A little while ago I ended up accidentally downloading and opening an exe that must've installed spyware or adware or something on my computer.
Right now the only stymptom I've noticed is that whenever I open a browser, it opens to a search engine called "websearch" or something. I haven't used it at all of course and nothing really shows up on the front page of that search engine because I have its scripts blocked. I haven't seen any other effects on my computer or any ads different from what I usually saw before. The homepage change in Chrome, Firefox, and IE is the only change I've seen.
Before coming here and following the instructions on this board I scanned with Spybot Search & Destroy as well as Malwarebytes. They both found some basic trojans and adware but after getting rid of those the "websearch" page still shows up whenever I open a browser. I also completely got rid of that original exe file.
Edit: I'd like to add that for all the browsers I changed the settings back to what I had before so my original home pages show up. They didn't change back to show "websearch" or anything, so that last symptom is gone, but I have no way of knowing if the spyware is still there. I'm really just posting this year so I can have some experts look through my logs to make absolutely sure.
Here's the DDS log:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0
Run by Daniel at 0:25:55 on 2013-01-16
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3069.1310 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
h:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
C:\Program Files\RadeonPro\RadeonProSupport.exe
C:\Windows\system32\java.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\VirtualDub-1.9.8\WiFiConnector\NintendoWFCReg.exe
C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\taskeng.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.just-browse.info/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://websearch.just-browse.info/
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071213
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Browse2save: {33FFE541-5664-FF69-A150-777D1B61279A} - c:\programdata\browse2save\50f618a727f37.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "c:\users\daniel\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe
uRun: [Dxtory Update Checker 2.0] c:\program files\dxtory software\dxtory2.0\UpdateChecker.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [] c:\program files\broadcom\wirelessbcm mimo\utility\Wlan11ag.exe -hide
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\daniel\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\wallma~1.lnk - c:\program files\wallmaster\wallmast.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\runreg~1.lnk - c:\program files\virtualdub-1.9.8\wificonnector\NintendoWFCReg.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0CF2DEFC-787A-476C-A989-D9348198D4EA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{16B20A20-DF9F-4B1C-9C11-D01F087DDD99} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B01E3DB2-4418-4D01-BD0D-C38649378A72} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~2\goec62~1.dll c:\progra~1\browse~1\sprote~1.dll c:\progra~1\justbr~1\sprote~1.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 Spyware Info | Spyware Info | spyware software | spyware program | protection spyware
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\yjzb6v4l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.just-browse.info/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://websearch.just-browse.info/
FF - prefs.js: keyword.URL - hxxp://websearch.just-browse.info/?l=1&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\yjzb6v4l.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\users\daniel\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\daniel\appdata\local\huludesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-15 22:04; 50f618a727da6@50f618a727ddf.com; c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\yjzb6v4l.default\extensions\50f618a727da6@50f618a727ddf.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 MpKsl0c9ba85a;MpKsl0c9ba85a;c:\programdata\microsoft\microsoft antimalware\definition updates\{ed1e2fb2-ce95-43e2-b86c-d7f71d3fe86e}\MpKsl0c9ba85a.sys [2013-1-16 29904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-9-27 217600]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2011-2-19 20328]
R2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-12-30 25832]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-2-22 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
R2 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2011-5-17 366872]
R2 RadeonPro Support Service;RadeonPro Support Service;c:\program files\radeonpro\RadeonProSupport.exe [2012-4-25 12800]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2012-2-23 83984]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-15 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-5 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2011-5-19 401920]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\common files\futuremark shared\futuremark systeminfo\FMSISvc.exe [2011-2-14 129440]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-13 30192]
S3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-12-13 5632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-5 21104]
.
=============== Created Last 30 ================
.
2013-01-16 05:00:52 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ed1e2fb2-ce95-43e2-b86c-d7f71d3fe86e}\MpKsl0c9ba85a.sys
2013-01-16 02:43:04 -------- d-----w- c:\programdata\Cloud Software LTD
2013-01-16 02:43:03 -------- d-----w- c:\program files\JustBrowse
2013-01-16 02:42:01 -------- d-----w- c:\program files\BrowseToSave
2013-01-16 02:41:52 -------- d-----w- c:\programdata\Browse2save
2013-01-15 19:36:13 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ed1e2fb2-ce95-43e2-b86c-d7f71d3fe86e}\mpengine.dll
2013-01-14 19:35:05 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-12 08:36:59 917552 ----a-w- c:\program files\mozilla firefox\firefox.exe
2013-01-11 18:50:58 -------- d-----w- c:\program files\iPod
2013-01-11 18:50:56 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-09 08:46:13 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 08:45:29 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 08:45:26 1400832 ----a-w- c:\windows\system32\msxml6.dll
2012-12-31 20:27:15 -------- d-----w- c:\users\daniel\appdata\roaming\FairyBloomReTrial
2012-12-22 19:02:29 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 19:02:29 293376 ----a-w- c:\windows\system32\atmfd.dll
.
==================== Find3M ====================
.
2013-01-09 04:00:19 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 04:00:18 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-25 01:54:02 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-12-25 01:53:53 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-25 01:53:53 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-12-24 20:46:35 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-08 16:07:09 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-13 05:42:55 16574016 ----a-w- c:\program files\Firefox Setup 13.0.exe
2012-04-12 04:08:33 5472996 ----a-w- c:\program files\gamefly_update_1.0.1668.exe
2012-01-21 01:53:43 2105040 ----a-w- c:\program files\PeerBlock-Setup_v1.1_r518.exe
2011-03-05 04:04:51 14755424 ----a-w- c:\program files\Dropbox 1.0.20.exe
.
============= FINISH: 0:27:32.00 ===============
Right now the only stymptom I've noticed is that whenever I open a browser, it opens to a search engine called "websearch" or something. I haven't used it at all of course and nothing really shows up on the front page of that search engine because I have its scripts blocked. I haven't seen any other effects on my computer or any ads different from what I usually saw before. The homepage change in Chrome, Firefox, and IE is the only change I've seen.
Before coming here and following the instructions on this board I scanned with Spybot Search & Destroy as well as Malwarebytes. They both found some basic trojans and adware but after getting rid of those the "websearch" page still shows up whenever I open a browser. I also completely got rid of that original exe file.
Edit: I'd like to add that for all the browsers I changed the settings back to what I had before so my original home pages show up. They didn't change back to show "websearch" or anything, so that last symptom is gone, but I have no way of knowing if the spyware is still there. I'm really just posting this year so I can have some experts look through my logs to make absolutely sure.
Here's the DDS log:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0
Run by Daniel at 0:25:55 on 2013-01-16
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3069.1310 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
h:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
C:\Program Files\RadeonPro\RadeonProSupport.exe
C:\Windows\system32\java.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\VirtualDub-1.9.8\WiFiConnector\NintendoWFCReg.exe
C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\taskeng.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.just-browse.info/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://websearch.just-browse.info/
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071213
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Browse2save: {33FFE541-5664-FF69-A150-777D1B61279A} - c:\programdata\browse2save\50f618a727f37.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "c:\users\daniel\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe
uRun: [Dxtory Update Checker 2.0] c:\program files\dxtory software\dxtory2.0\UpdateChecker.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [] c:\program files\broadcom\wirelessbcm mimo\utility\Wlan11ag.exe -hide
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\daniel\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\wallma~1.lnk - c:\program files\wallmaster\wallmast.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\runreg~1.lnk - c:\program files\virtualdub-1.9.8\wificonnector\NintendoWFCReg.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0CF2DEFC-787A-476C-A989-D9348198D4EA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{16B20A20-DF9F-4B1C-9C11-D01F087DDD99} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B01E3DB2-4418-4D01-BD0D-C38649378A72} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~2\goec62~1.dll c:\progra~1\browse~1\sprote~1.dll c:\progra~1\justbr~1\sprote~1.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 Spyware Info | Spyware Info | spyware software | spyware program | protection spyware
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\yjzb6v4l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.just-browse.info/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://websearch.just-browse.info/
FF - prefs.js: keyword.URL - hxxp://websearch.just-browse.info/?l=1&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\yjzb6v4l.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\users\daniel\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\daniel\appdata\local\huludesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-15 22:04; 50f618a727da6@50f618a727ddf.com; c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\yjzb6v4l.default\extensions\50f618a727da6@50f618a727ddf.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 MpKsl0c9ba85a;MpKsl0c9ba85a;c:\programdata\microsoft\microsoft antimalware\definition updates\{ed1e2fb2-ce95-43e2-b86c-d7f71d3fe86e}\MpKsl0c9ba85a.sys [2013-1-16 29904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-9-27 217600]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2011-2-19 20328]
R2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-12-30 25832]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-2-22 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
R2 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2011-5-17 366872]
R2 RadeonPro Support Service;RadeonPro Support Service;c:\program files\radeonpro\RadeonProSupport.exe [2012-4-25 12800]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2012-2-23 83984]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-15 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-5 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2011-5-19 401920]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\common files\futuremark shared\futuremark systeminfo\FMSISvc.exe [2011-2-14 129440]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-13 30192]
S3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-12-13 5632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-5 21104]
.
=============== Created Last 30 ================
.
2013-01-16 05:00:52 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ed1e2fb2-ce95-43e2-b86c-d7f71d3fe86e}\MpKsl0c9ba85a.sys
2013-01-16 02:43:04 -------- d-----w- c:\programdata\Cloud Software LTD
2013-01-16 02:43:03 -------- d-----w- c:\program files\JustBrowse
2013-01-16 02:42:01 -------- d-----w- c:\program files\BrowseToSave
2013-01-16 02:41:52 -------- d-----w- c:\programdata\Browse2save
2013-01-15 19:36:13 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ed1e2fb2-ce95-43e2-b86c-d7f71d3fe86e}\mpengine.dll
2013-01-14 19:35:05 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-12 08:36:59 917552 ----a-w- c:\program files\mozilla firefox\firefox.exe
2013-01-11 18:50:58 -------- d-----w- c:\program files\iPod
2013-01-11 18:50:56 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-09 08:46:13 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 08:45:29 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 08:45:26 1400832 ----a-w- c:\windows\system32\msxml6.dll
2012-12-31 20:27:15 -------- d-----w- c:\users\daniel\appdata\roaming\FairyBloomReTrial
2012-12-22 19:02:29 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 19:02:29 293376 ----a-w- c:\windows\system32\atmfd.dll
.
==================== Find3M ====================
.
2013-01-09 04:00:19 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 04:00:18 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-25 01:54:02 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-12-25 01:53:53 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-25 01:53:53 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-12-24 20:46:35 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-08 16:07:09 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-13 05:42:55 16574016 ----a-w- c:\program files\Firefox Setup 13.0.exe
2012-04-12 04:08:33 5472996 ----a-w- c:\program files\gamefly_update_1.0.1668.exe
2012-01-21 01:53:43 2105040 ----a-w- c:\program files\PeerBlock-Setup_v1.1_r518.exe
2011-03-05 04:04:51 14755424 ----a-w- c:\program files\Dropbox 1.0.20.exe
.
============= FINISH: 0:27:32.00 ===============