IE stealthily connects to sites by itself and google redirects

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

IE stealthily connects to sites by itself and google redirects Posting logs as requested

#1 DjXyanyde

Member

Group: Members
Posts: 21
Joined: 25-November 11

Posted 19 December 2011 - 10:27 AM

Link to original request http://www.bleepingcomputer.com/forums/topic429295.html

Basically, Internet Explorer will connect to the internet by itself and go to multiple ad websites and look at advertisements. The only way I know it is happening is that some of the commercials forget to mute themselves and I hear music and such playing in the background when I literally have not opened any sites or programs. I ran suggested programs like MBAM and SUPERAntiSpyware to no avail. Upon scanning, it just deletes a bunch of cookies and doesn't solve the problem. Also, when I use firefox to web surf, google results are redirected to other websites. I placed a fake proxy under internet options (0.0.0.0 port 80) to stop IE from being able to connect to things. This seemed to have worked as a temporary workaround until recently. Now I get periodic IE error boxes saying "Stack overflow at line X" or "[random advertisement] click on this box to stay on this page!". I have process explorer up and don't see any IE programs running, but I still get the errors and messages.

Also, this is Vista 64 bit so I can't run the other logs. Thank you in advance!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29
Run by C1 at 9:26:04 on 2011-12-19
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6133.1685 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\amBX\System\amBX_Service.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\World of Warcraft\WoW.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 0.0.0.0:80
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\C1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll/206
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.87.73.246 68.87.81.230
TCP: Interfaces\{06A6FA3E-DC2F-45C9-B331-6FACF0DB58CF} : DhcpNameServer = 192.168.1.1 68.87.73.246 68.87.81.230
TCP: Interfaces\{360D058F-560F-49CD-B344-88C1704163AF} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D2A77D9-5C41-437A-A96D-6F42EE70D4AA} : DhcpNameServer = 192.168.1.1 68.87.73.246 68.87.71.230
TCP: Interfaces\{7A993A6C-1091-4BD8-BCBA-6236B3EA305B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{80058CD3-3736-4972-81B1-568D94549DF4} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{89EED8E8-4E5B-424E-B2EA-011E832DE078} : DhcpNameServer = 192.168.1.1 68.87.73.246 68.87.81.230
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll/206
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\C1\AppData\Roaming\Mozilla\Firefox\Profiles\prw99jkw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=12-05-2010&tb_mrud=12-05-2010
FF - prefs.js: browser.search.selectedEngine - Wowhead
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/Djxyanyde
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\C1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\C1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\C1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 amBX Service;amBX Service;C:\Program Files (x86)\amBX\System\amBX_Service.exe [2008-4-17 612864]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2008-10-8 23000]
R2 Philips amBX USB HAL;Philips amBX USB HAL;C:\Program Files (x86)\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe [2008-6-9 540672]
R2 StkSSrv;Syntek AVStream USB2.0 ATV Service;C:\Windows\System32\StkCSrv.exe --> C:\Windows\System32\StkCSrv.exe [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-7 136176]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-7 136176]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys --> C:\Windows\system32\DRIVERS\RTL8187B.sys [?]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\system32\Drivers\StkCMini.sys --> C:\Windows\system32\Drivers\StkCMini.sys [?]
S4 atashost;WebEx Service Host for Support Center;"C:\Windows\SysWOW64\atashost.exe" --> C:\Windows\SysWOW64\atashost.exe [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-16 89920]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-8-27 92008]
.
=============== Created Last 30 ================
.
2011-12-18 22:17:35 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-12-18 22:17:35 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-12-18 22:17:35 -------- d-----w- C:\Program Files (x86)\OpenAL
2011-12-17 11:01:54 -------- d-----w- C:\Users\C1\AppData\Local\LogMeIn Hamachi
2011-12-17 11:01:22 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2011-12-17 05:53:50 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{951A4D95-FE9E-478F-B51F-E72AEAE5236A}\offreg.dll
2011-12-17 05:02:12 -------- d-----w- C:\Program Files\Microsoft Xbox 360 Accessories
2011-12-16 16:27:08 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-12-16 16:27:08 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
2011-12-16 16:27:05 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll
2011-12-16 16:27:05 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-12-16 16:27:02 2475352 ----a-w- C:\Windows\System32\D3DX9_42.dll
2011-12-16 16:27:02 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-12-16 15:47:42 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-12-16 15:47:42 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-12-16 15:47:42 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2011-12-16 15:47:41 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2011-12-16 15:47:30 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2011-12-16 07:12:29 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{951A4D95-FE9E-478F-B51F-E72AEAE5236A}\mpengine.dll
2011-12-14 15:24:52 -------- d-----w- C:\Users\C1\AppData\Local\ArmA 2 Free
2011-12-14 11:10:40 -------- d-----w- C:\Program Files (x86)\Bohemia Interactive
2011-12-13 06:41:42 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-12-01 12:21:13 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-11-26 00:46:48 -------- d-----w- C:\Users\C1\AppData\Roaming\SUPERAntiSpyware.com
2011-11-26 00:45:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-11-26 00:45:41 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-11-24 01:27:29 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2011-11-24 01:27:27 -------- d-----w- C:\Program Files\Prevx
2011-11-24 01:26:55 -------- d-----w- C:\ProgramData\PrevxCSI
2011-11-24 00:19:23 -------- d-----w- C:\Windows\pss
.
==================== Find3M ====================
.
2011-12-18 22:17:35 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-12-18 22:17:35 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-11-21 03:13:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-28 14:34:12 39192 ----a-w- C:\Windows\System32\Partizan.exe
2011-10-28 14:32:04 2 --shatr- C:\Windows\winstart.bat
2011-10-26 02:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-10-26 02:21:48 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-10-26 02:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll
2011-10-26 02:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll
2011-10-26 02:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll
2011-10-26 02:20:42 13950464 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-20 21:06:18 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 9:34:18.52 ===============

Attached File(s)

Attach.txt (8.12K)
Number of downloads: 0

#2 HelpBot

Bleepin' Binary Bot

Group: Bots
Posts: 5,607
Joined: 05-October 07
Gender:Male

Posted 25 December 2011 - 10:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433346 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 DjXyanyde

Member

Group: Members
Posts: 21
Joined: 25-November 11

Posted 25 December 2011 - 03:42 PM

The issue continues to hassle me as described in the original post but it seems to have gotten worse. Normal things that were previously lag free and effortless (youtube videos and opening programs) have become laborious and drawn out, sometimes taking 3 to 5 times as long as usual.

As requested, here is the new log and attached file. Again, I have 64-bit Vista so I'm unable to run the other log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29
Run by C1 at 13:37:24 on 2011-12-25
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6133.2640 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\amBX\System\amBX_Service.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\C1\Desktop\procexp64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 0.0.0.0:80
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\C1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll/206
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.87.73.246 68.87.81.230
TCP: Interfaces\{06A6FA3E-DC2F-45C9-B331-6FACF0DB58CF} : DhcpNameServer = 192.168.1.1 68.87.73.246 68.87.81.230
TCP: Interfaces\{360D058F-560F-49CD-B344-88C1704163AF} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D2A77D9-5C41-437A-A96D-6F42EE70D4AA} : DhcpNameServer = 192.168.1.1 68.87.73.246 68.87.71.230
TCP: Interfaces\{7A993A6C-1091-4BD8-BCBA-6236B3EA305B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{80058CD3-3736-4972-81B1-568D94549DF4} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{89EED8E8-4E5B-424E-B2EA-011E832DE078} : DhcpNameServer = 192.168.1.1 68.87.73.246 68.87.81.230
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll/206
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\C1\AppData\Roaming\Mozilla\Firefox\Profiles\prw99jkw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=12-05-2010&tb_mrud=12-05-2010
FF - prefs.js: browser.search.selectedEngine - Wowhead
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/Djxyanyde
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\C1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\C1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\C1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 amBX Service;amBX Service;C:\Program Files (x86)\amBX\System\amBX_Service.exe [2008-4-17 612864]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2008-10-8 23000]
R2 Philips amBX USB HAL;Philips amBX USB HAL;C:\Program Files (x86)\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe [2008-6-9 540672]
R2 StkSSrv;Syntek AVStream USB2.0 ATV Service;C:\Windows\System32\StkCSrv.exe --> C:\Windows\System32\StkCSrv.exe [?]
R2 WLANBelkinService;Belkin WLAN service;C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-7 136176]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-7 136176]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys --> C:\Windows\system32\DRIVERS\RTL8187B.sys [?]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\system32\Drivers\StkCMini.sys --> C:\Windows\system32\Drivers\StkCMini.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 atashost;WebEx Service Host for Support Center;"C:\Windows\SysWOW64\atashost.exe" --> C:\Windows\SysWOW64\atashost.exe [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-16 89920]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-8-27 92008]
.
=============== Created Last 30 ================
.
2011-12-23 07:02:58 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112E9F4B-6C39-433A-9929-5172F45A33C2}\offreg.dll
2011-12-23 07:02:54 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112E9F4B-6C39-433A-9929-5172F45A33C2}\mpengine.dll
2011-12-22 18:54:27 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2011-12-18 22:17:35 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-12-18 22:17:35 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-12-18 22:17:35 -------- d-----w- C:\Program Files (x86)\OpenAL
2011-12-17 11:01:54 -------- d-----w- C:\Users\C1\AppData\Local\LogMeIn Hamachi
2011-12-17 11:01:22 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2011-12-17 05:02:12 -------- d-----w- C:\Program Files\Microsoft Xbox 360 Accessories
2011-12-16 16:27:08 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-12-16 16:27:08 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
2011-12-16 16:27:05 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll
2011-12-16 16:27:05 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-12-16 16:27:02 2475352 ----a-w- C:\Windows\System32\D3DX9_42.dll
2011-12-16 16:27:02 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-12-16 15:47:42 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-12-16 15:47:42 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-12-16 15:47:42 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2011-12-16 15:47:41 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2011-12-16 15:47:30 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2011-12-14 15:24:52 -------- d-----w- C:\Users\C1\AppData\Local\ArmA 2 Free
2011-12-14 11:10:40 -------- d-----w- C:\Program Files (x86)\Bohemia Interactive
2011-12-13 06:41:42 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-12-01 12:21:13 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-11-26 00:46:48 -------- d-----w- C:\Users\C1\AppData\Roaming\SUPERAntiSpyware.com
2011-11-26 00:45:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-11-26 00:45:41 -------- d-----w- C:\Program Files\SUPERAntiSpyware
.
==================== Find3M ====================
.
2011-12-18 22:17:35 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-12-18 22:17:35 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-11-24 01:27:29 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-11-21 03:13:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-08 14:58:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-08 14:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 15:20:26 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-04 14:54:57 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-28 14:34:12 39192 ----a-w- C:\Windows\System32\Partizan.exe
2011-10-28 14:32:04 2 --shatr- C:\Windows\winstart.bat
2011-10-26 02:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-10-26 02:21:48 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-10-26 02:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll
2011-10-26 02:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll
2011-10-26 02:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll
2011-10-26 02:20:42 13950464 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-10-25 16:09:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-20 16:19:14 1032192 ----a-w- C:\Windows\System32\wininet.dll
2011-10-20 15:55:43 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-10-20 14:40:54 485376 ----a-w- C:\Windows\System32\html.iec
2011-10-20 14:08:44 389632 ----a-w- C:\Windows\SysWow64\html.iec
2011-10-14 17:30:05 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-14 16:02:19 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 13:45:08.93 ===============

Attached File(s)

Attach.zip (2.9K)
Number of downloads: 1

#4 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,524
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 26 December 2011 - 03:27 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.
Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1

Link 2

Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#5 DjXyanyde

Member

Group: Members
Posts: 21
Joined: 25-November 11

Posted 26 December 2011 - 10:46 PM

I'm not getting any Internet Explorer issues SO FAR but I am still having the google redirect issue.

ComboFix 11-12-26.03 - C1 12/26/2011 17:36:35.1.8 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6133.2656 [GMT -5:00]
Running from: c:\users\C1\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\users\C1\AppData\Local\assembly\tmp
c:\users\C1\AppData\Roaming\.#
c:\users\C1\AppData\Roaming\Local
c:\users\C1\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\C1\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\C1\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\users\C1\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\users\C1\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp
c:\users\C1\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp
c:\users\C1\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\C1\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\users\C1\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\tvbszyfvclpo.avi
c:\users\C1\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\videoplayback(2).ddp
c:\users\C1\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\videoplayback.ddp
c:\users\C1\AppData\Roaming\Local\Temp\DDM\Settings\tvbszyfvclpo.avi.ddr
c:\users\C1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\C1\AppData\Roaming\Mozilla\Firefox\Profiles\prw99jkw.default\searchplugins\bing-zugo.xml
c:\windows\security\Database\tmp.edb
c:\windows\system32\java.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
.
.
2011-12-26 23:17 . 2011-12-26 23:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{112E9F4B-6C39-433A-9929-5172F45A33C2}\offreg.dll
2011-12-26 23:14 . 2011-12-26 23:14 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-12-26 23:14 . 2011-12-26 23:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-26 20:38 . 2011-12-26 21:12 -------- d-----w- c:\users\C1\.gstreamer-0.10
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- c:\users\C1\AppData\Local\Motorola
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- C:\Binaries
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- c:\program files (x86)\Common Files\Nero
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- c:\programdata\Nero
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- c:\program files (x86)\Motorola Media Link
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- c:\programdata\Motorola
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- c:\program files (x86)\Motorola Mobility
2011-12-26 20:36 . 2011-12-26 20:36 -------- d-----w- c:\program files\Motorola Inc
2011-12-26 20:36 . 2011-12-26 20:36 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-12-26 20:35 . 2011-12-26 20:37 -------- d-----w- c:\users\C1\AppData\Roaming\Motorola
2011-12-26 20:35 . 2011-12-26 20:35 -------- d-----w- c:\program files (x86)\Motorola
2011-12-26 20:34 . 2011-12-26 22:24 -------- d-----w- c:\users\C1\AppData\Roaming\MotoCast
2011-12-23 07:02 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{112E9F4B-6C39-433A-9929-5172F45A33C2}\mpengine.dll
2011-12-22 18:54 . 2011-12-22 18:54 -------- d-----w- c:\program files (x86)\Winamp Detect
2011-12-18 22:17 . 2011-12-18 22:17 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-18 22:17 . 2011-12-18 22:17 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-18 22:17 . 2011-12-18 22:17 -------- d-----w- c:\program files (x86)\OpenAL
2011-12-17 11:01 . 2011-12-26 23:20 -------- d-----w- c:\users\C1\AppData\Local\LogMeIn Hamachi
2011-12-17 11:01 . 2011-12-17 11:01 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-12-17 05:02 . 2011-12-17 05:02 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2011-12-16 16:27 . 2010-02-04 15:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-16 16:27 . 2010-02-04 15:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-12-16 16:27 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-12-16 16:27 . 2009-09-04 22:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-12-16 16:27 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-12-16 16:27 . 2009-09-04 22:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-12-16 15:47 . 2010-02-04 15:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-12-16 15:47 . 2010-02-04 15:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-12-16 15:47 . 2010-02-04 15:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-12-16 15:47 . 2010-02-04 15:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-12-16 15:47 . 2011-12-16 15:47 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-12-14 15:24 . 2011-12-14 16:38 -------- d-----w- c:\users\C1\AppData\Local\ArmA 2 Free
2011-12-14 11:10 . 2011-12-14 11:10 -------- d-----w- c:\program files (x86)\Bohemia Interactive
2011-12-13 06:48 . 2011-12-13 06:48 -------- d-----w- c:\programdata\ATI
2011-12-13 06:41 . 2011-12-13 06:41 -------- d-----w- c:\program files (x86)\AMD APP
2011-12-01 12:21 . 2011-12-01 12:20 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-01 12:20 . 2011-12-01 12:20 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 22:17 . 2008-11-26 07:12 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-18 22:17 . 2008-11-26 07:12 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-13 06:29 . 2011-07-28 21:39 892416 ----a-w- c:\windows\system32\aticfx64.dll
2011-12-13 06:29 . 2011-07-28 20:53 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-12-13 06:29 . 2011-07-28 21:30 4292096 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-12-13 06:29 . 2011-07-28 21:03 4189184 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-12-13 06:29 . 2011-07-28 20:52 45056 ----a-w- c:\windows\system32\atitmp64.dll
2011-12-13 06:29 . 2011-07-28 21:40 748544 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-12-13 06:29 . 2011-07-28 21:09 4353536 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-12-13 06:29 . 2011-07-28 20:53 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-12-13 06:29 . 2010-07-31 16:07 58880 ----a-w- c:\windows\system32\coinst.dll
2011-12-13 06:29 . 2011-07-28 21:11 4044288 ----a-w- c:\windows\system32\atiumd6a.dll
2011-12-13 06:29 . 2011-07-28 21:02 5510144 ----a-w- c:\windows\system32\atiumd64.dll
2011-12-13 06:29 . 2011-07-28 20:53 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-24 01:27 . 2011-11-24 01:27 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-11-21 03:13 . 2011-05-27 17:17 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-28 14:34 . 2011-10-28 14:34 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-10-28 14:32 . 2011-10-28 14:32 2 --shatr- c:\windows\winstart.bat
2011-10-26 02:21 . 2011-10-26 02:21 66560 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-10-26 02:21 . 2011-10-26 02:21 66560 ----a-w- c:\windows\system32\OVDecoder64.dll
2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll
2011-10-26 02:21 . 2011-10-26 02:21 16991744 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-26 02:20 . 2011-10-26 02:20 13950464 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-10-03 09:06 . 2010-05-04 10:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-16 5486464]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2011-12-26 1846]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
c:\users\C1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-11-29 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 amBX Service;amBX Service;c:\program files (x86)\amBX\System\amBX_Service.exe [2009-10-14 612864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-12-15 87368]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [2008-10-08 23000]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 Philips amBX USB HAL;Philips amBX USB HAL;c:\program files (x86)\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe [2008-06-09 540672]
S2 StkSSrv;Syntek AVStream USB2.0 ATV Service;c:\windows\System32\StkCSrv.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 17:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 03:50]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 03:50]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317447156-3686453458-179285891-1000Core.job
- c:\users\C1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-05 09:43]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317447156-3686453458-179285891-1000UA.job
- c:\users\C1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-05 09:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\C1\AppData\Roaming\Mozilla\Firefox\Profiles\prw99jkw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=12-05-2010&tb_mrud=12-05-2010
FF - prefs.js: browser.search.selectedEngine - Wowhead
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/Djxyanyde
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1317447156-3686453458-179285891-1000\Software\SecuROM\License information*]
"datasecu"=hex:67,f2,f4,d2,6d,1d,0d,f9,04,e7,80,1c,62,21,50,0f,1a,11,fa,e8,07,
af,4b,18,50,78,84,2e,e5,b1,69,5d,ce,42,d7,3c,0d,69,25,f8,dc,28,67,76,f4,0a,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
.
**************************************************************************
.
Completion time: 2011-12-26 18:39:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-26 23:39
.
Pre-Run: 211,557,113,856 bytes free
Post-Run: 212,744,454,144 bytes free
.
- - End Of File - - C001AE93C099DD14FAF3C170142A31BC

#6 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,524
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 26 December 2011 - 11:48 PM

Hello

Quote

but I am still having the google redirect issue.

even after running combofix?

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

<-- Don't worry every little bit helps.

#7 DjXyanyde

Member

Group: Members
Posts: 21
Joined: 25-November 11

Posted 28 December 2011 - 06:28 AM

Now in addition to the previous issues and symptoms (everything seems to still be infected and google is redirecting still, I'm getting an Internet Explorer error box popping up saying 'DOMParser' is undefined

06:23:29.0680 6012 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
06:23:29.0948 6012 ============================================================
06:23:29.0948 6012 Current date / time: 2011/12/28 06:23:29.0948
06:23:29.0948 6012 SystemInfo:
06:23:29.0948 6012
06:23:29.0948 6012 OS Version: 6.0.6002 ServicePack: 2.0
06:23:29.0948 6012 Product type: Workstation
06:23:29.0948 6012 ComputerName: COMMODORE-GX04
06:23:29.0949 6012 UserName: C1
06:23:29.0949 6012 Windows directory: C:\Windows
06:23:29.0949 6012 System windows directory: C:\Windows
06:23:29.0949 6012 Running under WOW64
06:23:29.0949 6012 Processor architecture: Intel x64
06:23:29.0949 6012 Number of processors: 8
06:23:29.0949 6012 Page size: 0x1000
06:23:29.0949 6012 Boot type: Normal boot
06:23:29.0949 6012 ============================================================
06:23:30.0912 6012 Initialize success
06:23:39.0975 5124 ============================================================
06:23:39.0975 5124 Scan started
06:23:39.0975 5124 Mode: Manual; SigCheck; TDLFS;
06:23:39.0975 5124 ============================================================
06:23:40.0717 5124 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
06:23:40.0907 5124 61883 - ok
06:23:41.0018 5124 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
06:23:41.0031 5124 ACPI - ok
06:23:41.0141 5124 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
06:23:41.0160 5124 adp94xx - ok
06:23:41.0191 5124 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
06:23:41.0203 5124 adpahci - ok
06:23:41.0220 5124 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
06:23:41.0228 5124 adpu160m - ok
06:23:41.0245 5124 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
06:23:41.0253 5124 adpu320 - ok
06:23:41.0300 5124 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
06:23:41.0392 5124 AFD - ok
06:23:41.0411 5124 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
06:23:41.0419 5124 agp440 - ok
06:23:41.0448 5124 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
06:23:41.0456 5124 aic78xx - ok
06:23:41.0472 5124 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
06:23:41.0478 5124 aliide - ok
06:23:41.0566 5124 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
06:23:41.0573 5124 amdide - ok
06:23:41.0656 5124 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
06:23:41.0700 5124 AmdK8 - ok
06:23:42.0245 5124 amdkmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
06:23:42.0673 5124 amdkmdag - ok
06:23:42.0709 5124 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
06:23:42.0728 5124 amdkmdap - ok
06:23:42.0755 5124 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
06:23:42.0763 5124 arc - ok
06:23:42.0781 5124 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
06:23:42.0788 5124 arcsas - ok
06:23:42.0830 5124 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
06:23:42.0853 5124 AsyncMac - ok
06:23:42.0871 5124 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
06:23:42.0879 5124 atapi - ok
06:23:42.0937 5124 AtiHDAudioService (ffadd388d1e7f075857659928365d579) C:\Windows\system32\drivers\AtihdLH6.sys
06:23:43.0031 5124 AtiHDAudioService - ok
06:23:43.0054 5124 AtiHdmiService (a48798722f2a9654e22226f3eadb203b) C:\Windows\system32\drivers\AtiHdmi.sys
06:23:43.0061 5124 AtiHdmiService - ok
06:23:43.0315 5124 atikmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
06:23:43.0530 5124 atikmdag - ok
06:23:43.0594 5124 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
06:23:43.0648 5124 Avc - ok
06:23:43.0692 5124 BCMH43XX (e49110a58a32e9450356686a95dd7763) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
06:23:43.0710 5124 BCMH43XX - ok
06:23:43.0738 5124 Beep - ok
06:23:43.0801 5124 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
06:23:43.0845 5124 blbdrive - ok
06:23:43.0869 5124 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
06:23:43.0932 5124 bowser - ok
06:23:43.0946 5124 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
06:23:44.0052 5124 BrFiltLo - ok
06:23:44.0066 5124 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
06:23:44.0089 5124 BrFiltUp - ok
06:23:44.0109 5124 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
06:23:44.0267 5124 Brserid - ok
06:23:44.0286 5124 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
06:23:44.0348 5124 BrSerWdm - ok
06:23:44.0394 5124 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
06:23:44.0461 5124 BrUsbMdm - ok
06:23:44.0544 5124 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
06:23:44.0581 5124 BrUsbSer - ok
06:23:44.0682 5124 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
06:23:44.0725 5124 BTHMODEM - ok
06:23:44.0851 5124 catchme - ok
06:23:44.0955 5124 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
06:23:45.0000 5124 cdfs - ok
06:23:45.0045 5124 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
06:23:45.0065 5124 cdrom - ok
06:23:45.0152 5124 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
06:23:45.0207 5124 circlass - ok
06:23:45.0295 5124 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
06:23:45.0315 5124 CLFS - ok
06:23:45.0342 5124 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
06:23:45.0349 5124 cmdide - ok
06:23:45.0357 5124 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
06:23:45.0364 5124 Compbatt - ok
06:23:45.0387 5124 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
06:23:45.0394 5124 crcdisk - ok
06:23:45.0517 5124 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
06:23:45.0598 5124 CSC - ok
06:23:45.0652 5124 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
06:23:45.0723 5124 DfsC - ok
06:23:45.0772 5124 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
06:23:45.0780 5124 disk - ok
06:23:45.0802 5124 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
06:23:45.0825 5124 drmkaud - ok
06:23:45.0878 5124 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
06:23:45.0948 5124 DXGKrnl - ok
06:23:46.0005 5124 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
06:23:46.0070 5124 E1G60 - ok
06:23:46.0159 5124 e1yexpress (b37f6853d6e0c6f5f8efde33e831b5f8) C:\Windows\system32\DRIVERS\e1y60x64.sys
06:23:46.0167 5124 e1yexpress - ok
06:23:46.0267 5124 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
06:23:46.0276 5124 Ecache - ok
06:23:46.0422 5124 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
06:23:46.0447 5124 elxstor - ok
06:23:46.0472 5124 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
06:23:46.0516 5124 ErrDev - ok
06:23:46.0563 5124 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
06:23:46.0617 5124 exfat - ok
06:23:46.0645 5124 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
06:23:46.0675 5124 fastfat - ok
06:23:46.0696 5124 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
06:23:46.0719 5124 fdc - ok
06:23:46.0731 5124 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
06:23:46.0739 5124 FileInfo - ok
06:23:46.0756 5124 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
06:23:46.0795 5124 Filetrace - ok
06:23:46.0821 5124 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
06:23:46.0845 5124 flpydisk - ok
06:23:46.0996 5124 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
06:23:47.0007 5124 FltMgr - ok
06:23:47.0046 5124 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
06:23:47.0078 5124 Fs_Rec - ok
06:23:47.0101 5124 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
06:23:47.0110 5124 fvevol - ok
06:23:47.0189 5124 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
06:23:47.0216 5124 gagp30kx - ok
06:23:47.0272 5124 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
06:23:47.0278 5124 hamachi - ok
06:23:47.0311 5124 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
06:23:47.0345 5124 HdAudAddService - ok
06:23:47.0375 5124 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:23:47.0506 5124 HDAudBus - ok
06:23:47.0521 5124 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
06:23:47.0575 5124 HidBth - ok
06:23:47.0683 5124 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
06:23:47.0748 5124 HidIr - ok
06:23:47.0860 5124 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
06:23:47.0891 5124 HidUsb - ok
06:23:47.0911 5124 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
06:23:47.0918 5124 HpCISSs - ok
06:23:48.0139 5124 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
06:23:48.0241 5124 HTTP - ok
06:23:48.0260 5124 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
06:23:48.0267 5124 i2omp - ok
06:23:48.0284 5124 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
06:23:48.0323 5124 i8042prt - ok
06:23:48.0345 5124 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
06:23:48.0354 5124 iaStorV - ok
06:23:48.0377 5124 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
06:23:48.0383 5124 iirsp - ok
06:23:48.0566 5124 IntcAzAudAddService (4a725cdde1a0c3d1b1eaca0d9d0d95d0) C:\Windows\system32\drivers\RTKVHD64.sys
06:23:48.0599 5124 IntcAzAudAddService - ok
06:23:48.0619 5124 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
06:23:48.0626 5124 intelide - ok
06:23:48.0638 5124 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
06:23:48.0670 5124 intelppm - ok
06:23:48.0730 5124 IOCBIOS (898501a4cdf6040caf46a49a9117ca6d) C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS
06:23:48.0736 5124 IOCBIOS - ok
06:23:48.0786 5124 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:23:48.0834 5124 IpFilterDriver - ok
06:23:48.0859 5124 IpInIp - ok
06:23:48.0930 5124 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
06:23:48.0981 5124 IPMIDRV - ok
06:23:48.0999 5124 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
06:23:49.0036 5124 IPNAT - ok
06:23:49.0044 5124 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
06:23:49.0068 5124 IRENUM - ok
06:23:49.0074 5124 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
06:23:49.0080 5124 isapnp - ok
06:23:49.0119 5124 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
06:23:49.0128 5124 iScsiPrt - ok
06:23:49.0140 5124 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
06:23:49.0146 5124 iteatapi - ok
06:23:49.0232 5124 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
06:23:49.0238 5124 iteraid - ok
06:23:49.0318 5124 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
06:23:49.0324 5124 kbdclass - ok
06:23:49.0459 5124 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
06:23:49.0504 5124 kbdhid - ok
06:23:49.0559 5124 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
06:23:49.0574 5124 KSecDD - ok
06:23:49.0592 5124 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
06:23:49.0629 5124 ksthunk - ok
06:23:49.0684 5124 LHidFilt (aa3d903c5a7538803f2400a8391f1881) C:\Windows\system32\DRIVERS\LHidFilt.Sys
06:23:49.0691 5124 LHidFilt - ok
06:23:49.0706 5124 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
06:23:49.0741 5124 lltdio - ok
06:23:49.0778 5124 LMouFilt (90b4b2b0b5f05abb9fb365405a7b825b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
06:23:49.0784 5124 LMouFilt - ok
06:23:49.0802 5124 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
06:23:49.0810 5124 LSI_FC - ok
06:23:49.0901 5124 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
06:23:49.0908 5124 LSI_SAS - ok
06:23:49.0979 5124 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
06:23:49.0986 5124 LSI_SCSI - ok
06:23:50.0086 5124 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
06:23:50.0134 5124 luafv - ok
06:23:50.0149 5124 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
06:23:50.0155 5124 megasas - ok
06:23:50.0308 5124 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
06:23:50.0333 5124 MegaSR - ok
06:23:50.0353 5124 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
06:23:50.0382 5124 Modem - ok
06:23:50.0408 5124 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
06:23:50.0441 5124 monitor - ok
06:23:50.0471 5124 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
06:23:50.0478 5124 mouclass - ok
06:23:50.0505 5124 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
06:23:50.0540 5124 mouhid - ok
06:23:50.0552 5124 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
06:23:50.0560 5124 MountMgr - ok
06:23:50.0576 5124 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
06:23:50.0585 5124 mpio - ok
06:23:50.0597 5124 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
06:23:50.0624 5124 mpsdrv - ok
06:23:50.0658 5124 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
06:23:50.0665 5124 Mraid35x - ok
06:23:50.0738 5124 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
06:23:50.0791 5124 MRxDAV - ok
06:23:50.0817 5124 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:23:50.0838 5124 mrxsmb - ok
06:23:50.0869 5124 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:23:50.0881 5124 mrxsmb10 - ok
06:23:50.0982 5124 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:23:51.0011 5124 mrxsmb20 - ok
06:23:51.0024 5124 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
06:23:51.0030 5124 msahci - ok
06:23:51.0047 5124 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
06:23:51.0055 5124 msdsm - ok
06:23:51.0180 5124 MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys
06:23:51.0224 5124 MSDV - ok
06:23:51.0243 5124 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
06:23:51.0294 5124 Msfs - ok
06:23:51.0312 5124 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
06:23:51.0318 5124 msisadrv - ok
06:23:51.0342 5124 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
06:23:51.0365 5124 MSKSSRV - ok
06:23:51.0417 5124 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
06:23:51.0474 5124 MSPCLOCK - ok
06:23:51.0493 5124 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
06:23:51.0540 5124 MSPQM - ok
06:23:51.0596 5124 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
06:23:51.0622 5124 MsRPC - ok
06:23:51.0648 5124 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
06:23:51.0656 5124 mssmbios - ok
06:23:51.0737 5124 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
06:23:51.0779 5124 MSTEE - ok
06:23:51.0796 5124 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
06:23:51.0804 5124 Mup - ok
06:23:51.0933 5124 NAL (b5a7ded4455d6d694091827dc91fed99) C:\Windows\system32\Drivers\iqvw64e.sys
06:23:51.0939 5124 NAL - ok
06:23:52.0101 5124 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
06:23:52.0132 5124 NativeWifiP - ok
06:23:52.0165 5124 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
06:23:52.0194 5124 NDIS - ok
06:23:52.0219 5124 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
06:23:52.0248 5124 NdisTapi - ok
06:23:52.0262 5124 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
06:23:52.0289 5124 Ndisuio - ok
06:23:52.0370 5124 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
06:23:52.0410 5124 NdisWan - ok
06:23:52.0433 5124 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
06:23:52.0462 5124 NDProxy - ok
06:23:52.0489 5124 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
06:23:52.0518 5124 NetBIOS - ok
06:23:52.0548 5124 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
06:23:52.0567 5124 netbt - ok
06:23:52.0609 5124 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
06:23:52.0616 5124 nfrd960 - ok
06:23:52.0660 5124 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
06:23:52.0686 5124 Npfs - ok
06:23:52.0701 5124 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
06:23:52.0739 5124 nsiproxy - ok
06:23:52.0937 5124 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
06:23:52.0987 5124 Ntfs - ok
06:23:52.0998 5124 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
06:23:53.0046 5124 Null - ok
06:23:53.0061 5124 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
06:23:53.0070 5124 nvraid - ok
06:23:53.0098 5124 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
06:23:53.0104 5124 nvstor - ok
06:23:53.0127 5124 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
06:23:53.0136 5124 nv_agp - ok
06:23:53.0145 5124 NwlnkFlt - ok
06:23:53.0157 5124 NwlnkFwd - ok
06:23:53.0185 5124 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
06:23:53.0202 5124 ohci1394 - ok
06:23:53.0259 5124 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
06:23:53.0322 5124 Parport - ok
06:23:53.0359 5124 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
06:23:53.0367 5124 partmgr - ok
06:23:53.0391 5124 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
06:23:53.0399 5124 pci - ok
06:23:53.0413 5124 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
06:23:53.0420 5124 pciide - ok
06:23:53.0577 5124 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
06:23:53.0586 5124 pcmcia - ok
06:23:53.0722 5124 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
06:23:53.0801 5124 PEAUTH - ok
06:23:53.0838 5124 pnarp (f1965ae69fdb4c6d9ffeceb2c12f7898) C:\Windows\system32\DRIVERS\pnarp.sys
06:23:53.0845 5124 pnarp - ok
06:23:53.0892 5124 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
06:23:53.0920 5124 PptpMiniport - ok
06:23:53.0942 5124 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
06:23:53.0994 5124 Processor - ok
06:23:54.0016 5124 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
06:23:54.0033 5124 PSched - ok
06:23:54.0144 5124 purendis (ec7333fc339fc6a1f9bb3e50ad9b13c6) C:\Windows\system32\DRIVERS\purendis.sys
06:23:54.0150 5124 purendis - ok
06:23:54.0496 5124 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
06:23:54.0536 5124 ql2300 - ok
06:23:54.0584 5124 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
06:23:54.0592 5124 ql40xx - ok
06:23:54.0617 5124 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
06:23:54.0667 5124 QWAVEdrv - ok
06:23:54.0682 5124 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
06:23:54.0715 5124 RasAcd - ok
06:23:54.0739 5124 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:23:54.0774 5124 Rasl2tp - ok
06:23:54.0806 5124 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
06:23:54.0824 5124 RasPppoe - ok
06:23:54.0854 5124 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
06:23:54.0885 5124 RasSstp - ok
06:23:54.0959 5124 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
06:23:54.0998 5124 rdbss - ok
06:23:55.0014 5124 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:23:55.0038 5124 RDPCDD - ok
06:23:55.0076 5124 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
06:23:55.0109 5124 rdpdr - ok
06:23:55.0120 5124 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
06:23:55.0152 5124 RDPENCDD - ok
06:23:55.0175 5124 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
06:23:55.0202 5124 RDPWD - ok
06:23:55.0228 5124 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
06:23:55.0252 5124 rspndr - ok
06:23:55.0437 5124 RTL8187B (f1102b40e0a6e8edbdf806b00b68730b) C:\Windows\system32\DRIVERS\RTL8187B.sys
06:23:55.0478 5124 RTL8187B - ok
06:23:55.0504 5124 SANDRA - ok
06:23:55.0578 5124 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
06:23:55.0584 5124 SASDIFSV - ok
06:23:55.0594 5124 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
06:23:55.0598 5124 SASKUTIL - ok
06:23:55.0635 5124 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
06:23:55.0642 5124 sbp2port - ok
06:23:55.0658 5124 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:23:55.0699 5124 secdrv - ok
06:23:55.0722 5124 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
06:23:55.0762 5124 Serenum - ok
06:23:55.0779 5124 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
06:23:55.0840 5124 Serial - ok
06:23:55.0873 5124 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
06:23:55.0913 5124 sermouse - ok
06:23:55.0942 5124 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
06:23:55.0967 5124 sffdisk - ok
06:23:55.0975 5124 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
06:23:56.0004 5124 sffp_mmc - ok
06:23:56.0013 5124 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
06:23:56.0036 5124 sffp_sd - ok
06:23:56.0047 5124 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
06:23:56.0081 5124 sfloppy - ok
06:23:56.0109 5124 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
06:23:56.0115 5124 SiSRaid2 - ok
06:23:56.0137 5124 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
06:23:56.0145 5124 SiSRaid4 - ok
06:23:56.0187 5124 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
06:23:56.0227 5124 Smb - ok
06:23:56.0243 5124 smbusp (9e78cf6a508d5fc2b446399274faa054) C:\Windows\system32\DRIVERS\intelsmb.sys
06:23:56.0283 5124 smbusp - ok
06:23:56.0312 5124 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
06:23:56.0320 5124 spldr - ok
06:23:56.0346 5124 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
06:23:56.0387 5124 srv - ok
06:23:56.0415 5124 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
06:23:56.0459 5124 srv2 - ok
06:23:56.0518 5124 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
06:23:56.0553 5124 srvnet - ok
06:23:56.0570 5124 StkAMini - ok
06:23:56.0694 5124 StkCMini (d2fbe517d8fe03552e9c6cf91c1540d2) C:\Windows\system32\Drivers\StkCMini.sys
06:23:56.0754 5124 StkCMini ( UnsignedFile.Multi.Generic ) - warning
06:23:56.0754 5124 StkCMini - detected UnsignedFile.Multi.Generic (1)
06:23:56.0762 5124 StkScan - ok
06:23:56.0799 5124 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
06:23:56.0804 5124 swenum - ok
06:23:56.0822 5124 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
06:23:56.0830 5124 Symc8xx - ok
06:23:56.0842 5124 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
06:23:56.0848 5124 Sym_hi - ok
06:23:56.0859 5124 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
06:23:56.0866 5124 Sym_u3 - ok
06:23:56.0940 5124 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
06:23:56.0987 5124 Tcpip - ok
06:23:57.0040 5124 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
06:23:57.0100 5124 Tcpip6 - ok
06:23:57.0181 5124 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
06:23:57.0259 5124 tcpipreg - ok
06:23:57.0287 5124 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
06:23:57.0322 5124 TDPIPE - ok
06:23:57.0348 5124 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
06:23:57.0396 5124 TDTCP - ok
06:23:57.0447 5124 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
06:23:57.0485 5124 tdx - ok
06:23:57.0509 5124 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
06:23:57.0518 5124 TermDD - ok
06:23:57.0567 5124 tifsfilter (3e24b7fe52bc455da8d6e2cc2b4ca23f) C:\Windows\system32\DRIVERS\tifsfilt.sys
06:23:57.0573 5124 tifsfilter - ok
06:23:57.0810 5124 timounter (ec4fd4d147985a97e881729e808e6f34) C:\Windows\system32\DRIVERS\timntr.sys
06:23:57.0840 5124 timounter - ok
06:23:57.0885 5124 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:23:57.0928 5124 tssecsrv - ok
06:23:58.0035 5124 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
06:23:58.0088 5124 tunmp - ok
06:23:58.0099 5124 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
06:23:58.0118 5124 tunnel - ok
06:23:58.0135 5124 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
06:23:58.0143 5124 uagp35 - ok
06:23:58.0174 5124 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
06:23:58.0207 5124 udfs - ok
06:23:58.0235 5124 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
06:23:58.0243 5124 uliagpkx - ok
06:23:58.0367 5124 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
06:23:58.0378 5124 uliahci - ok
06:23:58.0480 5124 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
06:23:58.0489 5124 UlSata - ok
06:23:58.0599 5124 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
06:23:58.0608 5124 ulsata2 - ok
06:23:58.0640 5124 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
06:23:58.0692 5124 umbus - ok
06:23:58.0709 5124 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
06:23:58.0733 5124 UMPass - ok
06:23:58.0760 5124 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
06:23:58.0788 5124 usbaudio - ok
06:23:58.0807 5124 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
06:23:58.0834 5124 usbccgp - ok
06:23:58.0855 5124 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
06:23:58.0891 5124 usbcir - ok
06:23:58.0904 5124 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
06:23:58.0921 5124 usbehci - ok
06:23:58.0941 5124 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
06:23:58.0961 5124 usbhub - ok
06:23:58.0984 5124 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
06:23:59.0027 5124 usbohci - ok
06:23:59.0042 5124 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
06:23:59.0085 5124 usbprint - ok
06:23:59.0105 5124 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:23:59.0135 5124 USBSTOR - ok
06:23:59.0154 5124 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
06:23:59.0172 5124 usbuhci - ok
06:23:59.0311 5124 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
06:23:59.0345 5124 usbvideo - ok
06:23:59.0373 5124 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
06:23:59.0398 5124 vga - ok
06:23:59.0418 5124 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
06:23:59.0454 5124 VgaSave - ok
06:23:59.0478 5124 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
06:23:59.0484 5124 viaide - ok
06:23:59.0501 5124 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
06:23:59.0509 5124 volmgr - ok
06:23:59.0616 5124 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
06:23:59.0637 5124 volmgrx - ok
06:23:59.0669 5124 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
06:23:59.0681 5124 volsnap - ok
06:23:59.0704 5124 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
06:23:59.0712 5124 vsmraid - ok
06:23:59.0733 5124 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
06:23:59.0779 5124 WacomPen - ok
06:23:59.0804 5124 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
06:23:59.0833 5124 Wanarp - ok
06:23:59.0835 5124 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
06:23:59.0853 5124 Wanarpv6 - ok
06:23:59.0881 5124 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
06:23:59.0888 5124 Wd - ok
06:24:00.0043 5124 Wdf01000 (dbb4397d703a755facb05486c449c507) C:\Windows\system32\drivers\Wdf01000.sys
06:24:00.0086 5124 Wdf01000 - ok
06:24:00.0130 5124 WinDriver6 (6ec754e32e6090d4f8cc04b9260457fb) C:\Windows\system32\drivers\windrvr6.sys
06:24:00.0170 5124 WinDriver6 - ok
06:24:00.0196 5124 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
06:24:00.0213 5124 WmiAcpi - ok
06:24:00.0314 5124 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
06:24:00.0355 5124 WpdUsb - ok
06:24:00.0368 5124 WPRO_40_1340 - ok
06:24:00.0388 5124 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
06:24:00.0414 5124 ws2ifsl - ok
06:24:00.0442 5124 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:24:00.0467 5124 WUDFRd - ok
06:24:00.0515 5124 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
06:24:00.0523 5124 xusb21 - ok
06:24:00.0549 5124 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
06:24:00.0610 5124 \Device\Harddisk0\DR0 - ok
06:24:00.0612 5124 Boot (0x1200) (e066052ffecd686b9223c2cddc1240fa) \Device\Harddisk0\DR0\Partition0
06:24:00.0613 5124 \Device\Harddisk0\DR0\Partition0 - ok
06:24:00.0613 5124 ============================================================
06:24:00.0613 5124 Scan finished
06:24:00.0613 5124 ============================================================
06:24:00.0620 5344 Detected object count: 1
06:24:00.0620 5344 Actual detected object count: 1
06:24:08.0862 5344 StkCMini ( UnsignedFile.Multi.Generic ) - skipped by user
06:24:08.0863 5344 StkCMini ( UnsignedFile.Multi.Generic ) - User select action: Skip

#8 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,524
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 28 December 2011 - 07:16 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo

<-- Don't worry every little bit helps.

#9 DjXyanyde

Member

Group: Members
Posts: 21
Joined: 25-November 11

Posted 28 December 2011 - 04:22 PM

Twice in a row, the second I click on "Scan" I get an instant blue screen error.

I'm completely unable to run the scan.

#10 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,524
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 28 December 2011 - 09:41 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo

<-- Don't worry every little bit helps.

#11 DjXyanyde

Member

Group: Members
Posts: 21
Joined: 25-November 11

Posted 29 December 2011 - 05:49 AM

Ran FixTDSS and it said "***Infected MBR detected"

I clicked repair and it said "Repair succeeded"

Running aswMBR now and will report the findings shortly.

#12 DjXyanyde

Member

Group: Members
Posts: 21
Joined: 25-November 11

Posted 29 December 2011 - 06:25 AM

Clicked Scan and got an instant blue screen again.

Upon restarting, I noticed the google redirects are gone (so far!) and I haven't gotten any odd IE error messages yet so that's a plus. It may be too soon to tell if everything is taken care of though.

#13 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,524
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 29 December 2011 - 07:40 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

<-- Don't worry every little bit helps.

#14 DjXyanyde

Member

Group: Members
Posts: 21
Joined: 25-November 11

Posted 01 January 2012 - 11:56 PM

Everything had been going well for a day or so and then a rogue antivirus program popped up, I traced it back to LFQ.exe but it looks like Combofix got rid of that.

I just finished running it so I'm not sure how everything is running yet. Thanks again for your continued help.

ComboFix 12-01-01.06 - C1 01/01/2012 23:20:27.2.8 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6133.4502 [GMT -5:00]
Running from: c:\users\C1\Desktop\ComboFix.exe
Command switches used :: c:\users\C1\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\C1\AppData\Local\lfq.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2012-01-02 04:30 . 2012-01-02 04:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECB73E47-C38C-4C3E-A7A5-48F138C6CF2B}\offreg.dll
2012-01-02 04:29 . 2012-01-02 04:29 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-01-02 04:29 . 2012-01-02 04:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-01 09:11 . 2012-01-01 09:11 110080 ----a-r- c:\users\C1\AppData\Roaming\Microsoft\Installer\{89A07279-1DB3-485A-B1DF-584DF86774B9}\IconF7A21AF7.exe
2012-01-01 09:11 . 2012-01-01 09:11 110080 ----a-r- c:\users\C1\AppData\Roaming\Microsoft\Installer\{89A07279-1DB3-485A-B1DF-584DF86774B9}\IconD7F16134.exe
2012-01-01 09:11 . 2012-01-01 09:11 110080 ----a-r- c:\users\C1\AppData\Roaming\Microsoft\Installer\{89A07279-1DB3-485A-B1DF-584DF86774B9}\Icon1226A4C5.exe
2012-01-01 09:11 . 2012-01-01 09:11 -------- d-----w- C:\sh4ldr
2012-01-01 09:11 . 2012-01-01 09:11 -------- d-----w- c:\program files\Enigma Software Group
2012-01-01 09:10 . 2012-01-01 09:11 -------- d-----w- c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP
2011-12-30 07:14 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECB73E47-C38C-4C3E-A7A5-48F138C6CF2B}\mpengine.dll
2011-12-26 20:38 . 2012-01-02 04:14 -------- d-----w- c:\users\C1\.gstreamer-0.10
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- c:\users\C1\AppData\Local\Motorola
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- C:\Binaries
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- c:\program files (x86)\Common Files\Nero
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- c:\programdata\Nero
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- c:\program files (x86)\Motorola Media Link
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- c:\programdata\Motorola
2011-12-26 20:37 . 2011-12-26 20:37 -------- d-----w- c:\program files (x86)\Motorola Mobility
2011-12-26 20:36 . 2011-12-26 20:36 -------- d-----w- c:\program files\Motorola Inc
2011-12-26 20:36 . 2011-12-26 20:36 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-12-26 20:35 . 2011-12-26 20:37 -------- d-----w- c:\users\C1\AppData\Roaming\Motorola
2011-12-26 20:35 . 2011-12-26 20:35 -------- d-----w- c:\program files (x86)\Motorola
2011-12-26 20:34 . 2012-01-02 04:14 -------- d-----w- c:\users\C1\AppData\Roaming\MotoCast
2011-12-22 18:54 . 2011-12-22 18:54 -------- d-----w- c:\program files (x86)\Winamp Detect
2011-12-18 22:17 . 2011-12-18 22:17 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-18 22:17 . 2011-12-18 22:17 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-18 22:17 . 2011-12-18 22:17 -------- d-----w- c:\program files (x86)\OpenAL
2011-12-17 11:01 . 2012-01-02 04:31 -------- d-----w- c:\users\C1\AppData\Local\LogMeIn Hamachi
2011-12-17 11:01 . 2011-12-17 11:01 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-12-17 05:02 . 2011-12-17 05:02 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2011-12-16 16:27 . 2010-02-04 15:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-16 16:27 . 2010-02-04 15:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-12-16 16:27 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-12-16 16:27 . 2009-09-04 22:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-12-16 16:27 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-12-16 16:27 . 2009-09-04 22:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-12-16 15:47 . 2010-02-04 15:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-12-16 15:47 . 2010-02-04 15:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-12-16 15:47 . 2010-02-04 15:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-12-16 15:47 . 2010-02-04 15:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-12-16 15:47 . 2011-12-16 15:47 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-12-14 15:24 . 2011-12-14 16:38 -------- d-----w- c:\users\C1\AppData\Local\ArmA 2 Free
2011-12-14 11:10 . 2011-12-14 11:10 -------- d-----w- c:\program files (x86)\Bohemia Interactive
2011-12-13 06:48 . 2011-12-13 06:48 -------- d-----w- c:\programdata\ATI
2011-12-13 06:41 . 2011-12-13 06:41 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 22:17 . 2008-11-26 07:12 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-18 22:17 . 2008-11-26 07:12 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-13 06:29 . 2011-07-28 21:39 892416 ----a-w- c:\windows\system32\aticfx64.dll
2011-12-13 06:29 . 2011-07-28 20:53 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-12-13 06:29 . 2011-07-28 21:30 4292096 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-12-13 06:29 . 2011-07-28 21:03 4189184 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-12-13 06:29 . 2011-07-28 20:52 45056 ----a-w- c:\windows\system32\atitmp64.dll
2011-12-13 06:29 . 2011-07-28 21:40 748544 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-12-13 06:29 . 2011-07-28 21:09 4353536 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-12-13 06:29 . 2011-07-28 20:53 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-12-13 06:29 . 2010-07-31 16:07 58880 ----a-w- c:\windows\system32\coinst.dll
2011-12-13 06:29 . 2011-07-28 21:11 4044288 ----a-w- c:\windows\system32\atiumd6a.dll
2011-12-13 06:29 . 2011-07-28 21:02 5510144 ----a-w- c:\windows\system32\atiumd64.dll
2011-12-13 06:29 . 2011-07-28 20:53 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-12-01 12:20 . 2011-12-01 12:21 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-24 01:27 . 2011-11-24 01:27 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-11-21 03:13 . 2011-05-27 17:17 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-28 14:34 . 2011-10-28 14:34 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-10-28 14:32 . 2011-10-28 14:32 2 --shatr- c:\windows\winstart.bat
2011-10-26 02:21 . 2011-10-26 02:21 66560 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-10-26 02:21 . 2011-10-26 02:21 66560 ----a-w- c:\windows\system32\OVDecoder64.dll
2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll
2011-10-26 02:21 . 2011-10-26 02:21 16991744 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-26 02:20 . 2011-10-26 02:20 13950464 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-26_23.20.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-10-11 21:46 . 2010-06-02 08:55 74072 c:\windows\SysWOW64\XAPOFX1_5.dll
+ 2011-12-30 12:10 . 2010-06-02 09:55 74072 c:\windows\SysWOW64\XAPOFX1_5.dll
- 2011-10-11 21:46 . 2009-09-04 21:44 69464 c:\windows\SysWOW64\XAPOFX1_3.dll
+ 2011-12-30 12:10 . 2009-09-04 22:44 69464 c:\windows\SysWOW64\XAPOFX1_3.dll
+ 2011-12-30 12:10 . 2008-10-27 15:04 70992 c:\windows\SysWOW64\XAPOFX1_2.dll
- 2011-10-11 21:46 . 2008-10-27 14:04 70992 c:\windows\SysWOW64\XAPOFX1_2.dll
+ 2011-12-30 12:10 . 2008-10-27 15:04 23376 c:\windows\SysWOW64\X3DAudio1_5.dll
- 2011-10-11 21:46 . 2008-10-27 14:04 23376 c:\windows\SysWOW64\X3DAudio1_5.dll
- 2008-01-21 03:19 . 2011-12-26 20:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:19 . 2011-12-31 20:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:19 . 2011-12-26 20:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:19 . 2011-12-31 20:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:19 . 2011-12-26 20:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:19 . 2011-12-31 20:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-11 21:46 . 2010-06-02 08:55 77656 c:\windows\system32\XAPOFX1_5.dll
+ 2011-12-30 12:10 . 2010-06-02 09:55 77656 c:\windows\system32\XAPOFX1_5.dll
- 2011-10-11 21:46 . 2009-09-04 21:44 73544 c:\windows\system32\XAPOFX1_3.dll
+ 2011-12-30 12:10 . 2009-09-04 22:44 73544 c:\windows\system32\XAPOFX1_3.dll
- 2011-10-11 21:46 . 2008-10-27 14:04 74576 c:\windows\system32\XAPOFX1_2.dll
+ 2011-12-30 12:10 . 2008-10-27 15:04 74576 c:\windows\system32\XAPOFX1_2.dll
+ 2011-12-30 12:10 . 2010-02-04 15:01 24920 c:\windows\system32\X3DAudio1_7.dll
- 2011-10-11 21:46 . 2010-02-04 14:01 24920 c:\windows\system32\X3DAudio1_7.dll
+ 2011-12-30 12:10 . 2008-10-27 15:04 25936 c:\windows\system32\X3DAudio1_5.dll
- 2011-10-11 21:46 . 2008-10-27 14:04 25936 c:\windows\system32\X3DAudio1_5.dll
+ 2008-01-21 02:09 . 2012-01-02 04:32 80698 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:44 . 2012-01-02 04:33 77746 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-02 12:26 . 2012-01-02 04:33 16280 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1317447156-3686453458-179285891-1000_UserData.bin
+ 2008-11-02 12:24 . 2012-01-01 10:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-02 12:24 . 2011-12-24 19:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-02 12:24 . 2011-12-24 19:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-02 12:24 . 2012-01-01 10:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-02 12:24 . 2012-01-01 10:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-02 12:24 . 2011-12-24 19:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-12 00:21 . 2012-01-02 03:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-12 00:21 . 2011-12-26 23:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-12 00:21 . 2012-01-02 03:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-12 00:21 . 2011-12-26 23:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-12 00:21 . 2011-12-26 23:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-12 00:21 . 2012-01-02 03:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-16 23:07 . 2012-01-02 04:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-16 23:07 . 2011-12-24 17:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-16 23:07 . 2011-12-24 17:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-16 23:07 . 2012-01-02 04:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-30 12:10 . 2011-12-30 12:10 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-12-30 12:10 . 2011-12-30 12:10 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-01-02 04:30 . 2012-01-02 04:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-26 23:17 . 2011-12-26 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-02 04:30 . 2012-01-02 04:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-26 23:17 . 2011-12-26 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-30 00:30 . 2011-12-30 00:30 4286 c:\windows\Installer\{ECFD8D36-5629-4480-9290-0BC518EE8A0E}\XSplit.Core.exe
- 2011-10-11 21:46 . 2010-06-02 08:55 527192 c:\windows\SysWOW64\XAudio2_7.dll
+ 2011-12-30 12:10 . 2010-06-02 09:55 527192 c:\windows\SysWOW64\XAudio2_7.dll
- 2011-10-11 21:46 . 2009-09-04 21:44 515416 c:\windows\SysWOW64\XAudio2_5.dll
+ 2011-12-30 12:10 . 2009-09-04 22:44 515416 c:\windows\SysWOW64\XAudio2_5.dll
+ 2011-12-30 12:10 . 2008-10-27 15:04 514384 c:\windows\SysWOW64\XAudio2_3.dll
- 2011-10-11 21:46 . 2008-10-27 14:04 514384 c:\windows\SysWOW64\XAudio2_3.dll
+ 2011-12-30 12:10 . 2010-06-02 09:55 239960 c:\windows\SysWOW64\xactengine3_7.dll
- 2011-10-11 21:46 . 2010-06-02 08:55 239960 c:\windows\SysWOW64\xactengine3_7.dll
+ 2011-12-30 12:10 . 2009-09-04 22:44 238936 c:\windows\SysWOW64\xactengine3_5.dll
- 2011-10-11 21:46 . 2009-09-04 21:44 238936 c:\windows\SysWOW64\xactengine3_5.dll
- 2011-10-11 21:46 . 2008-10-27 14:04 235856 c:\windows\SysWOW64\xactengine3_3.dll
+ 2011-12-30 12:10 . 2008-10-27 15:04 235856 c:\windows\SysWOW64\xactengine3_3.dll
- 2011-10-11 21:46 . 2010-05-26 15:41 248672 c:\windows\SysWOW64\d3dx11_43.dll
+ 2011-12-30 12:10 . 2010-05-26 16:41 248672 c:\windows\SysWOW64\d3dx11_43.dll
- 2011-10-11 21:46 . 2009-09-04 21:29 235344 c:\windows\SysWOW64\d3dx11_42.dll
+ 2011-12-30 12:10 . 2009-09-04 22:29 235344 c:\windows\SysWOW64\d3dx11_42.dll
+ 2011-12-30 12:10 . 2010-05-26 16:41 470880 c:\windows\SysWOW64\d3dx10_43.dll
- 2011-10-11 21:46 . 2010-05-26 15:41 470880 c:\windows\SysWOW64\d3dx10_43.dll
+ 2011-12-30 12:10 . 2009-09-04 22:29 453456 c:\windows\SysWOW64\d3dx10_42.dll
- 2011-09-16 04:45 . 2009-09-04 21:29 453456 c:\windows\SysWOW64\d3dx10_42.dll
+ 2011-12-30 12:10 . 2010-06-02 09:55 518488 c:\windows\system32\XAudio2_7.dll
- 2011-10-11 21:46 . 2010-06-02 08:55 518488 c:\windows\system32\XAudio2_7.dll
+ 2011-12-30 12:10 . 2009-09-04 22:44 517960 c:\windows\system32\XAudio2_5.dll
- 2011-10-11 21:46 . 2009-09-04 21:44 517960 c:\windows\system32\XAudio2_5.dll
+ 2011-12-30 12:10 . 2008-10-27 15:04 518480 c:\windows\system32\XAudio2_3.dll
- 2011-10-11 21:46 . 2008-10-27 14:04 518480 c:\windows\system32\XAudio2_3.dll
+ 2011-12-30 12:10 . 2010-06-02 09:55 176984 c:\windows\system32\xactengine3_7.dll
- 2011-10-11 21:46 . 2010-06-02 08:55 176984 c:\windows\system32\xactengine3_7.dll
+ 2011-12-30 12:10 . 2010-02-04 15:01 176984 c:\windows\system32\xactengine3_6.dll
- 2011-10-11 21:46 . 2010-02-04 14:01 176984 c:\windows\system32\xactengine3_6.dll
- 2011-10-11 21:46 . 2009-09-04 21:44 176968 c:\windows\system32\xactengine3_5.dll
+ 2011-12-30 12:10 . 2009-09-04 22:44 176968 c:\windows\system32\xactengine3_5.dll
+ 2011-12-30 12:10 . 2008-10-27 15:04 175440 c:\windows\system32\xactengine3_3.dll
- 2011-10-11 21:46 . 2008-10-27 14:04 175440 c:\windows\system32\xactengine3_3.dll
- 2006-11-02 12:46 . 2011-12-24 22:30 679462 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-01-02 04:20 679462 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-01-02 04:20 135232 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-12-24 22:30 135232 c:\windows\system32\perfc009.dat
- 2011-10-11 21:46 . 2010-05-26 15:41 276832 c:\windows\system32\d3dx11_43.dll
+ 2011-12-30 12:10 . 2010-05-26 16:41 276832 c:\windows\system32\d3dx11_43.dll
- 2011-10-11 21:46 . 2009-09-04 21:29 285024 c:\windows\system32\d3dx11_42.dll
+ 2011-12-30 12:10 . 2009-09-04 22:29 285024 c:\windows\system32\d3dx11_42.dll
+ 2011-12-30 12:10 . 2010-05-26 16:41 511328 c:\windows\system32\d3dx10_43.dll
- 2011-10-11 21:46 . 2010-05-26 15:41 511328 c:\windows\system32\d3dx10_43.dll
+ 2011-12-30 12:10 . 2009-09-04 22:29 523088 c:\windows\system32\d3dx10_42.dll
- 2011-10-11 21:46 . 2009-09-04 21:29 523088 c:\windows\system32\d3dx10_42.dll
- 2011-08-12 11:08 . 2011-12-26 23:16 315716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-12 11:08 . 2012-01-02 04:29 315716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-30 00:30 . 2011-12-30 00:30 717312 c:\windows\Installer\2e7f55c.msi
- 2009-12-17 08:25 . 2009-12-17 08:25 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-12-30 12:10 . 2011-12-30 12:10 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-12-30 12:10 . 2011-12-30 12:10 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-12-30 12:10 . 2011-12-30 12:10 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-12-30 12:10 . 2011-12-30 12:10 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-12-30 12:10 . 2011-12-30 12:10 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-12-30 12:10 . 2011-12-30 12:10 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-30 12:10 . 2011-12-30 12:10 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-30 12:10 . 2011-12-30 12:10 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-30 12:10 . 2011-12-30 12:10 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-30 12:09 . 2011-12-30 12:09 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-30 12:09 . 2011-12-30 12:09 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-30 12:09 . 2011-12-30 12:09 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-30 12:09 . 2011-12-30 12:09 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-30 12:10 . 2011-12-30 12:10 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-01-01 09:10 . 2012-01-01 09:10 188145 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla36.exe
- 2011-10-11 21:46 . 2010-05-26 15:41 1998168 c:\windows\SysWOW64\D3DX9_43.dll
+ 2011-12-30 12:10 . 2010-05-26 16:41 1998168 c:\windows\SysWOW64\D3DX9_43.dll
- 2011-10-11 21:46 . 2010-05-26 15:41 1868128 c:\windows\SysWOW64\d3dcsx_43.dll
+ 2011-12-30 12:10 . 2010-05-26 16:41 1868128 c:\windows\SysWOW64\d3dcsx_43.dll
- 2011-10-11 21:46 . 2009-09-04 21:29 5501792 c:\windows\SysWOW64\d3dcsx_42.dll
+ 2011-12-30 12:10 . 2009-09-04 22:29 5501792 c:\windows\SysWOW64\d3dcsx_42.dll
+ 2011-12-30 12:10 . 2010-05-26 16:41 2106216 c:\windows\SysWOW64\D3DCompiler_43.dll
- 2011-10-11 21:46 . 2010-05-26 15:41 2106216 c:\windows\SysWOW64\D3DCompiler_43.dll
+ 2011-12-30 12:10 . 2010-05-26 16:41 2401112 c:\windows\system32\D3DX9_43.dll
- 2011-10-11 21:46 . 2010-05-26 15:41 2401112 c:\windows\system32\D3DX9_43.dll
- 2011-10-11 21:46 . 2010-05-26 15:41 1907552 c:\windows\system32\d3dcsx_43.dll
+ 2011-12-30 12:10 . 2010-05-26 16:41 1907552 c:\windows\system32\d3dcsx_43.dll
+ 2011-12-30 12:10 . 2009-09-04 22:29 5554512 c:\windows\system32\d3dcsx_42.dll
- 2011-10-11 21:46 . 2009-09-04 21:29 5554512 c:\windows\system32\d3dcsx_42.dll
+ 2011-12-30 12:10 . 2010-05-26 16:41 2526056 c:\windows\system32\D3DCompiler_43.dll
- 2011-10-11 21:46 . 2010-05-26 15:41 2526056 c:\windows\system32\D3DCompiler_43.dll
- 2008-11-29 23:38 . 2011-12-26 23:16 2723336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-11-29 23:38 . 2012-01-02 04:29 2723336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-01 09:11 . 2012-01-01 09:11 3148800 c:\windows\Installer\b22ce49.msi
+ 2011-12-30 12:09 . 2011-12-30 12:09 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-12-17 08:25 . 2009-12-17 08:25 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-30 12:09 . 2011-12-30 12:09 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-12 11:08 . 2012-01-02 04:07 42671768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1317447156-3686453458-179285891-1000-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-16 5486464]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2011-12-26 1846]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
c:\users\C1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-11-29 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 amBX Service;amBX Service;c:\program files (x86)\amBX\System\amBX_Service.exe [2009-10-14 612864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-12-15 87368]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [2008-10-08 23000]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 Philips amBX USB HAL;Philips amBX USB HAL;c:\program files (x86)\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe [2008-06-09 540672]
S2 StkSSrv;Syntek AVStream USB2.0 ATV Service;c:\windows\System32\StkCSrv.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 17:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 03:50]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 03:50]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317447156-3686453458-179285891-1000Core.job
- c:\users\C1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-05 09:43]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317447156-3686453458-179285891-1000UA.job
- c:\users\C1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-05 09:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\C1\AppData\Roaming\Mozilla\Firefox\Profiles\prw99jkw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=12-05-2010&tb_mrud=12-05-2010
FF - prefs.js: browser.search.selectedEngine - Wowhead
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/Djxyanyde
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1317447156-3686453458-179285891-1000\Software\SecuROM\License information*]
"datasecu"=hex:67,f2,f4,d2,6d,1d,0d,f9,04,e7,80,1c,62,21,50,0f,1a,11,fa,e8,07,
af,4b,18,50,78,84,2e,e5,b1,69,5d,ce,42,d7,3c,0d,69,25,f8,dc,28,67,76,f4,0a,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-01-01 23:46:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-02 04:46
ComboFix2.txt 2011-12-26 23:40
.
Pre-Run: 206,823,407,616 bytes free
Post-Run: 206,863,155,200 bytes free
.
- - End Of File - - 22447FBD5CF331973DBE26EA4624322E

#15 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,524
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 02 January 2012 - 10:12 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter

File sharing infects 500,000 computers

USAToday

infoworld

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

start

settings

control panel

add/remove programs

Adobe Reader 9.2
Java™ 6 Update 29

remove

Update Adobe Reader

http://www.adobe.com/products/acrobat/readstep2.html

Adobe Reader

here

Note:

AskBar

Install Java:

Please go here to install Java

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

TFC(Temp File Cleaner):

Please download TFC to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidentally close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo