Hi!
Avast Free reads that the computer is infected by a Trojan Horse.
Name of Trojan Horse: HTML:Framer-D [Trj]
Locations (as reported by the Avast Free Scan) [enclosed .doc file is a screen capture of the following threads]:
Nevertheless, here are the threads:
- Malwarebyte Free and IObit Malware Fighter Free did not detect the Trojan.
- Before joining this forum, I ran ComboFix and I have a report in txt format. Running ComboFix was suggested by an Avast support team member, but I realize that I need more help to remove the Trojan.
- I do not have/have access to a Windows Install disc or a Boot CD.
I hope you have all you need to help me, and I thank you for all your anticipated help!
Louisel
DDS File Text:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16438 BrowserJavaVersion: 10.13.2
Run by Rock at 16:38:47 on 2013-02-04
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.2815.1565 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PDF Architect\HelperService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\PDF Architect\ConversionService.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Rock\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Mind X\Mind X.exe
C:\Windows\system32\IoctlSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.search.yahoo.com?type=198484&fr=spigot-yhp-ie
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - c:\program files\pdf architect\PDFIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare ultimate\browerprotect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - c:\program files\pdf architect\PDFIEPlugin.dll
uRun: [cdloader] "c:\users\rock\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DATAMNGR] c:\progra~1\wi3c8a~1\datamngr\DATAMN~1.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
dRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
StartupFolder: c:\users\rock\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rock\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\rock\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\users\rock\appdata\roaming\micros~1\windows\startm~1\programs\startup\mindx~1.lnk - c:\program files\mind x\Mind X.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 205.151.67.2 205.151.67.6
TCP: Interfaces\{2F62C161-B6FB-42FF-99F3-B02D253A64A3} : DHCPNameServer = 205.151.67.2 205.151.67.6
TCP: Interfaces\{D36BC23D-4AEC-4AC2-8AA4-2C19DD7D63BC} : NameServer = 64.71.255.198 64.71.255.253
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs= c:\progra~1\wi3c8a~1\datamngr\datamngr.dll c:\progra~1\wi3c8a~1\datamngr\IEBHO.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rock\appdata\roaming\mozilla\firefox\profiles\khnu4ryg.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://blu173.mail.live.com/default.aspx?id=64855
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\rock\appdata\roaming\mozilla\firefox\profiles\khnu4ryg.default\extensions\{249d74a3-bd19-4657-b6ce-e62f480a20de}\plugins\np-mswmp.dll
FF - plugin: c:\users\rock\appdata\roaming\mozilla\firefox\profiles\khnu4ryg.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-02-03 01:35; FFPDFArchitectConverter@pdfarchitect.com; c:\program files\pdf architect\FFPDFArchitectExt
FF - ExtSQL: 2013-02-03 04:27; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\logitech\setpointp\LogiSmoothFirefoxExt
FF - ExtSQL: 2013-02-04 02:43; ascsurfingprotection@iobit.com; c:\users\rock\appdata\roaming\mozilla\firefox\profiles\khnu4ryg.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: !HIDDEN! 2011-12-24 19:34; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\windows ilivid toolbar\datamngr\FirefoxExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack -
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar_i.id - de95e7b5000000000000001c252e11b3
FF - user.js: extensions.BabylonToolbar_i.hardId - de95e7b5000000000000001c252e11b3
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:55:21
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.autoDisableScopes - 14//iBryte
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-8-21 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-30 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-30 361032]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-2-4 465216]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-30 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-30 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-11-1 44808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-12 682344]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\pdf architect\HelperService.exe [2013-1-9 1324104]
R2 PDF Architect Service;PDF Architect Service;c:\program files\pdf architect\ConversionService.exe [2013-1-9 795208]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-12-29 383416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-26 21104]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2012-3-27 319264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2007-1-18 670592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\bcl technologies\easyconverter sdk 3\common\becldr.exe [2011-4-19 176128]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2013-1-25 312704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-18 14848]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [2012-9-15 215552]
S3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [2012-9-15 83968]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2012-9-15 237568]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-18 49664]
S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-12 1343400]
.
=============== Created Last 30 ================
.
2013-02-04 20:08:13 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-04 20:05:39 -------- d-----w- c:\users\rock\appdata\local\temp
2013-02-04 19:55:04 98816 ----a-w- c:\windows\sed.exe
2013-02-04 19:55:04 256000 ----a-w- c:\windows\PEV.exe
2013-02-04 19:55:04 208896 ----a-w- c:\windows\MBR.exe
2013-02-04 19:54:52 -------- d-----w- C:\ComboFix
2013-02-04 18:47:48 -------- d-----r- c:\users\rock\appdata\roaming\Brother
2013-02-04 08:02:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-04 07:43:27 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-02-04 07:43:24 -------- d-----w- c:\programdata\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-02-04 01:21:18 -------- d-----w- C:\ZHP
2013-02-04 01:21:18 -------- d-----w- c:\program files\ZHPDiag
2013-02-03 10:56:41 -------- d-----w- c:\users\rock\appdata\roaming\PDF Architect
2013-02-03 10:26:33 -------- d-----w- c:\users\rock\appdata\roaming\Coby Media Manager
2013-02-03 10:25:28 -------- d-----w- c:\users\rock\appdata\roaming\Coby
2013-02-03 09:57:56 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2013-02-03 09:57:56 539160 ----a-w- c:\windows\system32\LVUI2.dll
2013-02-03 09:57:56 34068 ----a-w- c:\windows\system32\Repository.reg
2013-02-03 09:57:55 416280 ----a-w- c:\windows\system32\LVCodec2.dll
2013-02-03 09:57:55 265496 ----a-w- c:\windows\system32\drivers\lvrs.sys
2013-02-03 09:57:55 199192 ----a-w- c:\windows\system32\lvci1201278.dll
2013-02-03 09:57:55 13976 ----a-w- c:\windows\system32\drivers\lv302af.sys
2013-02-03 09:28:32 53248 ----a-r- c:\users\rock\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2013-02-03 09:28:14 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-02-03 09:26:49 -------- d-----w- c:\users\rock\appdata\roaming\Logishrd
2013-02-03 09:10:36 -------- d-----w- c:\program files\Marvell
2013-02-03 08:56:18 8904632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-03 08:56:18 6263784 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-03 08:56:18 20450232 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-03 08:56:17 7931896 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-03 08:56:17 2720696 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-03 08:56:17 1985976 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-03 08:56:17 15129064 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-03 08:56:16 17560504 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-03 08:39:09 -------- d-----w- c:\program files\ma-config.com
2013-02-03 08:39:08 -------- d-----w- c:\programdata\ma-config.com
2013-02-03 07:26:28 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-03 06:46:03 -------- d-----w- c:\users\rock\appdata\roaming\0P0T0F
2013-02-03 06:34:48 -------- d-----w- c:\program files\PDF Architect
2013-02-03 06:34:16 -------- d-----w- c:\users\rock\appdata\roaming\OpenCandy
2013-02-03 05:43:39 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2013-02-03 05:43:39 296960 ----a-w- c:\windows\winhlp32.exe
2013-02-03 05:43:39 195072 ----a-w- c:\windows\system32\ftsrch.dll
2013-02-03 05:43:39 10240 ----a-w- c:\windows\system32\ftlx041e.dll
2013-02-03 05:01:09 -------- d-----w- c:\program files\MyPC Backup
2013-02-03 04:35:44 -------- d-----w- c:\users\rock\appdata\roaming\KompoZer
2013-02-03 04:10:58 -------- d-----w- c:\program files\BCL Technologies
2013-02-03 04:10:54 -------- d-----w- c:\users\rock\appdata\roaming\Pdf2Word
2013-02-03 04:10:54 -------- d-----w- c:\program files\bioPDF
2013-02-03 03:22:27 126976 ------w- c:\windows\system32\BrfxD05b.dll
2013-02-03 03:22:24 73728 ------w- c:\windows\system32\BrDctF2.dll
2013-02-03 03:22:24 5120 ------w- c:\windows\system32\BrDctF2L.dll
2013-02-03 03:22:24 3072 ------w- c:\windows\system32\BrDctF2S.dll
2013-02-03 03:22:24 176128 ------w- c:\windows\system32\BroSNMP.dll
2013-02-03 03:22:18 -------- d-----w- c:\program files\Brother
2013-02-03 03:22:17 167936 ------w- c:\windows\system32\NSSearch.dll
2013-02-03 03:21:29 -------- d-----w- c:\programdata\Brother
2013-02-03 02:27:50 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2013-02-03 02:27:50 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2013-02-03 02:17:17 -------- d-----w- c:\users\rock\appdata\local\Zoom_Downloader
2013-02-03 01:08:25 -------- d-----w- c:\windows\en-US
2013-02-03 01:08:24 -------- d-----w- c:\windows\system32\en
2013-02-03 01:08:24 -------- d-----w- c:\windows\system32\0409
2013-02-03 01:08:23 -------- d-----w- c:\windows\system32\drivers\umdf\en-US
2013-02-03 01:08:23 -------- d-----w- c:\windows\system32\drivers\en-US
2013-02-03 01:08:07 -------- d-----w- c:\windows\system32\wbem\en-US
2013-02-03 01:03:38 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\en-us\LXKPTPRC.DLL.mui
2013-02-02 23:30:07 -------- d-----w- c:\users\rock\appdata\roaming\Software Informer
2013-02-02 23:30:06 -------- d-----w- c:\program files\Software Informer
2013-02-02 22:03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-02 19:30:31 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2f2fa919-e89f-4031-b605-4cb55b25d6fd}\mpengine.dll
2013-01-30 00:52:20 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-01-26 20:50:44 -------- d-----w- c:\users\rock\appdata\roaming\Windows Live Writer
2013-01-26 20:50:44 -------- d-----w- c:\users\rock\appdata\local\Windows Live Writer
2013-01-26 20:44:34 -------- d-----w- c:\users\rock\Tracing
2013-01-26 20:42:11 -------- d-----w- c:\windows\fr
2013-01-26 20:41:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-01-26 20:38:38 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-01-26 20:38:38 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-01-26 20:38:37 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-01-26 20:38:37 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-01-26 20:37:58 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-01-26 20:37:24 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-01-26 20:36:47 5659096 -c--a-w- c:\program files\common files\windows live\.cache\ab746ba31cdfc0402\skydrivesetup.exe
2013-01-26 20:36:47 -------- d-----w- c:\program files\Microsoft SkyDrive
2013-01-26 20:36:45 -------- d-----r- c:\users\rock\SkyDrive
2013-01-26 20:36:25 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-01-26 20:35:17 -------- d-----w- c:\users\rock\appdata\local\Windows Live
2013-01-26 20:35:04 -------- d-----w- c:\program files\common files\Windows Live
2013-01-23 03:30:02 -------- d-----w- c:\users\rock\appdata\roaming\com.kamicode.mindex
2013-01-23 03:29:58 -------- d-----w- c:\program files\Mind X
2013-01-09 06:45:20 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 06:45:19 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 06:45:17 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 06:45:06 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 06:45:00 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 06:45:00 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-06 16:01:01 -------- d-----r- c:\users\rock\Dropbox
2013-01-06 15:56:47 -------- d-----w- c:\users\rock\appdata\roaming\Dropbox
.
==================== Find3M ====================
.
2013-02-03 07:26:28 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-02-03 06:27:28 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-03 06:27:28 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-02 22:03:28 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-02 22:03:28 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-15 23:49:08 23872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-12-29 10:26:54 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-29 10:26:54 2504248 ----a-w- c:\windows\system32\nvapi.dll
2012-12-29 10:26:54 12641120 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-29 10:26:54 1017272 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-29 08:26:22 4129720 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:26:22 3001272 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-29 08:25:57 639928 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:25:57 62904 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:25:57 2557880 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-29 08:25:57 108984 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 07:54:24 550328 ----a-w- c:\windows\system32\nvStreaming.exe
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-05 06:14:00 200192 ----a-w- c:\windows\system32\bzpdf.dll
2012-12-05 06:14:00 139264 ----a-w- c:\windows\system32\bzpdfc.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-19 03:10:40 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-19 03:10:40 247808 ----a-w- c:\windows\system32\schannel.dll
2012-11-19 03:10:40 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-19 03:10:40 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 16:39:04,82 ===============
Avast Free reads that the computer is infected by a Trojan Horse.
Name of Trojan Horse: HTML:Framer-D [Trj]
Locations (as reported by the Avast Free Scan) [enclosed .doc file is a screen capture of the following threads]:
- D:\Users\LOUISE\Documents\Loisirs\Textes et présentations\60SecondesMystiques.pps|>Pictures
- D:\Users\LOUISE\Documents\Loisirs\Textes et présentations\60_secondes_mystiques.pps|>Pictures
- D:\Users\LOUISE\Mes documents - ancien\Loisirs\Textes et présentations\60SecondesMystiques.pps|>Pictures
- D:\Users\LOUISE\Mes documents - ancien\Loisirs\Textes et présentations\60_secondes_mystiques.pps|>Pictures
- A decompression bomb is located at C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img|>root.img
- There are 8 files for which Avast described the State as: Error: the archive is protected by a password. (42056) These files are located (sorry for the very long threads):
1) C:\Users\Rock\Desktop\sauvegarde Louise\Rock.ROXANE\Application Data\Bell\Sympatico Security Advisor\downloads\SuiteDeSecuriteInternetDeBell.41.exe.dir\SuiteDeSecuriteInternetDeBell.exe|>AvgIdsSetup.exe|>{app}\config\internalList.zip|>internalList.dat
2) C:\Users\Rock\Desktop\sauvegarde Louise\Rock.ROXANE\Application Data\Bell\Sympatico Security Advisor\downloads\SuiteDeSecuriteInternetDeBell.41.exe.dir\SuiteDeSecuriteInternetDeBell.exe|>AvgIdsSetup.exe|>{app}\config\internalList.zip|>info.enc
3) C:\Users\Rock\Desktop\sauvegarde Louise\Rock.ROXANE\Application Data\Bell\Sympatico Security Advisor\downloads\SuiteDeSecuriteInternetDeBell.41.exe.dir\SuiteDeSecuriteInternetDeBell.exe|>AvgIdsSetup.exe|>{app}\config\internalList.zip|>v=245;l=languageIndependent;t=3
4) C:\Users\Rock\Downloads\utility_driver_tew-421pc_423pi-whql.zip|>autorum.apm|>amsdata.dat5) to 8) I wasn't able to locate these files using Windows Explorer.
Nevertheless, here are the threads:
5) D:\Documents and Settings\Rock\Desktop\sauvegarde Louise\Rock.ROXANE\Application Data\Bell\Sympatico Security Advisor\downloads\SuiteDeSecuriteInternetDeBell.41.exe.dir\SuiteDeSecuriteInternetDeBell.exe|>AvgIdsSetup.exe|>{app}\config\internalList.zip|>internalList.dat
6) D:\Documents and Settings\Rock\Desktop\sauvegarde Louise\Rock.ROXANE\Application Data\Bell\Sympatico Security Advisor\downloads\SuiteDeSecuriteInternetDeBell.41.exe.dir\SuiteDeSecuriteInternetDeBell.exe|>AvgIdsSetup.exe|>{app}\config\internalList.zip|>info.enc
7) D:\Documents and Settings\Rock\Desktop\sauvegarde Louise\Rock.ROXANE\Application Data\Bell\Sympatico Security Advisor\downloads\SuiteDeSecuriteInternetDeBell.41.exe.dir\SuiteDeSecuriteInternetDeBell.exe|>AvgIdsSetup.exe|>{app}\config\internalList.zip|>v=245;l=languageIndependent;t=3
8 D:\Documents and Settings\Rock\Downloads\utility_driver_tew-421pc_423pi-whql.zip|>autorun.apm|>amsdata.datComplementary information:
- Malwarebyte Free and IObit Malware Fighter Free did not detect the Trojan.
- Before joining this forum, I ran ComboFix and I have a report in txt format. Running ComboFix was suggested by an Avast support team member, but I realize that I need more help to remove the Trojan.
- I do not have/have access to a Windows Install disc or a Boot CD.
I hope you have all you need to help me, and I thank you for all your anticipated help!
Louisel
DDS File Text:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16438 BrowserJavaVersion: 10.13.2
Run by Rock at 16:38:47 on 2013-02-04
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.2815.1565 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PDF Architect\HelperService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\PDF Architect\ConversionService.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Rock\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Mind X\Mind X.exe
C:\Windows\system32\IoctlSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.search.yahoo.com?type=198484&fr=spigot-yhp-ie
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - c:\program files\pdf architect\PDFIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare ultimate\browerprotect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - c:\program files\pdf architect\PDFIEPlugin.dll
uRun: [cdloader] "c:\users\rock\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DATAMNGR] c:\progra~1\wi3c8a~1\datamngr\DATAMN~1.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
dRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
StartupFolder: c:\users\rock\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rock\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\rock\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\users\rock\appdata\roaming\micros~1\windows\startm~1\programs\startup\mindx~1.lnk - c:\program files\mind x\Mind X.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 205.151.67.2 205.151.67.6
TCP: Interfaces\{2F62C161-B6FB-42FF-99F3-B02D253A64A3} : DHCPNameServer = 205.151.67.2 205.151.67.6
TCP: Interfaces\{D36BC23D-4AEC-4AC2-8AA4-2C19DD7D63BC} : NameServer = 64.71.255.198 64.71.255.253
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs= c:\progra~1\wi3c8a~1\datamngr\datamngr.dll c:\progra~1\wi3c8a~1\datamngr\IEBHO.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rock\appdata\roaming\mozilla\firefox\profiles\khnu4ryg.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://blu173.mail.live.com/default.aspx?id=64855
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\rock\appdata\roaming\mozilla\firefox\profiles\khnu4ryg.default\extensions\{249d74a3-bd19-4657-b6ce-e62f480a20de}\plugins\np-mswmp.dll
FF - plugin: c:\users\rock\appdata\roaming\mozilla\firefox\profiles\khnu4ryg.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-02-03 01:35; FFPDFArchitectConverter@pdfarchitect.com; c:\program files\pdf architect\FFPDFArchitectExt
FF - ExtSQL: 2013-02-03 04:27; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\logitech\setpointp\LogiSmoothFirefoxExt
FF - ExtSQL: 2013-02-04 02:43; ascsurfingprotection@iobit.com; c:\users\rock\appdata\roaming\mozilla\firefox\profiles\khnu4ryg.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: !HIDDEN! 2011-12-24 19:34; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\windows ilivid toolbar\datamngr\FirefoxExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack -
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar_i.id - de95e7b5000000000000001c252e11b3
FF - user.js: extensions.BabylonToolbar_i.hardId - de95e7b5000000000000001c252e11b3
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:55:21
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.autoDisableScopes - 14//iBryte
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-8-21 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-30 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-30 361032]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-2-4 465216]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-30 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-30 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-11-1 44808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-12 682344]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\pdf architect\HelperService.exe [2013-1-9 1324104]
R2 PDF Architect Service;PDF Architect Service;c:\program files\pdf architect\ConversionService.exe [2013-1-9 795208]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-12-29 383416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-26 21104]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2012-3-27 319264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2007-1-18 670592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\bcl technologies\easyconverter sdk 3\common\becldr.exe [2011-4-19 176128]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2013-1-25 312704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-18 14848]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [2012-9-15 215552]
S3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [2012-9-15 83968]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2012-9-15 237568]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-18 49664]
S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-12 1343400]
.
=============== Created Last 30 ================
.
2013-02-04 20:08:13 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-04 20:05:39 -------- d-----w- c:\users\rock\appdata\local\temp
2013-02-04 19:55:04 98816 ----a-w- c:\windows\sed.exe
2013-02-04 19:55:04 256000 ----a-w- c:\windows\PEV.exe
2013-02-04 19:55:04 208896 ----a-w- c:\windows\MBR.exe
2013-02-04 19:54:52 -------- d-----w- C:\ComboFix
2013-02-04 18:47:48 -------- d-----r- c:\users\rock\appdata\roaming\Brother
2013-02-04 08:02:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-04 07:43:27 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-02-04 07:43:24 -------- d-----w- c:\programdata\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-02-04 01:21:18 -------- d-----w- C:\ZHP
2013-02-04 01:21:18 -------- d-----w- c:\program files\ZHPDiag
2013-02-03 10:56:41 -------- d-----w- c:\users\rock\appdata\roaming\PDF Architect
2013-02-03 10:26:33 -------- d-----w- c:\users\rock\appdata\roaming\Coby Media Manager
2013-02-03 10:25:28 -------- d-----w- c:\users\rock\appdata\roaming\Coby
2013-02-03 09:57:56 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2013-02-03 09:57:56 539160 ----a-w- c:\windows\system32\LVUI2.dll
2013-02-03 09:57:56 34068 ----a-w- c:\windows\system32\Repository.reg
2013-02-03 09:57:55 416280 ----a-w- c:\windows\system32\LVCodec2.dll
2013-02-03 09:57:55 265496 ----a-w- c:\windows\system32\drivers\lvrs.sys
2013-02-03 09:57:55 199192 ----a-w- c:\windows\system32\lvci1201278.dll
2013-02-03 09:57:55 13976 ----a-w- c:\windows\system32\drivers\lv302af.sys
2013-02-03 09:28:32 53248 ----a-r- c:\users\rock\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2013-02-03 09:28:14 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-02-03 09:26:49 -------- d-----w- c:\users\rock\appdata\roaming\Logishrd
2013-02-03 09:10:36 -------- d-----w- c:\program files\Marvell
2013-02-03 08:56:18 8904632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-03 08:56:18 6263784 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-03 08:56:18 20450232 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-03 08:56:17 7931896 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-03 08:56:17 2720696 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-03 08:56:17 1985976 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-03 08:56:17 15129064 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-03 08:56:16 17560504 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-03 08:39:09 -------- d-----w- c:\program files\ma-config.com
2013-02-03 08:39:08 -------- d-----w- c:\programdata\ma-config.com
2013-02-03 07:26:28 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-03 06:46:03 -------- d-----w- c:\users\rock\appdata\roaming\0P0T0F
2013-02-03 06:34:48 -------- d-----w- c:\program files\PDF Architect
2013-02-03 06:34:16 -------- d-----w- c:\users\rock\appdata\roaming\OpenCandy
2013-02-03 05:43:39 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2013-02-03 05:43:39 296960 ----a-w- c:\windows\winhlp32.exe
2013-02-03 05:43:39 195072 ----a-w- c:\windows\system32\ftsrch.dll
2013-02-03 05:43:39 10240 ----a-w- c:\windows\system32\ftlx041e.dll
2013-02-03 05:01:09 -------- d-----w- c:\program files\MyPC Backup
2013-02-03 04:35:44 -------- d-----w- c:\users\rock\appdata\roaming\KompoZer
2013-02-03 04:10:58 -------- d-----w- c:\program files\BCL Technologies
2013-02-03 04:10:54 -------- d-----w- c:\users\rock\appdata\roaming\Pdf2Word
2013-02-03 04:10:54 -------- d-----w- c:\program files\bioPDF
2013-02-03 03:22:27 126976 ------w- c:\windows\system32\BrfxD05b.dll
2013-02-03 03:22:24 73728 ------w- c:\windows\system32\BrDctF2.dll
2013-02-03 03:22:24 5120 ------w- c:\windows\system32\BrDctF2L.dll
2013-02-03 03:22:24 3072 ------w- c:\windows\system32\BrDctF2S.dll
2013-02-03 03:22:24 176128 ------w- c:\windows\system32\BroSNMP.dll
2013-02-03 03:22:18 -------- d-----w- c:\program files\Brother
2013-02-03 03:22:17 167936 ------w- c:\windows\system32\NSSearch.dll
2013-02-03 03:21:29 -------- d-----w- c:\programdata\Brother
2013-02-03 02:27:50 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2013-02-03 02:27:50 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2013-02-03 02:17:17 -------- d-----w- c:\users\rock\appdata\local\Zoom_Downloader
2013-02-03 01:08:25 -------- d-----w- c:\windows\en-US
2013-02-03 01:08:24 -------- d-----w- c:\windows\system32\en
2013-02-03 01:08:24 -------- d-----w- c:\windows\system32\0409
2013-02-03 01:08:23 -------- d-----w- c:\windows\system32\drivers\umdf\en-US
2013-02-03 01:08:23 -------- d-----w- c:\windows\system32\drivers\en-US
2013-02-03 01:08:07 -------- d-----w- c:\windows\system32\wbem\en-US
2013-02-03 01:03:38 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\en-us\LXKPTPRC.DLL.mui
2013-02-02 23:30:07 -------- d-----w- c:\users\rock\appdata\roaming\Software Informer
2013-02-02 23:30:06 -------- d-----w- c:\program files\Software Informer
2013-02-02 22:03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-02 19:30:31 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2f2fa919-e89f-4031-b605-4cb55b25d6fd}\mpengine.dll
2013-01-30 00:52:20 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-01-26 20:50:44 -------- d-----w- c:\users\rock\appdata\roaming\Windows Live Writer
2013-01-26 20:50:44 -------- d-----w- c:\users\rock\appdata\local\Windows Live Writer
2013-01-26 20:44:34 -------- d-----w- c:\users\rock\Tracing
2013-01-26 20:42:11 -------- d-----w- c:\windows\fr
2013-01-26 20:41:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-01-26 20:38:38 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-01-26 20:38:38 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-01-26 20:38:37 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-01-26 20:38:37 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-01-26 20:37:58 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-01-26 20:37:24 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-01-26 20:36:47 5659096 -c--a-w- c:\program files\common files\windows live\.cache\ab746ba31cdfc0402\skydrivesetup.exe
2013-01-26 20:36:47 -------- d-----w- c:\program files\Microsoft SkyDrive
2013-01-26 20:36:45 -------- d-----r- c:\users\rock\SkyDrive
2013-01-26 20:36:25 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-01-26 20:35:17 -------- d-----w- c:\users\rock\appdata\local\Windows Live
2013-01-26 20:35:04 -------- d-----w- c:\program files\common files\Windows Live
2013-01-23 03:30:02 -------- d-----w- c:\users\rock\appdata\roaming\com.kamicode.mindex
2013-01-23 03:29:58 -------- d-----w- c:\program files\Mind X
2013-01-09 06:45:20 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 06:45:19 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 06:45:17 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 06:45:06 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 06:45:00 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 06:45:00 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-06 16:01:01 -------- d-----r- c:\users\rock\Dropbox
2013-01-06 15:56:47 -------- d-----w- c:\users\rock\appdata\roaming\Dropbox
.
==================== Find3M ====================
.
2013-02-03 07:26:28 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-02-03 06:27:28 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-03 06:27:28 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-02 22:03:28 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-02 22:03:28 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-15 23:49:08 23872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-12-29 10:26:54 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-29 10:26:54 2504248 ----a-w- c:\windows\system32\nvapi.dll
2012-12-29 10:26:54 12641120 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-29 10:26:54 1017272 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-29 08:26:22 4129720 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:26:22 3001272 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-29 08:25:57 639928 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:25:57 62904 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:25:57 2557880 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-29 08:25:57 108984 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 07:54:24 550328 ----a-w- c:\windows\system32\nvStreaming.exe
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-05 06:14:00 200192 ----a-w- c:\windows\system32\bzpdf.dll
2012-12-05 06:14:00 139264 ----a-w- c:\windows\system32\bzpdfc.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-19 03:10:40 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-19 03:10:40 247808 ----a-w- c:\windows\system32\schannel.dll
2012-11-19 03:10:40 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-19 03:10:40 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 16:39:04,82 ===============