Not great with computers. have an acer aspire laptop amd athlon 64x2 tk-55 1.8ghz running windows vista hp. 4gb ram 120gb hdd. having problems with a virus or malware to currantly able to fix alone and unable to resolve with programs on the computer now.
i have microsoft firewall, avira antivirus, microsoft security essentals, ran basic check> avira anti virus , malware bytes, gmer, dds and have logs, any help would be ever so greatfully apriciated. i really dont know whta to do so am following
(https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/ , http://www.dslreports.com/faq/8428 )
mwbm log
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.31.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
3/31/2012 7:30:09 PM
mbam-log-2012-03-31 (19-30-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205920
Time elapsed: 8 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
gmer log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-31 18:36:36
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9120822AS rev.3.ALD
Running: rto9612z.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pwloapow.sys
---- System - GMER 1.0.15 ----
SSDT 9003E8C6 ZwCreateSection
SSDT 9003E8CB ZwSetContextThread
SSDT 9003E867 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 82EB0998 2 Bytes [C6, E8]
.text ntkrnlpa.exe!KeSetEvent + 218 82EB099B 1 Byte [90]
.text ntkrnlpa.exe!KeSetEvent + 56D 82EB0CF0 4 Bytes CALL A7939CF8
.text ntkrnlpa.exe!KeSetEvent + 621 82EB0DA4 4 Bytes CALL 881A9DAC
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F80B340, 0x3FA057, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1872] kernel32.dll!CreateThread + 1A 774DCB48 4 Bytes CALL 0044C909 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1872] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044CA60] C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
IAT C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1872] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044CA60] C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7450A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [744E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [744BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7453CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [744DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a648745
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a648745@0022b478a70b 0xAC 0x6B 0xBE 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a648745@00210620ce1c 0xE8 0x7C 0x96 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a648745 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a648745@0022b478a70b 0xAC 0x6B 0xBE 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a648745@00210620ce1c 0xE8 0x7C 0x96 0xBD ...
---- EOF - GMER 1.0.15 ----
dds logs
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Owner at 18:43:42 on 2012-03-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1786 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\PLFSetL.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 71.2.28.14 63.162.197.99
TCP: Interfaces\{2B665679-485A-4BC1-9114-6A3E985F55E8} : DhcpNameServer = 71.2.28.14 63.162.197.99
TCP: Interfaces\{487A9A4D-420B-4818-90C4-2801B2F60AB1} : DhcpNameServer = 71.2.28.14 63.162.197.99
TCP: Interfaces\{DB36F33E-5C8F-46F6-9C58-F07EAFB0D87F} : DhcpNameServer = 169.254.2.2
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\eooy1g4w.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z152&install_date=20110913
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z152&form=ZGAADF&install_date=20110913&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-9-21 15672]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-22 494424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-15 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-15 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-15 66616]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-9-21 821592]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-6-24 91456]
R2 MotoHelper.exe;Motorola Helper;c:\program files\motorola\moto helper service\MotoHelper.exe [2010-4-21 6656]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2012-2-2 30600]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BTWAMPFL;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-2-12 300584]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-2-12 33320]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2010-10-27 39632]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-30 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-10-27 23936]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-3-10 20080]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2012-2-2 19792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2012-2-2 20336]
.
=============== Created Last 30 ================
.
2012-03-31 21:14:05 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-31 21:14:05 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-31 19:33:04 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3737ef47-c3ba-4b0d-a053-fc5aacda8b68}\mpengine.dll
2012-03-31 05:52:58 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4dd4ad4d-6ca7-4edd-92be-716513e7c27e}\offreg.dll
2012-03-31 01:51:31 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4dd4ad4d-6ca7-4edd-92be-716513e7c27e}\mpengine.dll
2012-03-31 01:28:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-30 23:19:58 -------- d-----w- c:\users\owner\appdata\local\temp
2012-03-30 23:18:21 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-30 23:04:15 98816 ----a-w- c:\windows\sed.exe
2012-03-30 23:04:15 518144 ----a-w- c:\windows\SWREG.exe
2012-03-30 23:04:15 256000 ----a-w- c:\windows\PEV.exe
2012-03-30 23:04:15 208896 ----a-w- c:\windows\MBR.exe
2012-03-30 23:04:10 -------- d-----w- C:\ComboFix
2012-03-29 21:56:51 57344 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{287AD1D8-3668-40F0-9EAD-D391AC6B5ABF}-amcap.exe
2012-03-29 21:46:58 57344 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{58309256-1DC9-41E9-8983-4EE732325202}-amcap.exe
2012-03-29 21:41:21 262144 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{2B08A5D8-CB8E-4D39-9983-7FE2EEDB2BA7}-LicenseTool.exe
2012-03-29 21:26:57 262144 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{07E2886F-E700-4A61-A895-0CE5E455ACF5}-LicenseTool.exe
2012-03-29 20:09:13 58368 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{69EBAE4C-A384-4235-B116-537A80C1B02E}-msmoney.exe
2012-03-29 20:09:11 39936 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{E4176D69-7D96-402B-BF21-63622E36A158}-mnywaba.exe
2012-03-29 20:09:10 8192 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{BAF5C105-D1FB-4338-8774-7982DA01F28E}-mnyimprt.exe
2012-03-29 20:09:10 1001984 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{01D21C10-A8CB-424E-B97E-9FBE2BBC707A}-mnyinst.exe
2012-03-29 20:09:09 10240 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{A6917E89-62A4-4DF7-A18A-2AB1621AF827}-mnybbsvc.exe
2012-03-29 20:09:07 139264 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{1FA64291-DBFF-4531-9A81-95036F93B9C6}-daupdate.exe
2012-03-29 20:09:06 132608 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{142832CB-252D-4D47-9CF3-811775857D57}-copymar.exe
2012-03-29 20:08:54 17505792 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{06E59350-901B-423C-9046-00B6D3781C61}-WindowBlinds602_enhanced -razorbite.exe
2012-03-29 20:08:43 17505792 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{8D7AD46F-C335-4814-B37B-FC3AA6638D16}-WindowBlinds602_enhanced -razorbite.exe
2012-03-29 16:58:45 57344 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{555738A0-A713-47E9-8FDE-F7810225F339}-amcap.exe
2012-03-29 16:58:05 262144 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{51820DD5-EBD1-40EF-AF4D-1804B5AEF2A8}-LicenseTool.exe
2012-03-29 16:58:02 827392 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{DD70740B-3ABA-49E4-B9D7-7712BFF37372}-PixieTool.exe
2012-03-29 16:57:53 827392 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{7D1FAEF6-7E99-4D85-B884-712D17395C05}-PixieTool.exe
2012-03-28 18:09:36 94208 ----a-w- c:\windows\PLFSetL.exe
2012-03-28 18:09:36 35072 ----a-w- c:\windows\system32\drivers\x64\sncduvc.sys
2012-03-28 18:09:36 28032 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2012-03-28 18:09:36 1792128 ----a-w- c:\windows\system32\drivers\x64\snp2uvc.sys
2012-03-28 18:09:36 1749376 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2012-03-28 18:09:36 -------- d-----w- c:\windows\system32\drivers\x64
2012-03-28 18:09:36 -------- d-----w- c:\windows\SUYIN NB Cam
2012-03-28 18:09:32 286720 ----a-w- c:\windows\system32\vsnp2uvc.dll
2012-03-28 18:09:32 172032 ----a-w- c:\windows\system32\rsnp2uvc.dll
2012-03-28 18:09:31 53248 ----a-w- c:\windows\system32\csnp2uvc.dll
2012-03-28 18:09:31 -------- d-----w- c:\program files\common files\snp2uvc
2012-03-28 17:52:09 -------- d-----w- c:\program files\SUYIN
2012-03-28 17:52:09 -------- d-----w- c:\program files\ACER Crystal Eye webcam
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-18 03:49:21 177152 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{337EFD86-3240-40A6-9266-A9DC38E0E41D}-A0045212.exe
2012-03-17 23:14:53 190976 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{AE496534-80EE-4CF1-879E-F749D10D2CA3}-SETUP.EXE
2012-03-17 23:14:52 62464 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{4BB8C434-5D9A-4D02-95E2-8BEB21B856FF}-autorun.exe
2012-03-17 23:14:52 190976 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{426EA8DC-DF83-4F51-B702-8303E1D5EB3A}-SETUP.EXE
2012-03-17 23:14:22 17505792 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{2589557E-C7CA-4805-B85A-184E504FE553}-WindowBlinds602_enhanced -razorbite.exe
2012-03-17 23:11:06 17281536 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{8F14CB80-9E0A-4F5A-B4F6-68B358F2DCA1}-WindowBlinds601_vibes.exe
2012-03-17 18:54:10 -------- d-----w- c:\program files\iPod
2012-03-17 18:54:07 -------- d-----w- c:\program files\iTunes
2012-03-15 21:49:17 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 21:49:16 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-15 21:49:16 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 21:49:15 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-15 21:49:15 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-15 21:49:15 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-15 21:49:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-15 21:48:24 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-15 21:48:24 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-15 21:48:16 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-15 21:48:16 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 05:19:40 -------- d-----w- c:\users\owner\appdata\roaming\AVG8
2012-03-11 02:04:39 -------- d-----w- c:\program files\PeerBlock
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-02-23 17:47:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 23:58:45 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-15 23:58:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 23:58:28 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-15 23:58:25 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-15 23:56:46 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 18:44:08.73 ===============
and
i have microsoft firewall, avira antivirus, microsoft security essentals, ran basic check> avira anti virus , malware bytes, gmer, dds and have logs, any help would be ever so greatfully apriciated. i really dont know whta to do so am following
(https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/ , http://www.dslreports.com/faq/8428 )
mwbm log
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.31.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
3/31/2012 7:30:09 PM
mbam-log-2012-03-31 (19-30-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205920
Time elapsed: 8 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
gmer log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-31 18:36:36
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9120822AS rev.3.ALD
Running: rto9612z.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pwloapow.sys
---- System - GMER 1.0.15 ----
SSDT 9003E8C6 ZwCreateSection
SSDT 9003E8CB ZwSetContextThread
SSDT 9003E867 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 82EB0998 2 Bytes [C6, E8]
.text ntkrnlpa.exe!KeSetEvent + 218 82EB099B 1 Byte [90]
.text ntkrnlpa.exe!KeSetEvent + 56D 82EB0CF0 4 Bytes CALL A7939CF8
.text ntkrnlpa.exe!KeSetEvent + 621 82EB0DA4 4 Bytes CALL 881A9DAC
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F80B340, 0x3FA057, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1872] kernel32.dll!CreateThread + 1A 774DCB48 4 Bytes CALL 0044C909 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1872] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044CA60] C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
IAT C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1872] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044CA60] C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7450A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [744E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [744BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7453CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [744DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a648745
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a648745@0022b478a70b 0xAC 0x6B 0xBE 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a648745@00210620ce1c 0xE8 0x7C 0x96 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a648745 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a648745@0022b478a70b 0xAC 0x6B 0xBE 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a648745@00210620ce1c 0xE8 0x7C 0x96 0xBD ...
---- EOF - GMER 1.0.15 ----
dds logs
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Owner at 18:43:42 on 2012-03-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1786 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\PLFSetL.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 71.2.28.14 63.162.197.99
TCP: Interfaces\{2B665679-485A-4BC1-9114-6A3E985F55E8} : DhcpNameServer = 71.2.28.14 63.162.197.99
TCP: Interfaces\{487A9A4D-420B-4818-90C4-2801B2F60AB1} : DhcpNameServer = 71.2.28.14 63.162.197.99
TCP: Interfaces\{DB36F33E-5C8F-46F6-9C58-F07EAFB0D87F} : DhcpNameServer = 169.254.2.2
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\eooy1g4w.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z152&install_date=20110913
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z152&form=ZGAADF&install_date=20110913&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-9-21 15672]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-22 494424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-15 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-15 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-15 66616]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-9-21 821592]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-6-24 91456]
R2 MotoHelper.exe;Motorola Helper;c:\program files\motorola\moto helper service\MotoHelper.exe [2010-4-21 6656]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2012-2-2 30600]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BTWAMPFL;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-2-12 300584]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-2-12 33320]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2010-10-27 39632]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-30 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-10-27 23936]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-3-10 20080]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2012-2-2 19792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2012-2-2 20336]
.
=============== Created Last 30 ================
.
2012-03-31 21:14:05 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-31 21:14:05 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-31 19:33:04 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3737ef47-c3ba-4b0d-a053-fc5aacda8b68}\mpengine.dll
2012-03-31 05:52:58 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4dd4ad4d-6ca7-4edd-92be-716513e7c27e}\offreg.dll
2012-03-31 01:51:31 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4dd4ad4d-6ca7-4edd-92be-716513e7c27e}\mpengine.dll
2012-03-31 01:28:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-30 23:19:58 -------- d-----w- c:\users\owner\appdata\local\temp
2012-03-30 23:18:21 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-30 23:04:15 98816 ----a-w- c:\windows\sed.exe
2012-03-30 23:04:15 518144 ----a-w- c:\windows\SWREG.exe
2012-03-30 23:04:15 256000 ----a-w- c:\windows\PEV.exe
2012-03-30 23:04:15 208896 ----a-w- c:\windows\MBR.exe
2012-03-30 23:04:10 -------- d-----w- C:\ComboFix
2012-03-29 21:56:51 57344 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{287AD1D8-3668-40F0-9EAD-D391AC6B5ABF}-amcap.exe
2012-03-29 21:46:58 57344 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{58309256-1DC9-41E9-8983-4EE732325202}-amcap.exe
2012-03-29 21:41:21 262144 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{2B08A5D8-CB8E-4D39-9983-7FE2EEDB2BA7}-LicenseTool.exe
2012-03-29 21:26:57 262144 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{07E2886F-E700-4A61-A895-0CE5E455ACF5}-LicenseTool.exe
2012-03-29 20:09:13 58368 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{69EBAE4C-A384-4235-B116-537A80C1B02E}-msmoney.exe
2012-03-29 20:09:11 39936 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{E4176D69-7D96-402B-BF21-63622E36A158}-mnywaba.exe
2012-03-29 20:09:10 8192 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{BAF5C105-D1FB-4338-8774-7982DA01F28E}-mnyimprt.exe
2012-03-29 20:09:10 1001984 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{01D21C10-A8CB-424E-B97E-9FBE2BBC707A}-mnyinst.exe
2012-03-29 20:09:09 10240 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{A6917E89-62A4-4DF7-A18A-2AB1621AF827}-mnybbsvc.exe
2012-03-29 20:09:07 139264 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{1FA64291-DBFF-4531-9A81-95036F93B9C6}-daupdate.exe
2012-03-29 20:09:06 132608 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{142832CB-252D-4D47-9CF3-811775857D57}-copymar.exe
2012-03-29 20:08:54 17505792 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{06E59350-901B-423C-9046-00B6D3781C61}-WindowBlinds602_enhanced -razorbite.exe
2012-03-29 20:08:43 17505792 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{8D7AD46F-C335-4814-B37B-FC3AA6638D16}-WindowBlinds602_enhanced -razorbite.exe
2012-03-29 16:58:45 57344 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{555738A0-A713-47E9-8FDE-F7810225F339}-amcap.exe
2012-03-29 16:58:05 262144 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{51820DD5-EBD1-40EF-AF4D-1804B5AEF2A8}-LicenseTool.exe
2012-03-29 16:58:02 827392 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{DD70740B-3ABA-49E4-B9D7-7712BFF37372}-PixieTool.exe
2012-03-29 16:57:53 827392 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{7D1FAEF6-7E99-4D85-B884-712D17395C05}-PixieTool.exe
2012-03-28 18:09:36 94208 ----a-w- c:\windows\PLFSetL.exe
2012-03-28 18:09:36 35072 ----a-w- c:\windows\system32\drivers\x64\sncduvc.sys
2012-03-28 18:09:36 28032 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2012-03-28 18:09:36 1792128 ----a-w- c:\windows\system32\drivers\x64\snp2uvc.sys
2012-03-28 18:09:36 1749376 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2012-03-28 18:09:36 -------- d-----w- c:\windows\system32\drivers\x64
2012-03-28 18:09:36 -------- d-----w- c:\windows\SUYIN NB Cam
2012-03-28 18:09:32 286720 ----a-w- c:\windows\system32\vsnp2uvc.dll
2012-03-28 18:09:32 172032 ----a-w- c:\windows\system32\rsnp2uvc.dll
2012-03-28 18:09:31 53248 ----a-w- c:\windows\system32\csnp2uvc.dll
2012-03-28 18:09:31 -------- d-----w- c:\program files\common files\snp2uvc
2012-03-28 17:52:09 -------- d-----w- c:\program files\SUYIN
2012-03-28 17:52:09 -------- d-----w- c:\program files\ACER Crystal Eye webcam
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-18 03:49:21 177152 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{337EFD86-3240-40A6-9266-A9DC38E0E41D}-A0045212.exe
2012-03-17 23:14:53 190976 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{AE496534-80EE-4CF1-879E-F749D10D2CA3}-SETUP.EXE
2012-03-17 23:14:52 62464 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{4BB8C434-5D9A-4D02-95E2-8BEB21B856FF}-autorun.exe
2012-03-17 23:14:52 190976 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{426EA8DC-DF83-4F51-B702-8303E1D5EB3A}-SETUP.EXE
2012-03-17 23:14:22 17505792 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{2589557E-C7CA-4805-B85A-184E504FE553}-WindowBlinds602_enhanced -razorbite.exe
2012-03-17 23:11:06 17281536 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{8F14CB80-9E0A-4F5A-B4F6-68B358F2DCA1}-WindowBlinds601_vibes.exe
2012-03-17 18:54:10 -------- d-----w- c:\program files\iPod
2012-03-17 18:54:07 -------- d-----w- c:\program files\iTunes
2012-03-15 21:49:17 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 21:49:16 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-15 21:49:16 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 21:49:15 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-15 21:49:15 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-15 21:49:15 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-15 21:49:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-15 21:48:24 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-15 21:48:24 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-15 21:48:16 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-15 21:48:16 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 05:19:40 -------- d-----w- c:\users\owner\appdata\roaming\AVG8
2012-03-11 02:04:39 -------- d-----w- c:\program files\PeerBlock
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-03-02 23:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-02-23 17:47:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 23:58:45 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-15 23:58:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 23:58:28 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-15 23:58:25 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-15 23:56:46 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 18:44:08.73 ===============
and