I do virus/malware scans regularly, and neither MSE or MalwareBytes found the following infected file.
Today i thought i'd run an ESET scan just to see if it picked up anything, and it did. It found Yontoo adware. Unfortunately ESET did not allow me the option to get rid of it.
I tried doing the gmer scan but got a blue screen. I then did a quick scan and have attached that to the attachment. I have also posted the location (found by ESET) of the infected file in the attachment
The is what the ESET website says about Yontoo: Yontoo has been detected by ESET, what should I do? - ESET Knowledgebase
I do not have a windows cd.
All help much appreciated.
Thanks.
--------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by PC World at 22:01:34 on 2013-05-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8174.5723 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Microsoft Digital Experience\Microsoft.MDX.AnalyticsService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIEDE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=GB&userid=9dd62a61-4201-4359-b73f-57ae61f35443&searchtype=ds&q={searchTerms}&installDate={installDate}
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=GB&userid=9dd62a61-4201-4359-b73f-57ae61f35443&searchtype=ds&q={searchTerms}&installDate={installDate}
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [Reminder] C:\Program Files (x86)\TTG\Reminder\Reminder.exe
uRun: [DockBar] C:\Applications\Tools\DockBar\DockBar.exe
uRun: [Recovery Backup Wizard] C:\Program Files (x86)\TTG\Reminder\Reminder.exe
uRun: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\Users\PCWORL~1\AppData\Local\Temp\E_S35DD.tmp" /EF "HKCU"
mRun: [LedIndicatorKeyboardDriver] "C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe" showhide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{31E46EA1-7D02-444C-B424-B9CA5EBC3C03} : DHCPNameServer = 85.189.102.5 85.189.39.5
TCP: Interfaces\{523F0ECD-924B-4218-861D-CB5FE6CF6267} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.5.0.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-04-25 16:08; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-04-25 16:18; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-04-25 16:18; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-25 16:31; ffxtlbr@zonealarm.com; C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\extensions\ffxtlbr@zonealarm.com
FF - ExtSQL: 2013-04-25 16:31; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-04-25 19:09; {66E978CD-981F-47DF-AC42-E3CF417C1467}; C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
FF - ExtSQL: 2013-04-30 12:08; firefox@mega.co.nz; C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\extensions\firefox@mega.co.nz.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.hpOld0 - Google
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=9fd7c2f94b31435081a8e8293504cb27&tu=10G90007k2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - c2bd7182000000000000d027889e5a55
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15820
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1116:29:12
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN31458042753515-1620
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=9fd7c2f94b31435081a8e8293504cb27&tu=10G90007k2B0008&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=9fd7c2f94b31435081a8e8293504cb27&tu=10G90007k2B0008&sku=&tstsId=&ver=&
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-2-16 165112]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-11-22 828072]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-10 418376]
R2 MDXAnalyticsService;Microsoft Digital Experience Analytics Service;C:\Program Files (x86)\Microsoft Digital Experience\Microsoft.MDX.AnalyticsService.exe [2011-10-13 27136]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-31 2656536]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-31 169584]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-23 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-10 701512]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-19 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4a\RpcAgentSrv.exe [2012-6-6 95896]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-21 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-06 19:51:53 -------- d-----w- C:\Program Files (x86)\ESET
2013-05-06 11:17:58 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1934A64F-B415-42FF-B6EA-0349E2A7DB23}\mpengine.dll
2013-05-05 11:11:20 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-05 02:04:49 -------- d-----w- C:\Program Files (x86)\PS3 Media Server
2013-05-04 10:59:04 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-04-25 15:29:11 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD
2013-04-25 15:29:08 -------- d-----w- C:\Users\PC World\AppData\Roaming\Check Point Software Technologies LTD
2013-04-24 09:40:06 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-23 20:50:59 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E95147A-B966-4DD9-8D95-DFB3173A22E4}\gapaengine.dll
2013-04-17 12:22:17 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-10 09:39:39 3717632 ----a-w- C:\Windows\System32\mstscax.dll
.
==================== Find3M ====================
.
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-09 17:14:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-09 17:14:59 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-03-29 02:37:06 139696 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-03-29 02:37:04 92304 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-03-29 02:37:04 118584 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-03-29 02:37:04 112440 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-03-29 02:37:02 1155264 ----a-w- C:\Windows\System32\aticfx64.dll
2013-03-29 02:37:00 970912 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-03-29 02:36:56 8272136 ----a-w- C:\Windows\System32\atidxx64.dll
2013-03-29 02:36:54 7233336 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-03-29 02:36:50 4450264 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-03-29 02:36:44 5944264 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-03-29 02:36:40 5000320 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-03-29 02:36:38 6985624 ----a-w- C:\Windows\System32\atiumd64.dll
2013-03-29 02:35:02 11658752 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-03-29 02:13:28 222720 ----a-w- C:\Windows\System32\clinfo.exe
2013-03-29 02:13:14 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-03-29 02:13:14 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-03-29 02:13:14 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-03-29 02:13:12 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-03-29 02:13:08 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-03-29 02:13:04 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-03-29 02:13:00 64000 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-03-29 02:12:56 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-03-29 02:12:48 29150720 ----a-w- C:\Windows\System32\amdocl64.dll
2013-03-29 02:10:52 23810560 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-03-29 02:09:04 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2013-03-29 02:09:00 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-03-29 02:04:42 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2013-03-29 02:00:54 76800 ----a-w- C:\Windows\System32\coinst_12.104.dll
2013-03-29 01:57:54 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-03-29 01:55:36 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-03-29 01:55:34 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-03-29 01:55:28 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-03-29 01:55:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-03-29 01:55:16 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-03-29 01:51:04 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-03-29 01:48:26 19870720 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-03-29 01:35:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-03-29 01:35:06 562688 ----a-w- C:\Windows\System32\atieclxx.exe
2013-03-29 01:34:18 241152 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-03-29 01:33:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2013-03-29 01:32:46 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-03-29 01:32:42 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2013-03-29 01:32:36 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2013-03-29 01:10:30 636416 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-03-29 01:10:20 430080 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-03-29 01:10:08 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-03-29 01:10:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-03-29 01:10:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-03-29 01:10:00 44032 ----a-w- C:\Windows\System32\atig6txx.dll
2013-03-29 01:09:52 34816 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-03-29 01:09:44 581120 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-03-29 01:07:52 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-05 01:48:12 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-05 01:48:12 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-02-14 11:41:10 96768 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2013-02-14 11:40:58 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 22:02:07.15 ===============
--------------------------------------------
Today i thought i'd run an ESET scan just to see if it picked up anything, and it did. It found Yontoo adware. Unfortunately ESET did not allow me the option to get rid of it.
I tried doing the gmer scan but got a blue screen. I then did a quick scan and have attached that to the attachment. I have also posted the location (found by ESET) of the infected file in the attachment
The is what the ESET website says about Yontoo: Yontoo has been detected by ESET, what should I do? - ESET Knowledgebase
I do not have a windows cd.
All help much appreciated.
Thanks.
--------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by PC World at 22:01:34 on 2013-05-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8174.5723 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Microsoft Digital Experience\Microsoft.MDX.AnalyticsService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIEDE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=GB&userid=9dd62a61-4201-4359-b73f-57ae61f35443&searchtype=ds&q={searchTerms}&installDate={installDate}
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=GB&userid=9dd62a61-4201-4359-b73f-57ae61f35443&searchtype=ds&q={searchTerms}&installDate={installDate}
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [Reminder] C:\Program Files (x86)\TTG\Reminder\Reminder.exe
uRun: [DockBar] C:\Applications\Tools\DockBar\DockBar.exe
uRun: [Recovery Backup Wizard] C:\Program Files (x86)\TTG\Reminder\Reminder.exe
uRun: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\Users\PCWORL~1\AppData\Local\Temp\E_S35DD.tmp" /EF "HKCU"
mRun: [LedIndicatorKeyboardDriver] "C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe" showhide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{31E46EA1-7D02-444C-B424-B9CA5EBC3C03} : DHCPNameServer = 85.189.102.5 85.189.39.5
TCP: Interfaces\{523F0ECD-924B-4218-861D-CB5FE6CF6267} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.5.0.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-04-25 16:08; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-04-25 16:18; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-04-25 16:18; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-25 16:31; ffxtlbr@zonealarm.com; C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\extensions\ffxtlbr@zonealarm.com
FF - ExtSQL: 2013-04-25 16:31; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-04-25 19:09; {66E978CD-981F-47DF-AC42-E3CF417C1467}; C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
FF - ExtSQL: 2013-04-30 12:08; firefox@mega.co.nz; C:\Users\PC World\AppData\Roaming\Mozilla\Firefox\Profiles\yfi3tz8j.default-1366902417382\extensions\firefox@mega.co.nz.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.hpOld0 - Google
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=9fd7c2f94b31435081a8e8293504cb27&tu=10G90007k2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - c2bd7182000000000000d027889e5a55
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15820
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1116:29:12
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN31458042753515-1620
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=9fd7c2f94b31435081a8e8293504cb27&tu=10G90007k2B0008&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=9fd7c2f94b31435081a8e8293504cb27&tu=10G90007k2B0008&sku=&tstsId=&ver=&
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-2-16 165112]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-11-22 828072]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-10 418376]
R2 MDXAnalyticsService;Microsoft Digital Experience Analytics Service;C:\Program Files (x86)\Microsoft Digital Experience\Microsoft.MDX.AnalyticsService.exe [2011-10-13 27136]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-31 2656536]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-31 169584]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-23 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-10 701512]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-19 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4a\RpcAgentSrv.exe [2012-6-6 95896]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-21 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-06 19:51:53 -------- d-----w- C:\Program Files (x86)\ESET
2013-05-06 11:17:58 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1934A64F-B415-42FF-B6EA-0349E2A7DB23}\mpengine.dll
2013-05-05 11:11:20 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-05 02:04:49 -------- d-----w- C:\Program Files (x86)\PS3 Media Server
2013-05-04 10:59:04 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-04-25 15:29:11 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD
2013-04-25 15:29:08 -------- d-----w- C:\Users\PC World\AppData\Roaming\Check Point Software Technologies LTD
2013-04-24 09:40:06 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-23 20:50:59 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E95147A-B966-4DD9-8D95-DFB3173A22E4}\gapaengine.dll
2013-04-17 12:22:17 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-10 09:39:39 3717632 ----a-w- C:\Windows\System32\mstscax.dll
.
==================== Find3M ====================
.
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-09 17:14:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-09 17:14:59 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-03-29 02:37:06 139696 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-03-29 02:37:04 92304 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-03-29 02:37:04 118584 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-03-29 02:37:04 112440 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-03-29 02:37:02 1155264 ----a-w- C:\Windows\System32\aticfx64.dll
2013-03-29 02:37:00 970912 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-03-29 02:36:56 8272136 ----a-w- C:\Windows\System32\atidxx64.dll
2013-03-29 02:36:54 7233336 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-03-29 02:36:50 4450264 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-03-29 02:36:44 5944264 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-03-29 02:36:40 5000320 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-03-29 02:36:38 6985624 ----a-w- C:\Windows\System32\atiumd64.dll
2013-03-29 02:35:02 11658752 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-03-29 02:13:28 222720 ----a-w- C:\Windows\System32\clinfo.exe
2013-03-29 02:13:14 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-03-29 02:13:14 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-03-29 02:13:14 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-03-29 02:13:12 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-03-29 02:13:08 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-03-29 02:13:04 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-03-29 02:13:00 64000 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-03-29 02:12:56 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-03-29 02:12:48 29150720 ----a-w- C:\Windows\System32\amdocl64.dll
2013-03-29 02:10:52 23810560 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-03-29 02:09:04 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2013-03-29 02:09:00 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-03-29 02:04:42 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2013-03-29 02:00:54 76800 ----a-w- C:\Windows\System32\coinst_12.104.dll
2013-03-29 01:57:54 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-03-29 01:55:36 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-03-29 01:55:34 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-03-29 01:55:28 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-03-29 01:55:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-03-29 01:55:16 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-03-29 01:51:04 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-03-29 01:48:26 19870720 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-03-29 01:35:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-03-29 01:35:06 562688 ----a-w- C:\Windows\System32\atieclxx.exe
2013-03-29 01:34:18 241152 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-03-29 01:33:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2013-03-29 01:32:46 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-03-29 01:32:42 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2013-03-29 01:32:36 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2013-03-29 01:10:30 636416 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-03-29 01:10:20 430080 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-03-29 01:10:08 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-03-29 01:10:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-03-29 01:10:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-03-29 01:10:00 44032 ----a-w- C:\Windows\System32\atig6txx.dll
2013-03-29 01:09:52 34816 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-03-29 01:09:44 581120 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-03-29 01:07:52 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-05 01:48:12 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-05 01:48:12 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-02-14 11:41:10 96768 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2013-02-14 11:40:58 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 22:02:07.15 ===============
--------------------------------------------