While still working on a problem with my first computer, certain individuals in my household have now given me another virus on the second.
I ran Malwarebytes and I am no longer receiving the Avast warning, but I just want to check to make sure everything is alright. Also, any advice on how I can better secure my computers would be appreciated and prevent such things from reoccurring.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 7012
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
7/9/2011 11:02:31 AM
mbam-log-2011-07-09 (11-02-31).txt
Scan type: Quick scan
Objects scanned: 160833
Time elapsed: 2 minute(s), 16 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
c:\Users\Rebecca\AppData\Local\Temp\0.6945501268379678.exe (Spyware.Passwords.XGen) -> 2228 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Rebecca\AppData\Local\Temp\0.6945501268379678.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-09 11:49:08
Windows 6.1.7601 Service Pack 1
Running: ws5if5hi.exe
---- Services - GMER 1.0.15 ----
Service C:\Windows\System32\svchost.exe (*** hidden *** ) [MANUAL] BITS <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Rebecca at 11:50:06 on 2011-07-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2776 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
E:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
E:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
E:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
E:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F4088DCB-FBA4-443F-8D55-953F3EBF44FD} : DhcpNameServer = 192.168.0.1
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO-X64: Conduit Engine - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: VMN Toolbar: {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: VMN Toolbar: {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\rneyt111.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll
FF - plugin: C:\Users\Rebecca\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;E:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;E:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;E:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-5 42184]
R2 SBSDWSCService;SBSD Security Center Service;E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-3 1153368]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService --> C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-3 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-09 18:45:01 -------- d-----w- C:\Windows\pss
2011-07-09 18:19:53 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\SUPERAntiSpyware.com
2011-07-09 18:19:53 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-09 18:19:50 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-08 22:06:10 -------- d-----w- E:\Program Files (x86)\[text] - A Summer Story
2011-07-08 22:02:50 -------- d-----w- E:\Program Files (x86)\Ripples
2011-07-08 18:28:40 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0E322BE9-A341-404D-8EEE-49AC46B78639}\mpengine.dll
2011-07-08 01:54:44 7680 ----a-w- E:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-07-08 01:54:44 50688 ----a-w- E:\Program Files (x86)\Internet Explorer\hmmapi.dll
2011-07-06 23:54:37 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\RenPy
2011-07-06 18:47:18 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\OpenOffice.org
2011-07-06 18:46:24 -------- d-----w- E:\Program Files (x86)\OpenOffice.org 3
2011-07-06 18:44:20 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-05 18:20:09 122880 ----a-w- E:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2011-07-05 18:20:09 119808 ----a-w- E:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
2011-07-05 18:20:09 115712 ----a-w- E:\Program Files (x86)\Internet Explorer\ielowutil.exe
2011-07-05 17:47:26 -------- d-----w- C:\Windows\System32\SPReview
2011-07-05 17:46:37 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-05 08:41:07 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-05 06:33:14 -------- d-----w- C:\Users\Rebecca\AppData\Local\DDMSettings
2011-07-05 05:48:59 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-07-05 05:48:34 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-07-05 05:47:30 -------- d-----w- C:\ProgramData\DivX
2011-07-04 23:02:11 -------- d-----w- E:\Program Files (x86)\Visicom Media
2011-07-04 23:01:03 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\Sites
2011-07-04 23:01:03 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\SiteClasses
2011-07-04 23:01:03 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\Dynamic
2011-07-04 23:00:58 -------- d-----w- C:\ProgramData\EmailNotifier
2011-07-04 23:00:57 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\vmntoolbar
2011-07-03 20:12:59 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-07-03 20:11:59 78848 ----a-w- C:\Windows\System32\hbaapi.dll
2011-07-03 20:10:49 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2011-07-03 20:10:49 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2011-07-03 20:10:47 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-07-03 20:10:47 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-07-03 20:10:46 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-07-03 20:10:46 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-07-03 20:10:26 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-07-03 20:10:26 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-07-03 20:09:01 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-03 19:41:42 -------- d-----w- C:\Program Files\Common Files\CANON
2011-07-03 19:40:06 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9W.DLL
2011-07-03 19:40:06 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9W.DLL
2011-07-03 19:39:52 336896 ----a-w- C:\Windows\System32\CNMLM9W.DLL
2011-07-03 19:39:45 244736 ----a-w- C:\Windows\System32\CNMIU9W.DLL
2011-07-03 19:31:22 -------- d-----w- C:\Users\Rebecca\AppData\Local\Adobe
2011-07-03 18:55:08 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-07-03 18:55:08 -------- d-----w- C:\Users\Rebecca\AppData\Local\Conduit
2011-07-03 18:55:05 -------- d-----w- E:\Program Files (x86)\uTorrent
2011-07-03 18:54:24 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\uTorrent
2011-07-03 18:54:24 -------- d-----w- C:\Users\Rebecca\AppData\Local\uTorrent
2011-07-03 18:49:34 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\Malwarebytes
2011-07-03 18:48:54 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-03 18:48:53 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-03 18:48:51 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-03 18:48:51 -------- d-----w- E:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-03 18:47:26 -------- d-----w- E:\Program Files (x86)\Spybot - Search & Destroy
2011-07-03 18:47:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-07-03 18:43:16 -------- d-----w- C:\Users\Rebecca\AppData\Local\Google
2011-07-03 18:43:12 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-03 18:43:10 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-07-03 18:42:34 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-03 18:42:29 -------- d-----w- C:\ProgramData\AVAST Software
2011-07-03 18:42:29 -------- d-----w- C:\Program Files\AVAST Software
2011-07-03 01:04:32 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-07-03 01:04:31 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-07-03 01:04:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-07-03 01:04:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-07-03 01:04:05 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-07-03 01:04:05 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-07-03 01:04:05 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2011-07-03 01:04:05 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-07-03 01:03:38 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-07-03 01:03:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-07-03 01:03:28 2871808 ----a-w- C:\Windows\explorer.exe
2011-07-03 01:03:28 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-07-03 01:03:20 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-07-03 01:03:19 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-07-03 01:03:19 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-07-03 01:03:19 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-07-03 01:03:19 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-07-03 01:03:19 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-07-03 01:03:19 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-07-03 01:03:19 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-07-03 01:01:33 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-03 01:01:33 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-03 01:00:07 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-03 01:00:07 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-07-03 01:00:07 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-07-03 00:58:11 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-07-03 00:58:11 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-07-03 00:57:46 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-07-03 00:57:46 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-07-03 00:57:28 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-07-03 00:57:28 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-07-03 00:57:27 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-07-03 00:57:27 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-07-03 00:56:29 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-07-03 00:56:29 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-07-03 00:56:29 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-07-03 00:56:29 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-07-03 00:56:29 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-07-03 00:56:29 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-07-03 00:56:19 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-03 00:55:42 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-07-03 00:55:17 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-07-03 00:55:17 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-07-03 00:55:17 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-07-03 00:54:28 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-07-03 00:54:28 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-07-03 00:54:28 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-07-03 00:54:28 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-07-03 00:54:20 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-07-03 00:54:20 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-07-03 00:54:20 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-07-03 00:53:56 -------- d-----w- C:\Windows\Show Desktop
2011-07-03 00:53:01 642944 ----a-w- C:\Windows\System32\winload.efi
2011-07-03 00:53:01 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2011-07-03 00:53:01 605552 ----a-w- C:\Windows\System32\winload.exe
2011-07-03 00:53:01 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-07-03 00:53:01 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-07-03 00:53:01 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-07-03 00:53:01 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-07-03 00:53:01 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-07-03 00:52:50 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-07-03 00:52:49 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-07-03 00:51:41 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-07-03 00:51:41 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-07-03 00:51:32 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-07-03 00:51:32 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-07-03 00:51:24 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-07-03 00:51:24 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-07-03 00:51:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-07-02 20:28:14 -------- d-----w- C:\Program Files\ATI Technologies
2011-07-02 20:28:12 -------- d-----w- C:\Program Files\ATI
2011-07-02 20:27:45 -------- d-----w- C:\ATI
2011-07-02 20:22:16 -------- d-----w- E:\Program Files (x86)\Phyxion.net
2011-07-02 19:59:45 -------- d-sh--w- C:\Boot
2011-07-02 19:57:08 -------- d-----w- C:\ProgramData\AMD
2011-07-02 19:57:07 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2011-07-02 19:46:18 -------- d-----w- C:\Users\Rebecca\AppData\Local\Yahoo!
2011-07-02 19:46:07 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-02 19:45:39 -------- d-sh--w- C:\Windows\Installer
2011-07-02 19:43:09 -------- d-----w- C:\Users\Rebecca\AppData\Local\Mozilla
2011-07-02 19:34:48 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-07-02 19:28:59 80488 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-07-02 19:26:54 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-07-02 19:26:54 344680 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-07-02 19:26:54 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-07-02 19:10:19 -------- d-----w- C:\Users\Rebecca\AppData\Local\Diagnostics
.
==================== Find3M ====================
.
2011-07-05 17:53:22 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-05 17:53:22 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-02 17:53:02 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-25 06:44:30 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-05-25 06:44:26 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-05-25 06:44:14 53760 ----a-w- C:\Windows\System32\OpenCL.dll
2011-05-25 06:44:10 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-05-25 06:44:04 16672768 ----a-w- C:\Windows\System32\amdocl64.dll
2011-05-25 06:43:50 12798976 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-05-25 03:02:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-05-25 02:19:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 11:52:43.53 ===============
I ran Malwarebytes and I am no longer receiving the Avast warning, but I just want to check to make sure everything is alright. Also, any advice on how I can better secure my computers would be appreciated and prevent such things from reoccurring.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 7012
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
7/9/2011 11:02:31 AM
mbam-log-2011-07-09 (11-02-31).txt
Scan type: Quick scan
Objects scanned: 160833
Time elapsed: 2 minute(s), 16 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
c:\Users\Rebecca\AppData\Local\Temp\0.6945501268379678.exe (Spyware.Passwords.XGen) -> 2228 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Rebecca\AppData\Local\Temp\0.6945501268379678.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-09 11:49:08
Windows 6.1.7601 Service Pack 1
Running: ws5if5hi.exe
---- Services - GMER 1.0.15 ----
Service C:\Windows\System32\svchost.exe (*** hidden *** ) [MANUAL] BITS <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Rebecca at 11:50:06 on 2011-07-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2776 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
E:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
E:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
E:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
E:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F4088DCB-FBA4-443F-8D55-953F3EBF44FD} : DhcpNameServer = 192.168.0.1
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO-X64: Conduit Engine - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: VMN Toolbar: {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: VMN Toolbar: {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\rneyt111.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll
FF - plugin: C:\Users\Rebecca\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;E:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;E:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;E:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-5 42184]
R2 SBSDWSCService;SBSD Security Center Service;E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-3 1153368]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService --> C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-3 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-09 18:45:01 -------- d-----w- C:\Windows\pss
2011-07-09 18:19:53 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\SUPERAntiSpyware.com
2011-07-09 18:19:53 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-09 18:19:50 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-08 22:06:10 -------- d-----w- E:\Program Files (x86)\[text] - A Summer Story
2011-07-08 22:02:50 -------- d-----w- E:\Program Files (x86)\Ripples
2011-07-08 18:28:40 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0E322BE9-A341-404D-8EEE-49AC46B78639}\mpengine.dll
2011-07-08 01:54:44 7680 ----a-w- E:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-07-08 01:54:44 50688 ----a-w- E:\Program Files (x86)\Internet Explorer\hmmapi.dll
2011-07-06 23:54:37 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\RenPy
2011-07-06 18:47:18 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\OpenOffice.org
2011-07-06 18:46:24 -------- d-----w- E:\Program Files (x86)\OpenOffice.org 3
2011-07-06 18:44:20 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-05 18:20:09 122880 ----a-w- E:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2011-07-05 18:20:09 119808 ----a-w- E:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
2011-07-05 18:20:09 115712 ----a-w- E:\Program Files (x86)\Internet Explorer\ielowutil.exe
2011-07-05 17:47:26 -------- d-----w- C:\Windows\System32\SPReview
2011-07-05 17:46:37 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-05 08:41:07 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-05 06:33:14 -------- d-----w- C:\Users\Rebecca\AppData\Local\DDMSettings
2011-07-05 05:48:59 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-07-05 05:48:34 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-07-05 05:47:30 -------- d-----w- C:\ProgramData\DivX
2011-07-04 23:02:11 -------- d-----w- E:\Program Files (x86)\Visicom Media
2011-07-04 23:01:03 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\Sites
2011-07-04 23:01:03 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\SiteClasses
2011-07-04 23:01:03 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\Dynamic
2011-07-04 23:00:58 -------- d-----w- C:\ProgramData\EmailNotifier
2011-07-04 23:00:57 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\vmntoolbar
2011-07-03 20:12:59 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-07-03 20:11:59 78848 ----a-w- C:\Windows\System32\hbaapi.dll
2011-07-03 20:10:49 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2011-07-03 20:10:49 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2011-07-03 20:10:47 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-07-03 20:10:47 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-07-03 20:10:46 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-07-03 20:10:46 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-07-03 20:10:26 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-07-03 20:10:26 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-07-03 20:09:01 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-03 19:41:42 -------- d-----w- C:\Program Files\Common Files\CANON
2011-07-03 19:40:06 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9W.DLL
2011-07-03 19:40:06 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9W.DLL
2011-07-03 19:39:52 336896 ----a-w- C:\Windows\System32\CNMLM9W.DLL
2011-07-03 19:39:45 244736 ----a-w- C:\Windows\System32\CNMIU9W.DLL
2011-07-03 19:31:22 -------- d-----w- C:\Users\Rebecca\AppData\Local\Adobe
2011-07-03 18:55:08 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-07-03 18:55:08 -------- d-----w- C:\Users\Rebecca\AppData\Local\Conduit
2011-07-03 18:55:05 -------- d-----w- E:\Program Files (x86)\uTorrent
2011-07-03 18:54:24 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\uTorrent
2011-07-03 18:54:24 -------- d-----w- C:\Users\Rebecca\AppData\Local\uTorrent
2011-07-03 18:49:34 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\Malwarebytes
2011-07-03 18:48:54 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-03 18:48:53 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-03 18:48:51 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-03 18:48:51 -------- d-----w- E:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-03 18:47:26 -------- d-----w- E:\Program Files (x86)\Spybot - Search & Destroy
2011-07-03 18:47:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-07-03 18:43:16 -------- d-----w- C:\Users\Rebecca\AppData\Local\Google
2011-07-03 18:43:12 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-03 18:43:10 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-07-03 18:42:34 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-03 18:42:29 -------- d-----w- C:\ProgramData\AVAST Software
2011-07-03 18:42:29 -------- d-----w- C:\Program Files\AVAST Software
2011-07-03 01:04:32 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-07-03 01:04:31 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-07-03 01:04:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-07-03 01:04:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-07-03 01:04:05 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-07-03 01:04:05 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-07-03 01:04:05 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2011-07-03 01:04:05 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-07-03 01:03:38 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-07-03 01:03:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-07-03 01:03:28 2871808 ----a-w- C:\Windows\explorer.exe
2011-07-03 01:03:28 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-07-03 01:03:20 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-07-03 01:03:19 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-07-03 01:03:19 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-07-03 01:03:19 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-07-03 01:03:19 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-07-03 01:03:19 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-07-03 01:03:19 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-07-03 01:03:19 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-07-03 01:01:33 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-03 01:01:33 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-03 01:00:07 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-03 01:00:07 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-07-03 01:00:07 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-07-03 00:58:11 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-07-03 00:58:11 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-07-03 00:57:46 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-07-03 00:57:46 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-07-03 00:57:28 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-07-03 00:57:28 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-07-03 00:57:27 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-07-03 00:57:27 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-07-03 00:56:29 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-07-03 00:56:29 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-07-03 00:56:29 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-07-03 00:56:29 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-07-03 00:56:29 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-07-03 00:56:29 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-07-03 00:56:19 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-03 00:55:42 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-07-03 00:55:17 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-07-03 00:55:17 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-07-03 00:55:17 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-07-03 00:54:28 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-07-03 00:54:28 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-07-03 00:54:28 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-07-03 00:54:28 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-07-03 00:54:20 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-07-03 00:54:20 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-07-03 00:54:20 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-07-03 00:53:56 -------- d-----w- C:\Windows\Show Desktop
2011-07-03 00:53:01 642944 ----a-w- C:\Windows\System32\winload.efi
2011-07-03 00:53:01 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2011-07-03 00:53:01 605552 ----a-w- C:\Windows\System32\winload.exe
2011-07-03 00:53:01 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-07-03 00:53:01 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-07-03 00:53:01 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-07-03 00:53:01 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-07-03 00:53:01 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-07-03 00:52:50 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-07-03 00:52:49 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-07-03 00:51:41 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-07-03 00:51:41 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-07-03 00:51:32 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-07-03 00:51:32 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-07-03 00:51:24 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-07-03 00:51:24 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-07-03 00:51:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-07-02 20:28:14 -------- d-----w- C:\Program Files\ATI Technologies
2011-07-02 20:28:12 -------- d-----w- C:\Program Files\ATI
2011-07-02 20:27:45 -------- d-----w- C:\ATI
2011-07-02 20:22:16 -------- d-----w- E:\Program Files (x86)\Phyxion.net
2011-07-02 19:59:45 -------- d-sh--w- C:\Boot
2011-07-02 19:57:08 -------- d-----w- C:\ProgramData\AMD
2011-07-02 19:57:07 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2011-07-02 19:46:18 -------- d-----w- C:\Users\Rebecca\AppData\Local\Yahoo!
2011-07-02 19:46:07 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-02 19:45:39 -------- d-sh--w- C:\Windows\Installer
2011-07-02 19:43:09 -------- d-----w- C:\Users\Rebecca\AppData\Local\Mozilla
2011-07-02 19:34:48 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-07-02 19:28:59 80488 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-07-02 19:26:54 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-07-02 19:26:54 344680 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-07-02 19:26:54 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-07-02 19:10:19 -------- d-----w- C:\Users\Rebecca\AppData\Local\Diagnostics
.
==================== Find3M ====================
.
2011-07-05 17:53:22 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-05 17:53:22 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-02 17:53:02 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-25 06:44:30 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-05-25 06:44:26 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-05-25 06:44:14 53760 ----a-w- C:\Windows\System32\OpenCL.dll
2011-05-25 06:44:10 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-05-25 06:44:04 16672768 ----a-w- C:\Windows\System32\amdocl64.dll
2011-05-25 06:43:50 12798976 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-05-25 03:02:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-05-25 02:19:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 11:52:43.53 ===============