My browser(chrome) has been sending me to some strange places. Microsoft Security Essentials has also been detecting, and trying to remove, a handful of malware over the past couple days.
Exploit:Java/Blacole.A (and .W .X .Y .Z)
TrojanDownloader:Win32/unruy.H
PWS:Win32/Zbot
Exploit:HTML/IframeRef.Z
Thanks in advance.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by dave at 19:06:19 on 2011-10-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1925 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Users\dave\Local Settings\Apps\F.lux\flux.exe
C:\Users\dave\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [F.lux] "C:\Users\dave\Local Settings\Apps\F.lux\flux.exe" /noshow
mRun: [TaskTray]
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8A5B7EA7-69C6-4D61-9707-E019645F8BC7} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [TaskTray]
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\sp6bf1ab.default\
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\dave\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-28 366152]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-12-9 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Abyssus;Razer Abyssus;C:\Windows\system32\drivers\Abyssus.sys --> C:\Windows\system32\drivers\Abyssus.sys [?]
S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\dave\Downloads\RealTemp_360\WinRing0x64.sys [2008-7-26 14544]
.
=============== Created Last 30 ================
.
2011-10-30 00:36:17 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0CDDDB8-1D22-418C-B804-3EEE5E64619A}\offreg.dll
2011-10-29 03:25:11 -------- d-----w- C:\Users\dave\AppData\Roaming\Malwarebytes
2011-10-29 03:24:55 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-29 03:24:51 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-29 03:24:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-29 01:29:49 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0CDDDB8-1D22-418C-B804-3EEE5E64619A}\mpengine.dll
2011-10-27 17:41:08 175104 ----a-w- C:\Windows\SysWow64\SNx57.com_
2011-10-26 20:20:20 -------- d-----w- C:\Users\dave\AppData\Roaming\Ugdiy
2011-10-26 20:20:20 -------- d-----w- C:\Users\dave\AppData\Roaming\Ohwu
2011-10-26 07:14:03 -------- d-----we C:\Windows\system64
2011-10-25 18:36:37 -------- d-----w- C:\Users\dave\AppData\Local\Rockstar Games
2011-10-18 01:40:43 -------- d-----w- C:\Program Files (x86)\SopCast
2011-10-17 04:37:48 167936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{1B3A8AE1-15B0-4472-A22B-99BA0C2A8D3D}-Keygen.exe
2011-10-17 04:35:15 -------- d-----w- C:\Users\dave\AppData\Roaming\ChessBase
2011-10-17 04:35:08 -------- d-----w- C:\Users\dave\AppData\Local\ChessBase
2011-10-17 04:34:55 167936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{8A771CEF-7D74-4A77-A143-25518EFBDCBA}-Keygen.exe
2011-10-17 04:33:35 167936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A2554253-1712-460A-B296-9CD48B9BA113}-Keygen.exe
2011-10-17 04:33:00 167936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{F160E348-FD7D-4330-B5A9-E53D23BB4228}-Keygen.exe
2011-10-17 04:32:02 -------- d-----w- C:\ProgramData\ChessBase
2011-10-17 04:32:02 -------- d-----w- C:\Program Files (x86)\Common Files\ChessBase
2011-10-12 22:58:07 -------- d-----w- C:\Users\dave\AppData\Roaming\mm
2011-10-12 16:57:18 388096 ----a-r- C:\Users\dave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-12 16:57:16 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-10-12 16:44:27 -------- d-----w- C:\Users\dave\AppData\Local\Chromium
2011-10-12 16:44:04 -------- d-----w- C:\Users\dave\AppData\Local\Ubisoft Game Launcher
2011-10-12 16:41:51 -------- d-----w- C:\Users\dave\AppData\Roaming\Might & Magic Heroes VI
2011-10-12 00:43:59 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-10-12 00:43:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-10-12 00:43:58 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2011-10-12 00:43:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2011-10-11 23:07:04 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-11 23:07:03 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-11 23:07:03 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-11 23:07:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-11 23:07:02 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-11 23:06:40 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-11 23:06:40 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-11 23:06:40 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-11 23:06:40 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-11 22:47:58 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-10-11 22:43:41 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-11 22:43:40 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-11 22:43:36 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-11 22:43:30 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-11 22:43:19 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-11 22:43:18 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-11 22:43:06 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-11 22:43:02 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-11 22:43:01 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-11 22:43:00 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-11 22:43:00 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-11 22:41:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-11 22:41:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-11 22:41:58 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-11 22:41:57 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-11 22:41:57 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-11 22:41:57 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-11 22:41:54 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-11 22:41:52 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-11 22:41:48 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-11 22:41:47 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-11 22:41:46 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-11 22:41:46 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-10-11 22:41:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-11 00:37:31 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F715EEE6-5CD4-466E-B552-8DCC1633A8C9}\gapaengine.dll
2011-10-10 04:56:07 -------- d-----w- C:\Users\dave\AppData\Roaming\IObit
2011-10-10 04:55:56 -------- d-----w- C:\Program Files (x86)\IObit
2011-10-03 06:26:48 -------- d-----w- C:\Program Files (x86)\Boxee
2011-10-03 01:55:56 -------- d-----w- C:\Users\dave\AppData\Roaming\com.tametick.CardinalQuest
2011-10-03 01:55:53 -------- d-----w- C:\Program Files (x86)\cardinalquest
2011-10-03 01:53:42 -------- d-----w- C:\Users\dave\AppData\Local\Adobe
.
==================== Find3M ====================
.
2011-10-30 00:46:52 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 22:43:41 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-11 22:43:33 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-11 22:43:32 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-11 22:43:02 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-11 22:43:00 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-11 22:43:00 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-11 22:42:54 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-11 22:42:52 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-11 22:42:46 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-11 22:42:43 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-11 22:42:33 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-11 22:42:29 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-11 22:42:25 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-11 22:42:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-11 22:42:12 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-11 22:42:06 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-11 22:42:06 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-11 22:42:06 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-11 22:41:56 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-11 22:41:54 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-11 22:41:50 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-11 22:41:46 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-11 22:41:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-11 22:41:45 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-10 18:53:27 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-10 18:53:27 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-03 11:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-14 17:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 17:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 17:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 17:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 17:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 17:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-29 21:44:50 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-08-29 21:44:50 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-08-29 21:44:50 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-08-29 21:44:50 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-08-24 23:45:39 231440 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
.
============= FINISH: 19:07:10.17 ===============