Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Goggle search redirection in internet explorer


  • This topic is locked This topic is locked
18 replies to this topic

#1 aguyinqc

aguyinqc

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 01 March 2012 - 09:33 PM

I'm having a hard time removing a malware or something similar that causes page redirection when clicking on a link found in Google.

I don't know where to start or what you need to be able to help me. I ran a DDS.scr file which generated a log file that I have attached to this post.

Any help would be greatly appreciated !

Thanks

Attached Files

  • Attached File  DDS.txt   33.66KB   7 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 AM

Posted 03 March 2012 - 03:40 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 aguyinqc

aguyinqc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 03 March 2012 - 12:27 PM

Hi Gringo,

Ran the ComboFIX utility, everything went fine but I still have the redirecting problem which is random when clicking on Google results.

I've attached the ComboFIX log.

Thanks for helping !



ComboFix 12-03-02.01 - Serge 2012-03-03 11:42:43.5.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4094.2489 [GMT -5:00]
Lancé depuis: c:\users\Serge\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-03 au 2012-03-03 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-03 16:55 . 2012-03-03 16:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-01 20:44 . 2012-03-01 20:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-01 19:52 . 2012-03-01 19:52 -------- d-----w- c:\users\Serge\AppData\Roaming\ReelDealWildWestShootOut
2012-02-28 22:42 . 2012-02-28 22:42 -------- d-----w- c:\users\Serge\AppData\Local\iwin
2012-02-27 23:27 . 2012-02-27 23:27 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-27 23:23 . 2012-03-02 02:12 -------- d-----w- c:\programdata\Lavasoft
2012-02-27 23:15 . 2012-02-27 23:15 388096 ----a-r- c:\users\Serge\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-27 23:15 . 2012-02-27 23:15 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-27 22:41 . 2012-03-02 02:12 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-27 22:41 . 2012-03-02 02:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-27 22:20 . 2012-02-27 22:25 -------- d-----w- c:\program files (x86)\ImpotRapide 2008
2012-02-27 22:18 . 2012-02-27 22:18 -------- d-----w- c:\program files (x86)\Common Files\AnswerWorks 4.0
2012-02-27 22:18 . 2012-02-27 22:27 -------- d-----w- c:\program files (x86)\ImpotRapide 2009
2012-02-27 22:16 . 2012-02-27 22:28 -------- d-----w- c:\program files (x86)\ImpotRapide 2010
2012-02-27 16:00 . 2012-02-27 16:00 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-02-27 15:56 . 2012-02-27 15:56 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-02-27 15:56 . 2012-02-27 15:56 -------- d-----w- c:\program files\Symantec
2012-02-27 15:56 . 2012-02-27 15:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-02-27 15:55 . 2012-02-27 15:55 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-02-27 15:55 . 2012-02-27 15:55 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-02-27 15:55 . 2012-02-27 15:55 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-02-27 15:50 . 2012-02-27 15:57 -------- d-----w- c:\programdata\Norton
2012-02-26 18:23 . 2012-02-26 18:23 -------- d-----w- c:\programdata\rionix
2012-02-26 17:57 . 2012-02-26 17:57 -------- d-----w- c:\windows\SysWow64\2029
2012-02-26 17:56 . 2012-02-26 17:56 -------- d-----w- c:\windows\SysWow64\2086
2012-02-26 03:40 . 2012-02-28 16:36 -------- d-----w- c:\users\Serge\Tracing
2012-02-26 03:02 . 2012-02-26 03:02 -------- d-----w- c:\windows\fr
2012-02-26 03:00 . 2012-02-26 03:00 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-02-26 02:58 . 2012-02-26 03:00 -------- d-----w- c:\program files (x86)\Windows Live
2012-02-26 02:57 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2012-02-26 02:57 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2012-02-26 02:57 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-02-26 02:57 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-02-26 02:56 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-02-26 02:56 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-02-26 02:54 . 2012-03-02 14:24 -------- d-----w- c:\users\Serge\AppData\Local\Windows Live
2012-02-26 02:54 . 2012-02-26 02:54 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-02-24 01:27 . 2012-02-24 01:27 -------- d-----w- c:\programdata\Boss Media
2012-02-24 01:27 . 2012-02-24 01:27 -------- d-----w- c:\users\Serge\AppData\Local\Boss Media
2012-02-24 01:25 . 2012-02-24 01:25 -------- d-----w- c:\program files (x86)\Safari
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-24 01:24 . 2012-02-24 01:24 -------- d-----w- c:\program files (x86)\QuickTime
2012-02-21 02:19 . 2012-02-21 02:19 -------- d-----w- c:\program files (x86)\Games
2012-02-20 00:04 . 2012-02-20 00:04 -------- d-----w- c:\users\Serge\AppData\Roaming\Amulet_of_time
2012-02-19 19:25 . 2012-03-02 15:04 -------- d-----w- c:\users\Serge\AppData\Roaming\mIRC
2012-02-19 19:25 . 2012-02-19 19:25 -------- d-----w- c:\program files (x86)\mIRC
2012-02-17 02:26 . 2012-02-17 02:26 -------- d-----w- c:\users\Serge\AppData\Roaming\GameDevo
2012-02-17 02:22 . 2012-02-17 02:22 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-17 02:22 . 2012-02-17 02:22 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-17 02:22 . 2012-02-17 02:22 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-17 02:22 . 2012-02-17 02:22 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-17 02:22 . 2012-02-17 02:22 -------- d-----w- c:\program files (x86)\OpenAL
2012-02-17 02:20 . 2012-02-17 02:22 -------- d-----w- c:\program files (x86)\Malice - Two Sisters Survey
2012-02-17 02:14 . 2012-02-20 00:02 -------- d-----w- c:\program files (x86)\Foxy Games
2012-02-17 02:11 . 2012-02-17 02:11 -------- d-----w- c:\programdata\Big Fish Games
2012-02-17 02:11 . 2012-02-17 02:11 -------- d-----w- c:\program files (x86)\bfgclient
2012-02-17 02:10 . 2012-02-17 02:25 -------- d-----w- C:\BigFishGamesCache
2012-02-15 20:44 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 20:44 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 20:44 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 20:44 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 20:44 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 20:44 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 20:44 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 20:44 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 03:45 . 2010-06-24 15:10 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-02-15 03:45 . 2010-06-24 15:10 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-02-13 22:54 . 2010-08-02 21:19 31744 ----a-w- c:\windows\system32\drivers\lgandadb.sys
2012-02-13 22:54 . 2010-12-07 19:23 34304 ----a-w- c:\windows\system32\drivers\lgandmodem64.sys
2012-02-13 22:54 . 2010-12-07 19:23 27648 ----a-w- c:\windows\system32\drivers\lganddiag64.sys
2012-02-13 22:54 . 2010-12-07 19:23 27136 ----a-w- c:\windows\system32\drivers\lgandgps64.sys
2012-02-13 22:54 . 2010-12-07 19:22 19456 ----a-w- c:\windows\system32\drivers\lgandbus64.sys
2012-02-13 04:23 . 2012-02-25 14:00 -------- d-----w- c:\users\Serge\AppData\Roaming\funkitron
2012-02-11 17:47 . 2012-02-11 17:47 -------- d-----w- c:\program files (x86)\GotCLIP Downloader
2012-02-11 17:36 . 2012-02-11 17:39 -------- d-----w- c:\users\Serge\AppData\Roaming\BID
2012-02-11 17:36 . 2012-02-11 17:48 -------- d-----w- c:\program files (x86)\Bulk Image Downloader
2012-02-11 17:21 . 2012-02-11 17:23 -------- d-----w- c:\users\Serge\AppData\Roaming\Youtube Downloader HD
2012-02-11 17:20 . 2012-02-11 17:23 -------- d-----w- c:\program files (x86)\Youtube Downloader HD
2012-02-11 16:41 . 2012-02-11 16:41 -------- d-----w- c:\programdata\SSScan
2012-02-11 16:41 . 2012-02-11 16:41 -------- d-----w- c:\users\Serge\AppData\Local\SSScan
2012-02-11 16:40 . 2010-10-06 16:04 142128 ----a-w- c:\windows\wiainst64.exe
2012-02-11 16:40 . 2012-02-11 16:40 -------- d-----w- c:\windows\twain_64
2012-02-11 16:40 . 2010-05-20 19:08 280064 ----a-w- c:\windows\system32\snWIAMUI.dll
2012-02-11 02:53 . 2012-02-11 02:53 -------- d-----w- c:\program files (x86)\BitTorrent
2012-02-11 02:52 . 2012-02-28 02:57 -------- d-----w- c:\users\Serge\AppData\Roaming\BitTorrent
2012-02-08 02:48 . 2012-02-08 02:48 -------- d-----w- c:\users\Serge\AppData\Roaming\Alawar
2012-02-08 02:48 . 2012-02-08 02:48 -------- d-----w- c:\programdata\Alawar
2012-02-05 13:33 . 2012-02-05 13:35 -------- d-----w- c:\users\Serge\.jIRC
2012-02-04 19:29 . 2011-07-18 11:03 1919968 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2012-02-04 18:28 . 2012-02-04 19:33 -------- d-----w- c:\programdata\LGMOBILEAX
2012-02-04 17:03 . 2004-04-19 04:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-02-04 17:03 . 2004-04-19 04:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-02-04 17:03 . 2004-04-19 04:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-02-04 17:03 . 2004-04-19 04:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-02-04 17:03 . 2004-04-19 04:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-02-04 17:03 . 2012-02-04 17:03 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-02-04 17:03 . 2012-02-04 17:03 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-02-04 16:54 . 2012-02-04 16:55 -------- d-----w- c:\users\Serge\AppData\Roaming\GetRightToGo
2012-02-04 16:15 . 2012-02-04 16:15 -------- d-----w- C:\LGP999
2012-02-04 16:11 . 2012-02-04 16:50 -------- d-----w- C:\LG_USB
2012-02-04 14:46 . 2011-05-10 18:37 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2012-02-04 14:46 . 2011-05-10 18:37 568832 ----a-w- c:\windows\SysWow64\msvcp90.dll
2012-02-04 14:46 . 2011-05-10 18:37 224768 ----a-w- c:\windows\SysWow64\msvcm90.dll
2012-02-04 14:46 . 2006-05-04 13:33 53248 ----a-w- c:\windows\SysWow64\CommonDL.dll
2012-02-04 14:45 . 2012-02-13 22:54 -------- d-----w- c:\program files (x86)\LG Electronics
2012-02-04 03:47 . 2012-02-19 02:31 -------- d-----w- c:\users\Serge\AppData\Roaming\ERS Game Studios
2012-02-04 03:17 . 2012-02-04 03:17 -------- d-----w- c:\users\Serge\AppData\Local\Broadcom
2012-02-04 03:16 . 2009-09-17 16:56 21160 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-02-04 03:16 . 2009-09-17 16:56 35104 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-02-04 03:16 . 2009-09-17 16:56 132648 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-02-04 03:16 . 2009-09-17 16:56 98344 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-02-04 03:15 . 2012-02-04 03:15 -------- d-----w- c:\program files\WIDCOMM
2012-02-04 03:15 . 2012-02-04 03:15 -------- d-----w- c:\program files\DIFX
2012-02-04 03:13 . 2012-02-04 03:13 -------- d-----w- C:\system.sav
2012-02-04 03:07 . 2012-02-04 03:07 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-02-04 02:10 . 2012-02-04 02:10 -------- d-----w- c:\program files\Unknown Device Identifier
2012-02-03 18:57 . 2012-02-03 18:57 -------- d-----w- c:\program files (x86)\Belarc
2012-02-03 17:03 . 2012-02-03 17:03 -------- d-----w- c:\users\UpdatusUser
2012-02-03 17:03 . 2012-02-03 17:03 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 02:57 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-31 12:44 . 2012-01-23 20:56 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 20:42 . 2012-01-25 20:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-24 22:46 . 2012-01-24 22:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-24 05:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-24 05:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-23 21:57 . 2012-01-23 21:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-23 21:57 . 2012-01-23 21:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-23 21:57 . 2012-01-23 21:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-23 21:57 . 2012-01-23 21:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-23 21:57 . 2012-01-23 21:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-23 21:57 . 2012-01-23 21:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-23 21:57 . 2012-01-23 21:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-23 21:57 . 2012-01-23 21:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-23 21:57 . 2012-01-23 21:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-23 21:57 . 2012-01-23 21:57 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-23 21:57 . 2012-01-23 21:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-23 21:57 . 2012-01-23 21:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-23 21:57 . 2012-01-23 21:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-23 21:57 . 2012-01-23 21:57 448512 ----a-w- c:\windows\system32\html.iec
2012-01-23 21:57 . 2012-01-23 21:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-23 21:57 . 2012-01-23 21:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-23 21:57 . 2012-01-23 21:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-23 21:57 . 2012-01-23 21:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-23 21:57 . 2012-01-23 21:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-23 21:57 . 2012-01-23 21:57 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-23 21:57 . 2012-01-23 21:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-23 21:57 . 2012-01-23 21:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-23 21:57 . 2012-01-23 21:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-23 21:57 . 2012-01-23 21:57 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-23 21:57 . 2012-01-23 21:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-23 21:57 . 2012-01-23 21:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-23 21:57 . 2012-01-23 21:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-23 21:57 . 2012-01-23 21:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-23 21:57 . 2012-01-23 21:57 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-23 21:57 . 2012-01-23 21:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-23 21:57 . 2012-01-23 21:57 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-23 21:57 . 2012-01-23 21:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-23 21:57 . 2012-01-23 21:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-23 21:57 . 2012-01-23 21:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-23 20:23 . 2012-01-23 20:23 315392 ----a-w- c:\windows\HideWin.exe
2012-01-17 09:39 . 2012-01-24 15:00 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D8543C8-5EAC-4C5E-9DE8-6B282948026D}\mpengine.dll
2012-01-11 21:07 . 2012-01-11 21:07 118784 ----a-w- c:\windows\SysWow64\formodpar.exe
2011-12-23 17:07 . 2011-12-23 17:07 1712201 ----a-w- c:\windows\SysWow64\InetClnt.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{316723C4-4E4A-01D3-7723-2F122F4F5815}]
2009-07-14 01:16 73728 ----a-w- c:\windows\SysWOW64\PortableDeviceWMDRRM.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{521A0DD6-456A-6ADF-543B-4241076D59AD}]
2009-07-14 01:16 73728 ----a-w- c:\windows\SysWOW64\vaultclii.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 910208]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"messagepdf"="c:\windows\system32\14R7PBCHMO92KFL1IPJP14\formodpar.exe" [2012-01-11 118784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-09-24 614400]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-12-10 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-12-10 821144]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-11-21 234792]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2011-11-28 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120303.003\IDSvia64.sys [2012-02-24 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1305000.091\SYMNETS.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-11-21 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-11-11 75048]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-11-11 292136]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-29 138248]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-11-21 75248]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-27 138360]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-02-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1365876331-3669831383-1828126602-1001Core.job
- c:\users\Serge\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-11 05:23]
.
2012-03-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1365876331-3669831383-1828126602-1001UA.job
- c:\users\Serge\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-11 05:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1702400]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ajouter cette page à la file d'attente de BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à la file d'attente le lien ciblé - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Ouvrir cette page avec BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Ouvrir cette page avec BID Link Explorer - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Ouvrir le lien ciblé avec BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
TCP: DhcpNameServer = 24.200.243.189 24.200.210.241 24.200.228.113
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files (x86)\ImpotRapide 2008\ic2008pp.dll
Handler: intu-ir2011 - {DFF68B15-A8D3-420b-B32C-E9554E2F5C15} - c:\program files (x86)\ImpotRapide 2011\ic2011pp.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Chocolatier 2 - Secret Ingredients % CompanyName% - c:\program files (x86)\Chocolatier 2 - Secret Ingredients\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-03-03 12:21:57
ComboFix-quarantined-files.txt 2012-03-03 17:21
ComboFix2.txt 2012-03-02 02:02
.
Avant-CF: 142 956 810 240 octets libres
Après-CF: 142 699 458 560 octets libres
.
- - End Of File - - 6AB6B639CA166017EC67FE885775D934

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 AM

Posted 03 March 2012 - 12:32 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 aguyinqc

aguyinqc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 03 March 2012 - 02:33 PM

Hi,

Nothing found with TDSSkiller.... when I try to scan using the aswMBR tool, it hangs while scanning at the same place. As a result, I'm not able to save the log file. However I was able to do a screen capture which I'm sending you.

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 AM

Posted 03 March 2012 - 02:53 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 aguyinqc

aguyinqc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 03 March 2012 - 03:05 PM

Here are the results :

OTL logfile created on: 2012-03-03 14:59:46 - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Serge\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c0c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,15% Memory free
8,00 Gb Paging File | 6,34 Gb Available in Paging File | 79,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,93 Gb Total Space | 131,73 Gb Free Space | 46,23% Space Free | Partition Type: NTFS
Drive D: | 13,16 Gb Total Space | 2,65 Gb Free Space | 20,17% Space Free | Partition Type: NTFS
Drive E: | 580,20 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 14,89 Gb Total Space | 14,70 Gb Free Space | 98,67% Space Free | Partition Type: FAT32

Computer Name: SERGE-PC | User Name: Serge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Serge\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\AcroIEFavClient.FRA ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\AcroTray.FRA ()
MOD - C:\Windows\SysWOW64\KBDDGR1.DLL ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Windows\SysWOW64\vaultclii.dll ()
MOD - C:\Windows\SysWOW64\PortableDeviceWMDRRM.dll ()
MOD - C:\Windows\SysWOW64\NlsLexiicons0816.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe (Symantec Corporation)
SRV - (CLHNServiceForPowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\lgandadb.sys (Google Inc)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\smserial.sys (Motorola Inc.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (MODEMCSA) -- C:\Windows\SysNative\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (HpqRemHid) -- C:\Windows\SysNative\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120302.017\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120302.017\eng64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120303.003\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120215.001\BHDrvx64.sys (Symantec Corporation)
DRV - (ntk_PowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (Cyberlink Corp.)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1365876331-3669831383-1828126602-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/defaultf.aspx?lang=fr-ca&OCID=iehp
IE - HKU\S-1-5-21-1365876331-3669831383-1828126602-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-CA
IE - HKU\S-1-5-21-1365876331-3669831383-1828126602-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 F9 53 31 72 F9 CC 01 [binary data]
IE - HKU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1365876331-3669831383-1828126602-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1365876331-3669831383-1828126602-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Serge\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-02-11 00:56:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012-02-27 10:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012-03-03 14:01:00 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008-04-03 20:46:27 | 000,000,922 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activation.quicken.ca
O1 - Hosts: 127.0.0.1 activation.fr.quicken.ca
O1 - Hosts: 127.0.0.1 activation.intuit.ca
O1 - Hosts: 127.0.0.1 activation.quicktax.ca
O1 - Hosts: 127.0.0.1 docs.quicktaxweb.ca
O1 - Hosts: 127.0.0.1 ps.intuitcanada.com
O1 - Hosts: 127.0.0.1 support.intuitcanada.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {316723C4-4E4A-01D3-7723-2F122F4F5815} - C:\Windows\SysWOW64\PortableDeviceWMDRRM.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {521A0DD6-456A-6ADF-543B-4241076D59AD} - C:\Windows\SysWOW64\vaultclii.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1365876331-3669831383-1828126602-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1365876331-3669831383-1828126602-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [messagepdf] C:\Windows\SysWow64\14R7PBCHMO92KFL1IPJP14\formodpar.exe ()
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKU\S-1-5-21-1365876331-3669831383-1828126602-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1365876331-3669831383-1828126602-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1365876331-3669831383-1828126602-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1365876331-3669831383-1828126602-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1365876331-3669831383-1828126602-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Ajouter à la file d'attente le lien ciblé - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8:64bit: - Extra context menu item: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ajouter cette page à la file d'attente de BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8:64bit: - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Ouvrir cette page avec BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm ()
O8:64bit: - Extra context menu item: Ouvrir cette page avec BID Link Explorer - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O8:64bit: - Extra context menu item: Ouvrir le lien ciblé avec BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Ajouter à la file d'attente le lien ciblé - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ajouter cette page à la file d'attente de BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Ouvrir cette page avec BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Ouvrir cette page avec BID Link Explorer - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O8 - Extra context menu item: Ouvrir le lien ciblé avec BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.243.189 24.200.210.241 24.200.228.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7C840BF-3126-4DE9-BC12-1B032BD47E33}: DhcpNameServer = 24.200.243.189 24.200.210.241 24.200.228.113
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\intu-ir2008 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-ir2009 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-ir2010 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-ir2011 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-ir2008 {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - C:\Program Files (x86)\ImpotRapide 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-ir2009 {E4616804-F2F8-4839-B728-5305004DA6A7} - C:\Program Files (x86)\ImpotRapide 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-ir2010 {A344EB2D-3A0F-48fa-A073-2E649BAEC9B3} - C:\Program Files (x86)\ImpotRapide 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-ir2011 {DFF68B15-A8D3-420b-B32C-E9554E2F5C15} - C:\Program Files (x86)\ImpotRapide 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-09-11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006-09-28 17:15:29 | 000,000,056 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-03-03 14:58:54 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Users\Serge\Desktop\OTL.exe
[2012-03-03 13:59:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-03-03 12:52:34 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Serge\Desktop\aswMBR.exe
[2012-03-03 12:52:20 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Serge\Desktop\tdsskiller.exe
[2012-03-03 11:40:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-03-03 11:40:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-03-03 11:40:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-03-03 11:40:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-03-02 09:24:21 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{7B679783-FBDB-49F0-A44D-814C516C74A4}
[2012-03-02 09:24:17 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{C4B593AA-0A61-4F15-8806-8374257BCCAE}
[2012-03-01 21:02:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-03-01 18:25:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-03-01 15:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012-03-01 14:52:19 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\ReelDealWildWestShootOut
[2012-03-01 09:25:23 | 000,000,000 | ---D | C] -- C:\Users\Serge\Documents\Mes fichiers reçus
[2012-03-01 09:09:14 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{6E54E8EF-4A1D-4937-B67E-917EA5201437}
[2012-03-01 09:09:09 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{8677ADA5-E702-423B-A89A-B94F527094B6}
[2012-03-01 09:09:09 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{6DB6168B-E39D-486D-BB79-5379ED3E1EBD}
[2012-02-28 17:42:51 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\iwin
[2012-02-28 17:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deal Or No Deal
[2012-02-28 11:39:16 | 004,424,615 | R--- | C] (Swearware) -- C:\Users\Serge\Desktop\ComboFix.exe
[2012-02-28 10:06:51 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{18AEBBCC-029C-4855-9650-EA4068A7A91B}
[2012-02-27 22:06:23 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{06940DC7-4735-4D1F-A918-4CCD97AFCC5A}
[2012-02-27 22:06:14 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{4477F146-6E63-48AF-9DBD-EB18058FE75B}
[2012-02-27 19:08:06 | 000,000,000 | ---D | C] -- C:\Users\Serge\Desktop\impot
[2012-02-27 18:27:14 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012-02-27 18:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012-02-27 18:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012-02-27 18:15:14 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-02-27 17:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012-02-27 17:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012-02-27 17:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImpotRapide 2008
[2012-02-27 17:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 4.0
[2012-02-27 17:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImpotRapide 2009
[2012-02-27 17:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImpotRapide 2010
[2012-02-27 11:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012-02-27 10:57:58 | 000,000,000 | ---D | C] -- C:\Users\Serge\Documents\Symantec
[2012-02-27 10:56:24 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012-02-27 10:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012-02-27 10:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012-02-27 10:56:02 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys
[2012-02-27 10:56:01 | 001,092,728 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymEFA64.sys
[2012-02-27 10:56:01 | 000,738,936 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys
[2012-02-27 10:56:01 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymDS64.sys
[2012-02-27 10:56:01 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Ironx64.sys
[2012-02-27 10:56:01 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccSetx64.sys
[2012-02-27 10:56:01 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys
[2012-02-27 10:55:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012-02-27 10:55:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1305000.091
[2012-02-27 10:55:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012-02-27 10:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012-02-27 10:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012-02-27 10:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012-02-27 10:50:52 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012-02-27 10:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012-02-27 09:56:34 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{4BCC11EB-390D-4E86-9A40-64417F19227E}
[2012-02-27 09:56:30 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{5B20BA59-B5A3-4E64-9155-4157E265475B}
[2012-02-26 13:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\rionix
[2012-02-26 13:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\New Yankee in King Arthurs Court
[2012-02-26 12:57:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\2029
[2012-02-26 12:56:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\2086
[2012-02-26 11:50:30 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{B33AA28D-34BE-48C8-BE53-D6959A271D15}
[2012-02-26 11:50:19 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{5D735E0A-A87E-46C8-AC71-003F77760AE1}
[2012-02-25 22:41:11 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{5FFF2C2A-B175-4848-BEBC-201539EEC6F2}
[2012-02-25 22:40:59 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\{13ED3BCF-C4F0-4A4A-8DEE-EE5106314F52}
[2012-02-25 22:40:46 | 000,000,000 | ---D | C] -- C:\Users\Serge\Tracing
[2012-02-25 22:02:24 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012-02-25 22:00:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012-02-25 21:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012-02-25 21:57:19 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012-02-25 21:57:19 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012-02-25 21:57:18 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012-02-25 21:57:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012-02-25 21:56:44 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012-02-25 21:56:44 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012-02-25 21:54:57 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\Windows Live
[2012-02-25 21:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012-02-23 20:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Boss Media
[2012-02-23 20:27:51 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\Boss Media
[2012-02-23 20:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2012-02-23 20:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012-02-23 20:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012-02-23 18:24:43 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\wlast
[2012-02-20 21:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games
[2012-02-19 19:04:17 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\Amulet_of_time
[2012-02-19 19:02:30 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amulet of Time - Shadow of la Rochelle
[2012-02-19 14:25:54 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\mIRC
[2012-02-19 14:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2012-02-19 14:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2012-02-18 21:40:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-02-18 21:40:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-02-18 21:40:15 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-02-18 21:40:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-02-18 21:40:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-02-18 21:40:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-02-18 21:40:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-02-18 21:40:13 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-02-18 21:40:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-02-18 21:40:12 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-02-18 21:40:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-02-18 21:30:07 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maestro 2- Notes of Life - Standard With Guide
[2012-02-16 21:26:52 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\GameDevo
[2012-02-16 21:23:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012-02-16 21:22:04 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012-02-16 21:22:04 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012-02-16 21:22:04 | 000,122,904 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012-02-16 21:22:04 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012-02-16 21:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012-02-16 21:20:08 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malice - Two Sisters Survey
[2012-02-16 21:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malice - Two Sisters Survey
[2012-02-16 21:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malice - Two Sisters Survey
[2012-02-16 21:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxy Games
[2012-02-16 21:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2012-02-16 21:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2012-02-16 21:10:39 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2012-02-15 15:44:34 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012-02-15 15:44:33 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012-02-15 15:44:33 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012-02-15 15:44:26 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012-02-14 22:57:11 | 000,000,000 | ---D | C] -- C:\Users\Serge\Desktop\Nouveau dossier (4)
[2012-02-14 22:45:57 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2012-02-14 22:45:57 | 000,708,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller.dll
[2012-02-13 17:54:18 | 000,031,744 | ---- | C] (Google Inc) -- C:\Windows\SysNative\drivers\lgandadb.sys
[2012-02-13 17:54:16 | 000,034,304 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgandmodem64.sys
[2012-02-13 17:54:15 | 000,027,648 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lganddiag64.sys
[2012-02-13 17:54:15 | 000,027,136 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgandgps64.sys
[2012-02-13 17:54:15 | 000,019,456 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgandbus64.sys
[2012-02-12 23:23:44 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\funkitron
[2012-02-11 12:49:13 | 000,000,000 | ---D | C] -- C:\Users\Serge\Documents\Bulk Image Downloader
[2012-02-11 12:47:46 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GotCLIP Downloader
[2012-02-11 12:47:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GotCLIP Downloader
[2012-02-11 12:36:16 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\BID
[2012-02-11 12:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Image Downloader
[2012-02-11 12:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bulk Image Downloader
[2012-02-11 12:21:00 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\Youtube Downloader HD
[2012-02-11 12:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD
[2012-02-11 12:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Youtube Downloader HD
[2012-02-11 11:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SSScan
[2012-02-11 11:41:12 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\SSScan
[2012-02-11 11:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
[2012-02-11 11:40:43 | 000,000,000 | ---D | C] -- C:\Windows\twain_64
[2012-02-11 11:40:17 | 000,280,064 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\snWIAMUI.dll
[2012-02-11 01:05:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 11
[2012-02-11 01:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012-02-11 01:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012-02-11 00:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012-02-11 00:24:30 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\NVIDIA
[2012-02-11 00:23:35 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\Facebook
[2012-02-10 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\MediaShow
[2012-02-10 23:31:58 | 000,000,000 | ---D | C] -- C:\Users\Serge\Documents\CyberLink
[2012-02-10 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\MediaServer
[2012-02-10 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2012-02-10 23:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2012-02-10 23:30:33 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\CyberLink
[2012-02-10 23:30:27 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\CyberLink
[2012-02-10 23:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012-02-10 23:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012-02-10 21:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2012-02-10 21:52:21 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\BitTorrent
[2012-02-07 21:48:44 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\Alawar
[2012-02-07 21:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar
[2012-02-05 08:33:26 | 000,000,000 | ---D | C] -- C:\Users\Serge\.jIRC
[2012-02-04 14:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
[2012-02-04 14:29:44 | 001,919,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdfcoinstaller01005.dll
[2012-02-04 13:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2012-02-04 11:54:47 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\GetRightToGo
[2012-02-04 11:54:47 | 000,000,000 | ---D | C] -- C:\Users\Serge\Documents\Downloads
[2012-02-04 11:15:17 | 000,000,000 | ---D | C] -- C:\LGP999
[2012-02-04 11:11:54 | 000,000,000 | ---D | C] -- C:\LG_USB
[2012-02-04 09:46:29 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr90.dll
[2012-02-04 09:46:29 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp90.dll
[2012-02-04 09:46:29 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcm90.dll
[2012-02-04 09:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2012-02-03 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\ERS Game Studios
[2012-02-03 22:20:38 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Périphériques Bluetooth
[2012-02-03 22:17:30 | 000,000,000 | ---D | C] -- C:\Users\Serge\Documents\Dossier Echanges Bluetooth
[2012-02-03 22:17:30 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\Broadcom
[2012-02-03 22:16:08 | 000,132,648 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys
[2012-02-03 22:16:08 | 000,098,344 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys
[2012-02-03 22:16:08 | 000,035,104 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys
[2012-02-03 22:16:08 | 000,021,160 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys
[2012-02-03 22:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2012-02-03 22:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012-02-03 22:13:49 | 000,000,000 | ---D | C] -- C:\system.sav
[2012-02-03 22:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2012-02-03 21:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown Device Identifier 8.00
[2012-02-03 21:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Unknown Device Identifier
[2012-02-03 13:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2012-02-03 12:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012-02-03 12:02:54 | 003,074,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012-02-03 12:02:54 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2012-02-03 12:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012-02-03 11:58:04 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012-02-03 11:58:04 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012-02-03 11:58:04 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012-02-03 11:58:04 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012-02-03 11:58:04 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012-02-03 11:58:04 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012-02-03 11:58:04 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012-02-03 11:58:03 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012-02-03 11:58:03 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012-02-03 11:58:03 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012-02-03 11:58:03 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012-02-03 11:58:03 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012-02-03 11:58:03 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012-02-03 11:58:03 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012-02-03 11:58:03 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012-02-03 11:58:03 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012-02-03 11:58:03 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012-02-03 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012-02-03 11:56:55 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012-02-03 11:05:18 | 001,071,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpluir.dll
[2012-02-03 11:05:18 | 000,388,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvexpbar.dll
[2012-02-02 15:26:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

========== Files - Modified Within 30 Days ==========

[2012-03-03 14:58:58 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Serge\Desktop\OTL.exe
[2012-03-03 14:06:31 | 000,014,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-03 14:06:31 | 000,014,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-03 13:59:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-03 13:59:06 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2012-03-03 12:52:42 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Serge\Desktop\aswMBR.exe
[2012-03-03 12:52:20 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Serge\Desktop\tdsskiller.exe
[2012-03-03 12:28:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1365876331-3669831383-1828126602-1001UA.job
[2012-03-01 21:08:31 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012-03-01 18:29:57 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012-03-01 18:29:57 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012-02-28 17:42:13 | 000,001,200 | ---- | M] () -- C:\Users\Public\Desktop\Deal Or No Deal.lnk
[2012-02-28 11:39:16 | 004,424,615 | R--- | M] (Swearware) -- C:\Users\Serge\Desktop\ComboFix.exe
[2012-02-27 22:00:44 | 000,419,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-02-27 19:04:28 | 000,345,600 | ---- | M] () -- C:\Users\Serge\Desktop\impot.exe
[2012-02-27 18:27:14 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012-02-27 18:24:17 | 002,125,276 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012-02-27 18:15:14 | 000,002,975 | ---- | M] () -- C:\Users\Serge\Desktop\HiJackThis.lnk
[2012-02-27 17:20:46 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\ImpôtRapide 2008.lnk
[2012-02-27 17:18:40 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\ImpôtRapide 2009.lnk
[2012-02-27 17:16:07 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\ImpôtRapide 2010.lnk
[2012-02-27 16:33:43 | 000,050,575 | ---- | M] () -- C:\Users\Serge\Documents\billets madonna.pdf
[2012-02-27 10:59:33 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\VT20111023.022
[2012-02-27 10:56:24 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012-02-27 10:56:24 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012-02-27 10:56:24 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012-02-27 10:56:15 | 000,002,588 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012-02-27 10:55:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-02-27 10:55:31 | 000,702,600 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012-02-27 10:55:31 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-02-27 10:55:31 | 000,130,274 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012-02-27 10:55:31 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-02-27 10:50:53 | 000,001,298 | ---- | M] () -- C:\Users\Serge\Desktop\Fichiers d’installation Norton.lnk
[2012-02-26 13:22:27 | 000,001,338 | ---- | M] () -- C:\Users\Public\Desktop\New Yankee in King Arthurs Court.lnk
[2012-02-26 00:28:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1365876331-3669831383-1828126602-1001Core.job
[2012-02-23 20:25:46 | 000,002,515 | ---- | M] () -- C:\Users\Serge\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012-02-23 20:25:46 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012-02-23 20:24:29 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012-02-20 21:19:56 | 000,002,246 | ---- | M] () -- C:\Users\Serge\Desktop\Aaron Crane Paintings Come Alive.lnk
[2012-02-20 18:43:59 | 001,556,228 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-02-19 19:02:30 | 000,002,368 | ---- | M] () -- C:\Users\Serge\Desktop\Amulet of Time - Shadow of la Rochelle.lnk
[2012-02-19 14:25:54 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2012-02-18 21:30:18 | 000,002,482 | ---- | M] () -- C:\Users\Serge\Desktop\Maestro 2- Notes of Life.lnk
[2012-02-16 21:23:25 | 578,189,269 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012-02-16 21:22:04 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012-02-16 21:22:04 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012-02-16 21:22:04 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012-02-16 21:22:04 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012-02-16 21:21:25 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Play Malice - Two Sisters Survey.lnk
[2012-02-14 22:49:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012-02-11 12:48:45 | 000,001,137 | ---- | M] () -- C:\Users\Serge\Desktop\BID Queue Manager.lnk
[2012-02-11 12:48:45 | 000,001,071 | ---- | M] () -- C:\Users\Serge\Desktop\Bulk Image Downloader.lnk
[2012-02-11 12:25:41 | 102,933,364 | ---- | M] () -- C:\Users\Serge\Documents\Nicki Minaj - Super Bass_(1080p).mp4
[2012-02-11 12:23:32 | 000,001,157 | ---- | M] () -- C:\Users\Serge\Desktop\Youtube Downloader HD.lnk
[2012-02-11 11:55:10 | 000,061,437 | ---- | M] () -- C:\Users\Serge\Documents\CADM.jpg
[2012-02-11 11:55:09 | 000,063,940 | ---- | M] () -- C:\Users\Serge\Documents\BACC.jpg
[2012-02-11 11:47:20 | 000,116,281 | ---- | M] () -- C:\Users\Serge\Documents\Diplômes.pdf
[2012-02-11 11:46:30 | 000,054,217 | ---- | M] () -- C:\Users\Serge\Documents\Sans titre1.pdf
[2012-02-11 11:46:24 | 000,063,511 | ---- | M] () -- C:\Users\Serge\Documents\Sans titre.pdf
[2012-02-11 01:05:25 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 11.lnk
[2012-02-11 00:58:03 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012-02-10 21:53:10 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012-02-04 15:25:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2012-02-03 22:16:17 | 000,000,892 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012-02-03 13:57:37 | 000,002,092 | ---- | M] () -- C:\Users\Serge\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012-02-03 13:57:37 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012-02-03 11:25:09 | 000,042,095 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012-02-03 11:18:01 | 000,042,095 | ---- | M] () -- C:\ProgramData\nvModes.001

========== Files Created - No Company Name ==========

[2012-03-03 11:40:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-03-03 11:40:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-03-03 11:40:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-03-03 11:40:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-03-03 11:40:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-03-01 18:29:57 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012-03-01 18:29:57 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012-02-28 17:42:13 | 000,001,200 | ---- | C] () -- C:\Users\Public\Desktop\Deal Or No Deal.lnk
[2012-02-27 19:04:28 | 000,345,600 | ---- | C] () -- C:\Users\Serge\Desktop\impot.exe
[2012-02-27 18:15:14 | 000,002,975 | ---- | C] () -- C:\Users\Serge\Desktop\HiJackThis.lnk
[2012-02-27 17:20:45 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\ImpôtRapide 2008.lnk
[2012-02-27 17:18:38 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\ImpôtRapide 2009.lnk
[2012-02-27 17:16:06 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\ImpôtRapide 2010.lnk
[2012-02-27 16:29:15 | 000,050,575 | ---- | C] () -- C:\Users\Serge\Documents\billets madonna.pdf
[2012-02-27 10:59:54 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\VT20111023.022
[2012-02-27 10:56:28 | 002,125,276 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012-02-27 10:56:24 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012-02-27 10:56:24 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012-02-27 10:56:15 | 000,002,588 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012-02-27 10:55:54 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymDS64.cat
[2012-02-27 10:55:54 | 000,007,468 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccSetx64.cat
[2012-02-27 10:55:54 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.cat
[2012-02-27 10:55:54 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymEFA64.cat
[2012-02-27 10:55:54 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnet64.cat
[2012-02-27 10:55:54 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.cat
[2012-02-27 10:55:54 | 000,007,450 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\iron.cat
[2012-02-27 10:55:54 | 000,004,782 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymVTcer.dat
[2012-02-27 10:55:54 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymEFA.inf
[2012-02-27 10:55:54 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymDS.inf
[2012-02-27 10:55:54 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymNet.inf
[2012-02-27 10:55:54 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.inf
[2012-02-27 10:55:54 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.inf
[2012-02-27 10:55:54 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccSetx64.inf
[2012-02-27 10:55:54 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Iron.inf
[2012-02-27 10:55:54 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
[2012-02-27 10:50:52 | 000,001,298 | ---- | C] () -- C:\Users\Serge\Desktop\Fichiers d’installation Norton.lnk
[2012-02-26 13:22:27 | 000,001,338 | ---- | C] () -- C:\Users\Public\Desktop\New Yankee in King Arthurs Court.lnk
[2012-02-25 22:01:36 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012-02-25 22:01:02 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012-02-25 22:00:23 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012-02-23 20:25:46 | 000,002,515 | ---- | C] () -- C:\Users\Serge\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012-02-23 20:25:46 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012-02-23 20:25:46 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012-02-23 20:24:29 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012-02-20 21:19:56 | 000,002,246 | ---- | C] () -- C:\Users\Serge\Desktop\Aaron Crane Paintings Come Alive.lnk
[2012-02-19 19:02:30 | 000,002,368 | ---- | C] () -- C:\Users\Serge\Desktop\Amulet of Time - Shadow of la Rochelle.lnk
[2012-02-19 14:25:54 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2012-02-18 21:30:18 | 000,002,482 | ---- | C] () -- C:\Users\Serge\Desktop\Maestro 2- Notes of Life.lnk
[2012-02-16 21:23:25 | 578,189,269 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012-02-16 21:21:25 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\Play Malice - Two Sisters Survey.lnk
[2012-02-16 21:11:30 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2012-02-16 21:11:30 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2012-02-14 22:49:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012-02-11 12:36:14 | 000,001,137 | ---- | C] () -- C:\Users\Serge\Desktop\BID Queue Manager.lnk
[2012-02-11 12:36:14 | 000,001,071 | ---- | C] () -- C:\Users\Serge\Desktop\Bulk Image Downloader.lnk
[2012-02-11 12:23:45 | 102,933,364 | ---- | C] () -- C:\Users\Serge\Documents\Nicki Minaj - Super Bass_(1080p).mp4
[2012-02-11 12:20:55 | 000,001,157 | ---- | C] () -- C:\Users\Serge\Desktop\Youtube Downloader HD.lnk
[2012-02-11 11:55:10 | 000,061,437 | ---- | C] () -- C:\Users\Serge\Documents\CADM.jpg
[2012-02-11 11:55:09 | 000,063,940 | ---- | C] () -- C:\Users\Serge\Documents\BACC.jpg
[2012-02-11 11:47:20 | 000,116,281 | ---- | C] () -- C:\Users\Serge\Documents\Diplômes.pdf
[2012-02-11 11:46:30 | 000,054,217 | ---- | C] () -- C:\Users\Serge\Documents\Sans titre1.pdf
[2012-02-11 11:46:24 | 000,063,511 | ---- | C] () -- C:\Users\Serge\Documents\Sans titre.pdf
[2012-02-11 11:40:58 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe
[2012-02-11 01:05:25 | 000,002,192 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 11.lnk
[2012-02-11 00:58:03 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012-02-11 00:58:02 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012-02-11 00:58:02 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012-02-11 00:23:41 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1365876331-3669831383-1828126602-1001UA.job
[2012-02-11 00:23:40 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1365876331-3669831383-1828126602-1001Core.job
[2012-02-10 21:53:10 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012-02-04 15:25:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2012-02-04 09:46:24 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012-02-04 09:46:24 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012-02-03 22:15:55 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012-02-03 13:57:37 | 000,002,092 | ---- | C] () -- C:\Users\Serge\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012-02-03 13:57:37 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2012-02-03 13:57:37 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012-02-03 11:58:04 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012-02-03 11:58:03 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvvcompiler.dll
[2012-02-03 11:05:38 | 000,042,095 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012-02-03 11:05:37 | 000,042,095 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012-01-31 08:42:08 | 000,080,384 | ---- | C] () -- C:\Windows\smgrinst.exe
[2012-01-31 08:42:02 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe
[2012-01-31 08:40:26 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012-01-26 19:53:29 | 000,000,120 | ---- | C] () -- C:\Windows\inst20.dat
[2012-01-26 19:53:29 | 000,000,034 | ---- | C] () -- C:\Windows\instusers20.dat
[2012-01-24 18:12:23 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-01-24 16:55:59 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012-01-24 16:55:59 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012-01-24 16:55:59 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012-01-24 16:55:59 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012-01-24 16:55:59 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012-01-24 16:55:59 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012-01-24 16:55:59 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012-01-24 16:55:59 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012-01-24 16:55:59 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012-01-24 16:55:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012-01-24 16:55:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012-01-24 16:55:59 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012-01-24 16:55:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012-01-24 16:55:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012-01-24 16:55:59 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012-01-24 16:55:59 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012-01-23 23:55:03 | 000,196,608 | ---- | C] () -- C:\Windows\SysWow64\KBDDGR1.DLL
[2012-01-11 16:07:44 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\formodpar.exe
[2011-05-16 12:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:D9C49B45
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:4CD3F344
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:728B799F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E3D8C69A

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 AM

Posted 03 March 2012 - 03:26 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O4 - HKU\S-1-5-21-1365876331-3669831383-1828126602-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O8:64bit: - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
    O8:64bit: - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
    O18:64bit: - Protocol\Handler\belarc - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-ir2008 - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-ir2009 - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-ir2010 - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-ir2011 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:D9C49B45
    @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:4CD3F344
    @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:1CE11B51
    @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:728B799F
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E3D8C69A    
    MOD - C:\Windows\SysWOW64\KBDDGR1.DLL ()
    MOD - C:\Windows\SysWOW64\vaultclii.dll ()
    :Files
    C:\Windows\SysWOW64\KBDDGR1.DLL
    C:\Windows\SysWOW64\vaultclii.dll
    C:\Windows\SysWow64\formodpar.exe
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 aguyinqc

aguyinqc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 03 March 2012 - 04:39 PM

Hi,

Here is the log file... everything is working great now.... no more redirects !

Can you tell me what was the problem ?

Thanks alot for your help Gringo !

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1365876331-3669831383-1828126602-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Envoyer à OneNote\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xporter vers Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Envoyer à OneNote\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xporter vers Microsoft Excel\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully.
File Protocol\Handler\belarc - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-ir2008\ deleted successfully.
File Protocol\Handler\intu-ir2008 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-ir2009\ deleted successfully.
File Protocol\Handler\intu-ir2009 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-ir2010\ deleted successfully.
File Protocol\Handler\intu-ir2010 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-ir2011\ deleted successfully.
File Protocol\Handler\intu-ir2011 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\TEMP:D9C49B45 deleted successfully.
ADS C:\ProgramData\TEMP:4CD3F344 deleted successfully.
ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.
ADS C:\ProgramData\TEMP:728B799F deleted successfully.
ADS C:\ProgramData\TEMP:E3D8C69A deleted successfully.
========== FILES ==========
C:\Windows\SysWOW64\KBDDGR1.DLL moved successfully.
C:\Windows\SysWOW64\vaultclii.dll moved successfully.
C:\Windows\SysWow64\formodpar.exe moved successfully.
< ipconfig /flushdns /c >
Configuration IP de Windows
Cache de r‚solution DNS vid‚.
C:\Users\Serge\Desktop\cmd.bat deleted successfully.
C:\Users\Serge\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Serge
->Temp folder emptied: 66402003 bytes
->Temporary Internet Files folder emptied: 318428036 bytes
->Java cache emptied: 1739303 bytes
->Apple Safari cache emptied: 77504512 bytes
->Flash cache emptied: 2821 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1255 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 443,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Serge
->Java cache emptied: 0 bytes

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Serge
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.35.0 log created on 03032012_162705

Files\Folders moved on Reboot...
C:\Users\Serge\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Serge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Serge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 AM

Posted 03 March 2012 - 09:33 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 aguyinqc

aguyinqc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 04 March 2012 - 01:32 PM

Hi,

Everything is going fine now. No more redirects.

Thanks Gringo !!!



ComboFix 12-03-02.01 - Serge 2012-03-04 12:30:09.6.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4094.2613 [GMT -5:00]
Lancé depuis: c:\users\Serge\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Serge\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\3095
c:\windows\SysWow64\3095\inf3095.dat
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-04 au 2012-03-04 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-04 17:45 . 2012-03-04 17:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-04 17:45 . 2012-03-04 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-04 02:37 . 2012-03-04 03:08 -------- d-----w- c:\users\Serge\AppData\Roaming\DivoGames
2012-03-03 21:27 . 2012-03-03 21:27 -------- d-----w- C:\_OTL
2012-03-01 20:44 . 2012-03-01 20:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-01 19:52 . 2012-03-01 19:52 -------- d-----w- c:\users\Serge\AppData\Roaming\ReelDealWildWestShootOut
2012-02-28 22:42 . 2012-02-28 22:42 -------- d-----w- c:\users\Serge\AppData\Local\iwin
2012-02-27 23:27 . 2012-02-27 23:27 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-27 23:23 . 2012-03-02 02:12 -------- d-----w- c:\programdata\Lavasoft
2012-02-27 23:15 . 2012-02-27 23:15 388096 ----a-r- c:\users\Serge\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-27 23:15 . 2012-02-27 23:15 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-27 22:41 . 2012-03-02 02:12 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-27 22:41 . 2012-03-02 02:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-27 22:20 . 2012-02-27 22:25 -------- d-----w- c:\program files (x86)\ImpotRapide 2008
2012-02-27 22:18 . 2012-02-27 22:18 -------- d-----w- c:\program files (x86)\Common Files\AnswerWorks 4.0
2012-02-27 22:18 . 2012-02-27 22:27 -------- d-----w- c:\program files (x86)\ImpotRapide 2009
2012-02-27 22:16 . 2012-02-27 22:28 -------- d-----w- c:\program files (x86)\ImpotRapide 2010
2012-02-27 16:00 . 2012-02-27 16:00 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-02-27 15:56 . 2012-02-27 15:56 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-02-27 15:56 . 2012-02-27 15:56 -------- d-----w- c:\program files\Symantec
2012-02-27 15:56 . 2012-02-27 15:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-02-27 15:55 . 2012-02-27 15:55 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-02-27 15:55 . 2012-02-27 15:55 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-02-27 15:55 . 2012-02-27 15:55 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-02-27 15:50 . 2012-02-27 15:57 -------- d-----w- c:\programdata\Norton
2012-02-26 18:23 . 2012-02-26 18:23 -------- d-----w- c:\programdata\rionix
2012-02-26 17:57 . 2012-02-26 17:57 -------- d-----w- c:\windows\SysWow64\2029
2012-02-26 17:56 . 2012-02-26 17:56 -------- d-----w- c:\windows\SysWow64\2086
2012-02-26 03:40 . 2012-02-28 16:36 -------- d-----w- c:\users\Serge\Tracing
2012-02-26 03:02 . 2012-02-26 03:02 -------- d-----w- c:\windows\fr
2012-02-26 03:00 . 2012-02-26 03:00 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-02-26 02:58 . 2012-02-26 03:00 -------- d-----w- c:\program files (x86)\Windows Live
2012-02-26 02:57 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2012-02-26 02:57 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2012-02-26 02:57 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-02-26 02:57 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-02-26 02:56 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-02-26 02:56 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-02-26 02:54 . 2012-03-02 14:24 -------- d-----w- c:\users\Serge\AppData\Local\Windows Live
2012-02-26 02:54 . 2012-02-26 02:54 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-02-24 01:27 . 2012-02-24 01:27 -------- d-----w- c:\programdata\Boss Media
2012-02-24 01:27 . 2012-02-24 01:27 -------- d-----w- c:\users\Serge\AppData\Local\Boss Media
2012-02-24 01:25 . 2012-02-24 01:25 -------- d-----w- c:\program files (x86)\Safari
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-24 01:24 . 2012-02-24 01:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-24 01:24 . 2012-02-24 01:24 -------- d-----w- c:\program files (x86)\QuickTime
2012-02-21 02:19 . 2012-02-21 02:19 -------- d-----w- c:\program files (x86)\Games
2012-02-20 00:04 . 2012-02-20 00:04 -------- d-----w- c:\users\Serge\AppData\Roaming\Amulet_of_time
2012-02-19 19:25 . 2012-03-03 20:14 -------- d-----w- c:\users\Serge\AppData\Roaming\mIRC
2012-02-19 19:25 . 2012-02-19 19:25 -------- d-----w- c:\program files (x86)\mIRC
2012-02-17 02:26 . 2012-02-17 02:26 -------- d-----w- c:\users\Serge\AppData\Roaming\GameDevo
2012-02-17 02:22 . 2012-02-17 02:22 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-17 02:22 . 2012-02-17 02:22 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-17 02:22 . 2012-02-17 02:22 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-17 02:22 . 2012-02-17 02:22 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-17 02:22 . 2012-02-17 02:22 -------- d-----w- c:\program files (x86)\OpenAL
2012-02-17 02:20 . 2012-02-17 02:22 -------- d-----w- c:\program files (x86)\Malice - Two Sisters Survey
2012-02-17 02:14 . 2012-02-20 00:02 -------- d-----w- c:\program files (x86)\Foxy Games
2012-02-17 02:11 . 2012-02-17 02:11 -------- d-----w- c:\programdata\Big Fish Games
2012-02-17 02:11 . 2012-02-17 02:11 -------- d-----w- c:\program files (x86)\bfgclient
2012-02-17 02:10 . 2012-02-17 02:25 -------- d-----w- C:\BigFishGamesCache
2012-02-15 20:44 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 20:44 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 20:44 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 20:44 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 20:44 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 20:44 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 20:44 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 20:44 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 03:45 . 2010-06-24 15:10 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-02-15 03:45 . 2010-06-24 15:10 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-02-13 22:54 . 2010-08-02 21:19 31744 ----a-w- c:\windows\system32\drivers\lgandadb.sys
2012-02-13 22:54 . 2010-12-07 19:23 34304 ----a-w- c:\windows\system32\drivers\lgandmodem64.sys
2012-02-13 22:54 . 2010-12-07 19:23 27648 ----a-w- c:\windows\system32\drivers\lganddiag64.sys
2012-02-13 22:54 . 2010-12-07 19:23 27136 ----a-w- c:\windows\system32\drivers\lgandgps64.sys
2012-02-13 22:54 . 2010-12-07 19:22 19456 ----a-w- c:\windows\system32\drivers\lgandbus64.sys
2012-02-13 04:23 . 2012-02-25 14:00 -------- d-----w- c:\users\Serge\AppData\Roaming\funkitron
2012-02-11 17:47 . 2012-02-11 17:47 -------- d-----w- c:\program files (x86)\GotCLIP Downloader
2012-02-11 17:36 . 2012-02-11 17:39 -------- d-----w- c:\users\Serge\AppData\Roaming\BID
2012-02-11 17:36 . 2012-02-11 17:48 -------- d-----w- c:\program files (x86)\Bulk Image Downloader
2012-02-11 17:21 . 2012-02-11 17:23 -------- d-----w- c:\users\Serge\AppData\Roaming\Youtube Downloader HD
2012-02-11 17:20 . 2012-02-11 17:23 -------- d-----w- c:\program files (x86)\Youtube Downloader HD
2012-02-11 16:41 . 2012-02-11 16:41 -------- d-----w- c:\programdata\SSScan
2012-02-11 16:41 . 2012-02-11 16:41 -------- d-----w- c:\users\Serge\AppData\Local\SSScan
2012-02-11 16:40 . 2010-10-06 16:04 142128 ----a-w- c:\windows\wiainst64.exe
2012-02-11 16:40 . 2012-02-11 16:40 -------- d-----w- c:\windows\twain_64
2012-02-11 16:40 . 2010-05-20 19:08 280064 ----a-w- c:\windows\system32\snWIAMUI.dll
2012-02-11 02:53 . 2012-02-11 02:53 -------- d-----w- c:\program files (x86)\BitTorrent
2012-02-11 02:52 . 2012-03-04 00:22 -------- d-----w- c:\users\Serge\AppData\Roaming\BitTorrent
2012-02-08 02:48 . 2012-02-08 02:48 -------- d-----w- c:\users\Serge\AppData\Roaming\Alawar
2012-02-08 02:48 . 2012-02-08 02:48 -------- d-----w- c:\programdata\Alawar
2012-02-05 13:33 . 2012-02-05 13:35 -------- d-----w- c:\users\Serge\.jIRC
2012-02-04 19:29 . 2011-07-18 11:03 1919968 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2012-02-04 18:28 . 2012-02-04 19:33 -------- d-----w- c:\programdata\LGMOBILEAX
2012-02-04 17:03 . 2004-04-19 04:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-02-04 17:03 . 2004-04-19 04:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-02-04 17:03 . 2004-04-19 04:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-02-04 17:03 . 2004-04-19 04:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-02-04 17:03 . 2004-04-19 04:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-02-04 17:03 . 2012-02-04 17:03 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-02-04 17:03 . 2012-02-04 17:03 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-02-04 16:54 . 2012-02-04 16:55 -------- d-----w- c:\users\Serge\AppData\Roaming\GetRightToGo
2012-02-04 16:15 . 2012-02-04 16:15 -------- d-----w- C:\LGP999
2012-02-04 16:11 . 2012-02-04 16:50 -------- d-----w- C:\LG_USB
2012-02-04 14:46 . 2011-05-10 18:37 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2012-02-04 14:46 . 2011-05-10 18:37 568832 ----a-w- c:\windows\SysWow64\msvcp90.dll
2012-02-04 14:46 . 2011-05-10 18:37 224768 ----a-w- c:\windows\SysWow64\msvcm90.dll
2012-02-04 14:46 . 2006-05-04 13:33 53248 ----a-w- c:\windows\SysWow64\CommonDL.dll
2012-02-04 14:45 . 2012-02-13 22:54 -------- d-----w- c:\program files (x86)\LG Electronics
2012-02-04 03:47 . 2012-02-19 02:31 -------- d-----w- c:\users\Serge\AppData\Roaming\ERS Game Studios
2012-02-04 03:17 . 2012-02-04 03:17 -------- d-----w- c:\users\Serge\AppData\Local\Broadcom
2012-02-04 03:16 . 2009-09-17 16:56 21160 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-02-04 03:16 . 2009-09-17 16:56 35104 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-02-04 03:16 . 2009-09-17 16:56 132648 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-02-04 03:16 . 2009-09-17 16:56 98344 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-02-04 03:15 . 2012-02-04 03:15 -------- d-----w- c:\program files\WIDCOMM
2012-02-04 03:15 . 2012-02-04 03:15 -------- d-----w- c:\program files\DIFX
2012-02-04 03:13 . 2012-02-04 03:13 -------- d-----w- C:\system.sav
2012-02-04 03:07 . 2012-02-04 03:07 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-02-04 02:10 . 2012-02-04 02:10 -------- d-----w- c:\program files\Unknown Device Identifier
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 02:57 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-31 12:44 . 2012-01-23 20:56 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 20:42 . 2012-01-25 20:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-24 22:46 . 2012-01-24 22:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-24 05:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-24 05:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-23 21:57 . 2012-01-23 21:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-23 21:57 . 2012-01-23 21:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-23 21:57 . 2012-01-23 21:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-23 21:57 . 2012-01-23 21:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-23 21:57 . 2012-01-23 21:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-23 21:57 . 2012-01-23 21:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-23 21:57 . 2012-01-23 21:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-23 21:57 . 2012-01-23 21:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-23 21:57 . 2012-01-23 21:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-23 21:57 . 2012-01-23 21:57 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-23 21:57 . 2012-01-23 21:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-23 21:57 . 2012-01-23 21:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-23 21:57 . 2012-01-23 21:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-23 21:57 . 2012-01-23 21:57 448512 ----a-w- c:\windows\system32\html.iec
2012-01-23 21:57 . 2012-01-23 21:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-23 21:57 . 2012-01-23 21:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-23 21:57 . 2012-01-23 21:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-23 21:57 . 2012-01-23 21:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-23 21:57 . 2012-01-23 21:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-23 21:57 . 2012-01-23 21:57 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-23 21:57 . 2012-01-23 21:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-23 21:57 . 2012-01-23 21:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-23 21:57 . 2012-01-23 21:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-23 21:57 . 2012-01-23 21:57 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-23 21:57 . 2012-01-23 21:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-23 21:57 . 2012-01-23 21:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-23 21:57 . 2012-01-23 21:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-23 21:57 . 2012-01-23 21:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-23 21:57 . 2012-01-23 21:57 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-23 21:57 . 2012-01-23 21:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-23 21:57 . 2012-01-23 21:57 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-23 21:57 . 2012-01-23 21:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-23 21:57 . 2012-01-23 21:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-23 21:57 . 2012-01-23 21:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-23 20:23 . 2012-01-23 20:23 315392 ----a-w- c:\windows\HideWin.exe
2012-01-17 09:39 . 2012-01-24 15:00 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D8543C8-5EAC-4C5E-9DE8-6B282948026D}\mpengine.dll
2011-12-23 17:07 . 2011-12-23 17:07 1712201 ----a-w- c:\windows\SysWow64\InetClnt.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-03_16.56.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-24 04:54 . 2010-11-20 09:21 65536 c:\windows\SysWOW64\richhed20.dll
+ 2009-07-13 23:41 . 2009-07-14 01:15 94208 c:\windows\SysWOW64\gettuname.dll
+ 2009-07-13 23:39 . 2009-07-14 01:14 57344 c:\windows\SysWOW64\DisplaySwitchh.exe
+ 2012-01-23 20:22 . 2012-03-03 21:35 32472 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-04 17:24 43084 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-23 20:13 . 2012-03-04 17:24 8920 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1365876331-3669831383-1828126602-1001_UserData.bin
+ 2012-03-03 19:00 . 2012-03-03 19:00 9560 c:\windows\system32\NetworkList\Icons\{6636277A-4578-407D-B13B-6DC5E7350B50}_48.bin
+ 2012-03-03 19:00 . 2012-03-03 19:00 4280 c:\windows\system32\NetworkList\Icons\{6636277A-4578-407D-B13B-6DC5E7350B50}_32.bin
+ 2012-03-03 19:00 . 2012-03-03 19:00 2456 c:\windows\system32\NetworkList\Icons\{6636277A-4578-407D-B13B-6DC5E7350B50}_24.bin
+ 2012-01-23 20:01 . 2012-03-04 17:21 4033 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-01-23 20:01 . 2012-02-28 16:33 4033 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-03-04 17:22 . 2012-03-04 17:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-28 16:35 . 2012-02-28 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-04 17:22 . 2012-03-04 17:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-28 16:35 . 2012-02-28 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-24 04:54 . 2010-11-20 09:21 217088 c:\windows\SysWOW64\thumbcachee.dll
+ 2012-01-24 03:21 . 2012-03-04 09:20 316834 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-02-28 16:33 389580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-04 17:21 389580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-24 03:24 . 2012-03-04 17:21 5213992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1365876331-3669831383-1828126602-1001-8192.dat
- 2012-01-24 03:24 . 2012-02-28 16:33 5213992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1365876331-3669831383-1828126602-1001-8192.dat
+ 2012-01-24 03:24 . 2012-03-04 17:21 39904616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1365876331-3669831383-1828126602-1001-4096.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{07024EC1-5037-56B1-6BE3-56DA32CE68EE}]
2009-07-14 01:15 94208 ----a-w- c:\windows\SysWOW64\gettuname.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{316723C4-4E4A-01D3-7723-2F122F4F5815}]
2009-07-14 01:16 73728 ----a-w- c:\windows\SysWOW64\PortableDeviceWMDRRM.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 910208]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"messagepdf"="c:\windows\system32\14R7PBCHMO92KFL1IPJP14\formodpar.exe" [2012-01-11 118784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-09-24 614400]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-12-10 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-12-10 821144]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-11-21 234792]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2011-11-28 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120303.003\IDSvia64.sys [2012-02-24 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1305000.091\SYMNETS.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-11-21 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-11-11 75048]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-11-11 292136]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-29 138248]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-11-21 75248]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-27 138360]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-03-04 c:\windows\Tasks\At1.job
- c:\windows\SysWOW64\DisplaySwitchh.exe [2009-07-13 01:14]
.
2012-02-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1365876331-3669831383-1828126602-1001Core.job
- c:\users\Serge\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-11 05:23]
.
2012-03-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1365876331-3669831383-1828126602-1001UA.job
- c:\users\Serge\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-11 05:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1702400]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Ajouter cette page à la file d'attente de BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à la file d'attente le lien ciblé - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Ouvrir cette page avec BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Ouvrir cette page avec BID Link Explorer - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Ouvrir le lien ciblé avec BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
TCP: DhcpNameServer = 24.200.243.189 24.200.210.241 24.200.228.113
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{521A0DD6-456A-6ADF-543B-4241076D59AD} - c:\windows\SysWOW64\vaultclii.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-03-04 13:15:43
ComboFix-quarantined-files.txt 2012-03-04 18:15
ComboFix2.txt 2012-03-03 17:22
ComboFix3.txt 2012-03-02 02:02
.
Avant-CF: 140 331 077 632 octets libres
Après-CF: 140 273 229 824 octets libres
.
- - End Of File - - CE024583E20B177524AD50F28600A602

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 AM

Posted 04 March 2012 - 01:54 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 aguyinqc

aguyinqc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 04 March 2012 - 02:07 PM

Here it is


Aaron Crane Paintings Come Alive 1.00
Adobe Acrobat X Professional - Middle Eastern, North African, Greek
Adobe Reader X (10.1.2) - Français
Amulet of Time - Shadow of la Rochelle
Apple Application Support
Apple Software Update
Belarc Advisor 8.2
Big Fish Games: Game Manager
BitTorrent
Bulk Image Downloader v4.36.0.0
Chocolatier 2 - Secret Ingredients % CompanyName%
CyberLink PowerDVD 11
D3DX10
Deal Or No Deal
Epson Event Manager
EPSON Scan
EpsonNet Print
EpsonNet Setup
Facebook Video Calling 1.1.1.1
Galerie de photos Windows Live
GotCLIP Downloader
HiJackThis
HP Wireless Assistant
ImpôtRapide 2008
ImpôtRapide 2009
ImpôtRapide 2010
ImpôtRapide 2011
Java Auto Updater
Java™ 6 Update 30
LG United Mobile Driver
Maestro 2- Notes of Life - Standard With Guide
Malice: Two Sisters Survey
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
New Yankee in King Arthurs Court
Norton Internet Security
NVIDIA PhysX
OpenAL
QuickTime
Realtek High Definition Audio Driver
Safari
Samsung SCX-4x26 Series
Samsung Universal Scan Driver
Samsung_MonSetup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Summer Resort Mogul
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Live
Windows Live Communications Platform
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Your Uninstaller! 2010
Youtube Downloader HD v. 2.8

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 AM

Posted 04 March 2012 - 02:18 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

BitTorrent
Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 aguyinqc

aguyinqc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 05 March 2012 - 09:55 AM

Hi Gringo,

Here are the logs. The computer is doing fine, no more problems.

Thanks !!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:53:54, on 2012-03-05
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {07024EC1-5037-56B1-6BE3-56DA32CE68EE} - C:\Windows\SysWOW64\gettuname.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Link Helper - {316723C4-4E4A-01D3-7723-2F122F4F5815} - C:\Windows\SysWOW64\PortableDeviceWMDRRM.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {521A0DD6-456A-6ADF-543B-4241076D59AD} - C:\Windows\SysWOW64\vaultclii.dll (file missing)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [messagepdf] "C:\Windows\system32\14R7PBCHMO92KFL1IPJP14\formodpar.exe" -XrL
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-21-1365876331-3669831383-1828126602-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Ajouter cette page à la file d'attente de BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à la file d'attente le lien ciblé - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Ouvrir cette page avec BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Ouvrir cette page avec BID Link Explorer - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
O8 - Extra context menu item: Ouvrir le lien ciblé avec BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=724
O18 - Protocol: intu-ir2011 - {DFF68B15-A8D3-420B-B32C-E9554E2F5C15} - C:\Program Files (x86)\ImpotRapide 2011\ic2011pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 28028 bytes


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.05.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Serge :: SERGE-PC [administrator]

Protection: Enabled

2012-03-05 00:17:26
mbam-log-2012-03-05 (00-17-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207159
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users