:27:21 -------- d-----w- C:\ProgramData\SmartSound Software Inc
2011-05-21 04:27:18 -------- d-----w- C:\ProgramData\eSellerate
2011-05-21 04:27:18 -------- d-----w- C:\Program Files (x86)\SmartSound Software
2011-05-21 04:11:11 -------- d-----w- C:\Users\Savage\AppData\Roaming\Malwarebytes
2011-05-21 04:11:02 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-21 04:11:01 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-21 04:10:57 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-21 04:10:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-21 03:47:16 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-05-21 03:47:16 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-21 03:06:13 -------- d-----w- C:\Program Files (x86)\TweetDeck
2011-05-21 03:02:41 -------- d-----w- C:\Users\Savage\AppData\Local\Adobe
2011-05-21 02:21:21 -------- d-----w- C:\Windows\Panther
2011-05-21 02:21:06 -------- d-sh--w- C:\Boot
2011-05-21 02:20:55 -------- d-----w- C:\Windows\System32\OEM
2011-05-21 01:08:32 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-21 00:14:26 -------- d-----w- C:\Users\Savage\AppData\Local\ATI
2011-05-21 00:13:03 0 ----a-w- C:\Windows\ativpsrm.bin
2011-05-21 00:06:02 600064 ----a-w- C:\Windows\System32\ctapo64.dll
2011-05-21 00:06:02 58880 ----a-w- C:\Windows\System32\AESTAR64.dll
2011-05-21 00:06:02 45568 ----a-w- C:\Windows\System32\ctppld.dll
2011-05-21 00:06:02 433152 ----a-w- C:\Windows\System32\AESTEC64.dll
2011-05-21 00:06:02 155648 ----a-w- C:\Windows\System32\AESTAC64.dll
2011-05-21 00:06:00 76288 ----a-w- C:\Windows\System32\AESTCo64.dll
2011-05-21 00:06:00 540672 ----a-w- C:\Windows\System32\idt64mp1.exe
2011-05-21 00:06:00 2828288 ----a-w- C:\Windows\System32\stlang64.dll
2011-05-21 00:06:00 10752000 ----a-w- C:\Windows\System32\idtcpl64.cpl
2011-05-21 00:03:44 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-05-20 23:58:15 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-05-20 23:57:20 -------- d-----w- C:\Program Files\ATI Technologies
2011-05-20 23:57:17 -------- d-----w- C:\Program Files\ATI
2011-05-20 23:54:12 90112 ----a-w- C:\Windows\System32\snymsico.dll
2011-05-20 23:54:12 62976 ----a-w- C:\Windows\System32\drivers\rimmpx64.sys
2011-05-20 23:54:12 57856 ----a-w- C:\Windows\System32\drivers\rixdpx64.sys
2011-05-20 23:54:12 55296 ----a-w- C:\Windows\System32\drivers\rimspx64.sys
2011-05-20 23:54:12 172032 ----a-w- C:\Windows\System32\rixdicon.dll
2011-05-20 23:45:30 -------- d-----w- C:\ProgramData\Citrix
2011-05-20 23:44:57 -------- d-----w- C:\Program Files (x86)\Citrix
2011-05-20 23:44:46 60968 ----a-w- C:\Users\Savage\GoToAssistDownloadHelper.exe
2011-05-20 23:44:46 -------- d-----w- C:\Users\Savage\AppData\Local\Citrix
2011-05-20 23:44:04 -------- d-----w- C:\Users\Savage\AppData\Local\Apps
2011-05-20 23:44:03 -------- d-----w- C:\Users\Savage\AppData\Local\Deployment
2011-05-20 23:37:48 -------- d-----w- C:\Program Files\Broadcom
2011-05-20 23:37:15 -------- d-----w- C:\dell
2011-05-20 23:34:36 45056 ----a-r- C:\Users\Savage\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2011-05-20 23:34:32 -------- d-----w- C:\Windows\SysWow64\vmm32
2011-05-20 23:34:32 -------- d-----w- C:\Program Files (x86)\Dell
2011-05-20 23:34:12 -------- d-sh--w- C:\Windows\Installer
.
==================== Find3M ====================
.
2010-07-08 14:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
.
============= FINISH: 1:19:30.99 ===============