Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus Window7 7 64bit


  • This topic is locked This topic is locked
20 replies to this topic

#1 Grale

Grale

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 26 November 2011 - 05:34 AM

Google is redirecting me to random sites when clicking links, and internet explorer seems to have slowed down also.
Tried all the virus removal programs without any luck. Also using Firefox which is unaffected.

Running Windows7 64bit

Any help will very much appreciated as i am close to reformatting my drive!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Darren at 9:59:43 on 2011-11-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.6143.4973 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove Folder Synchronization: {6f823386-2459-4307-32bd-795d2b2e2be8} - C:\Windows\SysWOW64\KBBDINBE2.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{ECD3B20E-7FB2-4F41-B88E-FB0D70008E21} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove Folder Synchronization: {6F823386-2459-4307-32BD-795D2B2E2BE8} - C:\Windows\SysWOW64\KBBDINBE2.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\lwr59kb5.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-20 42184]
R2 inpoutx64;inpoutx64;C:\Windows\system32\Drivers\inpoutx64.sys --> C:\Windows\system32\Drivers\inpoutx64.sys [?]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R3 NmPar;PCI Parallel Port;C:\Windows\system32\DRIVERS\NmPar.sys --> C:\Windows\system32\DRIVERS\NmPar.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PTLIBUSB0;PRUFTECHNIK-USB-WIN-KERNEL DRIVER 02/25/2008, 1.12.0.1;C:\Windows\system32\DRIVERS\PTLIBUSB0.SYS --> C:\Windows\system32\DRIVERS\PTLIBUSB0.SYS [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-26 09:06:07 -------- d-----w- C:\Users\Darren\AppData\Local\{8C3466DC-7B87-48A4-B5F5-B429D7DEB0F1}
2011-11-26 09:05:44 -------- d-----w- C:\Users\Darren\AppData\Local\{CC75D810-4B57-473F-9D75-5FA1F3B83BEF}
2011-11-26 09:02:57 -------- d-----w- C:\Users\Darren\AppData\Local\{99D25193-79DC-4188-B093-90ECF2993105}
2011-11-26 09:02:32 -------- d-----w- C:\Users\Darren\AppData\Local\{167BB32A-7E63-4219-B1DB-12E9986D0E1C}
2011-11-26 08:49:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8FDB3E00-F243-47CC-90EF-2994AB2C3855}\offreg.dll
2011-11-25 14:26:24 -------- d-----w- C:\Program Files (x86)\MagicISO
2011-11-25 13:58:43 -------- d-----w- C:\Users\Darren\AppData\Local\{A6F2B3C0-B404-44B6-ACEF-7A93887778E0}
2011-11-25 13:58:21 -------- d-----w- C:\Users\Darren\AppData\Local\{B0C22E21-5153-4F70-8C41-766DE63FD5B2}
2011-11-25 13:44:35 -------- d-----w- C:\Windows\en
2011-11-25 13:44:15 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-11-25 13:43:57 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\46bd6bd01ccab7812\bingbarsetup.exe
2011-11-25 13:42:11 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\82f62101ccab7804\MeshBetaRemover.exe
2011-11-25 13:38:52 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\919723681ccab7706\DSETUP.dll
2011-11-25 13:38:52 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\919723681ccab7706\DXSETUP.exe
2011-11-25 13:38:52 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\919723681ccab7706\dsetup32.dll
2011-11-25 13:38:47 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8e4ede081ccab7705\DSETUP.dll
2011-11-25 13:38:47 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8e4ede081ccab7705\DXSETUP.exe
2011-11-25 13:38:47 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8e4ede081ccab7705\dsetup32.dll
2011-11-25 13:38:22 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ee1f8101ccab7701\Silverlight.4.0.exe
2011-11-24 17:49:49 -------- d-----w- C:\Users\Darren\AppData\Roaming\OfficeRecovery
2011-11-23 20:19:54 -------- d-----w- C:\$RECYCLE.BIN
2011-11-23 20:08:14 98816 ----a-w- C:\Windows\sed.exe
2011-11-23 20:08:14 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-23 20:08:14 256000 ----a-w- C:\Windows\PEV.exe
2011-11-23 20:08:14 208896 ----a-w- C:\Windows\MBR.exe
2011-11-23 20:08:08 -------- d-----w- C:\ComboFix
2011-11-22 19:06:02 -------- d-----w- C:\Users\Darren\AppData\Local\{1A8F312D-EB30-45DD-BFE0-4F6D233CBFF9}
2011-11-22 18:27:49 -------- d-----w- C:\Users\Darren\AppData\Roaming\SUPERAntiSpyware.com
2011-11-22 18:27:35 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-11-22 18:27:35 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-11-22 18:24:06 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8FDB3E00-F243-47CC-90EF-2994AB2C3855}\mpengine.dll
2011-11-20 16:34:53 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-20 16:34:53 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-11-20 16:34:40 40112 ----a-w- C:\Windows\avastSS.scr
2011-11-20 16:34:27 -------- d-----w- C:\Program Files\AVAST Software
2011-11-20 15:48:38 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-11-20 15:48:04 -------- d-----w- C:\ProgramData\Hitman Pro
2011-11-20 15:41:43 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-20 09:23:33 -------- d-----w- C:\Users\Darren\AppData\Local\{01A54578-B55B-48AA-BFD8-951DAE5F99F3}
2011-11-20 09:23:08 -------- d-----w- C:\Users\Darren\AppData\Local\{1DA9E19C-3516-41EF-80EA-92AB6CDB7C6A}
2011-11-20 08:03:34 -------- d-----w- C:\Users\Darren\AppData\Local\{9A50CAB3-4E96-42F6-8E75-305F53B99D84}
2011-11-19 12:59:06 -------- d-----w- C:\Users\Darren\AppData\Roaming\To the Moon - Freebird Games
2011-11-19 12:58:44 -------- d-----w- C:\Windows\SysWow64\1005
2011-11-19 11:13:40 -------- d-----w- C:\Users\Darren\AppData\Local\{7FC20255-64BF-484B-A36B-0AE1BCE6CEFB}
2011-11-19 11:13:18 -------- d-----w- C:\Users\Darren\AppData\Local\{CD14AC4C-4186-472F-A292-4C55CBE51590}
2011-11-19 07:36:45 -------- d-----w- C:\Users\Darren\AppData\Roaming\BeSpotted
2011-11-18 19:08:10 -------- d-----w- C:\Users\Darren\AppData\Local\{0AB007F8-15FC-404D-AEAA-AA272D836E8E}
2011-11-18 19:07:48 -------- d-----w- C:\Users\Darren\AppData\Local\{DDD33CD9-CB73-4D16-95EF-ACDFDD747993}
2011-11-18 14:49:23 1122304 ----a-w- C:\Windows\SysWow64\libeay32.dll
2011-11-18 11:09:00 -------- d-----w- C:\RHG-XSVF
2011-11-14 15:36:00 -------- d-----w- C:\Users\Darren\AppData\Local\{2F068A02-F3E2-4C69-87F4-B497BD0A7DC1}
2011-11-14 15:35:35 -------- d-----w- C:\Users\Darren\AppData\Local\{E781BA4F-C595-4167-BB43-68B42B2516FF}
2011-11-14 09:42:49 -------- d-----w- C:\Users\Darren\AppData\Local\{7303D00E-2892-4197-8EEB-F3D7A5AE3709}
2011-11-14 07:59:00 -------- d-----w- C:\Users\Darren\AppData\Local\{137F9CF1-964A-4778-8B72-BB1164CFF1FD}
2011-11-13 12:04:35 -------- d-----w- C:\Users\Darren\AppData\Local\{2679A94F-00AE-43E6-BEF7-21BD903682E8}
2011-11-13 08:06:15 -------- d-----w- C:\Users\Darren\AppData\Local\{92AA89A3-8075-4829-ADCD-9C1F0DB48C49}
2011-11-12 14:10:01 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-12 14:10:01 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-12 14:10:00 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-12 14:09:59 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-12 10:18:29 -------- d-----w- C:\Users\Darren\AppData\Roaming\ObviousIdea
2011-11-12 10:17:47 -------- d-----w- C:\Program Files (x86)\ObviousIdea
2011-11-11 18:37:53 -------- d-----w- C:\Users\Darren\AppData\Local\Tech-Modz.Net
2011-11-11 14:48:00 -------- d-----w- C:\Users\Darren\AppData\Local\{9668A168-624E-4A76-979D-B672E2784D6D}
2011-11-11 14:47:38 -------- d-----w- C:\Users\Darren\AppData\Local\{99521C31-5E25-48C3-9592-A2B18E0AD6D7}
2011-11-11 14:35:26 53760 ----a-w- C:\Windows\System32\PTLIBUSB0.DLL
2011-11-11 14:35:26 33280 ----a-w- C:\Windows\SysWow64\PTLIBUSB0.DLL
2011-11-11 14:35:26 30720 ----a-w- C:\Windows\System32\drivers\PTLIBUSB0.SYS
2011-11-11 14:34:58 15008 ----a-w- C:\Windows\System32\drivers\inpoutx64.sys
2011-11-11 14:31:02 -------- d-----w- C:\Program Files (x86)\Jtag Tool
2011-11-08 19:21:46 -------- d-----w- C:\Users\Darren\AppData\Local\{C36C5E4E-ADA8-4577-B4F8-359A80A252F5}
2011-11-08 19:21:23 -------- d-----w- C:\Users\Darren\AppData\Local\{5AE93B12-190D-418E-A5A4-8AA6AE2757D5}
2011-11-08 19:16:47 -------- d-----w- C:\Program Files (x86)\Runtime Software
2011-11-08 18:25:56 -------- d-----w- C:\Users\Darren\AppData\Roaming\X-Projects
2011-11-07 18:17:06 -------- d-----w- C:\Users\Darren\AppData\Local\{C24A6EC3-2045-4E50-A462-15B86E039903}
2011-11-06 09:08:06 -------- d-----w- C:\Users\Darren\AppData\Roaming\mkvtoolnix
2011-11-06 09:07:49 -------- d-----w- C:\Program Files (x86)\MKVtoolnix
2011-11-06 08:31:27 -------- d-----w- C:\Users\Darren\AppData\Roaming\Digilent
2011-11-06 08:31:06 -------- d-----w- C:\Users\Darren\AppData\Roaming\Xilinx
2011-11-06 08:22:52 -------- d-----w- C:\Program Files (x86)\Common Files\Digilent
2011-11-06 08:22:48 27384 ----a-w- C:\Windows\System32\drivers\xpc4drvr.sys
2011-11-06 08:22:48 -------- d-----w- C:\Program Files (x86)\Digilent
2011-11-06 08:15:22 254976 ----a-w- C:\Windows\System32\drivers\windrvr6.sys
2011-11-06 07:50:47 -------- d-----w- C:\Users\Darren\AppData\Local\{9C16A83B-4805-4264-AC56-FDF4C3C6C2AC}
2011-11-06 07:50:25 -------- d-----w- C:\Users\Darren\AppData\Local\{5E6DC99E-15F6-48C1-934E-936496DD2D28}
2011-11-05 15:10:58 -------- d-----w- C:\Users\Darren\AppData\Local\{D689CADA-8622-4209-9589-680F46E66458}
2011-11-04 18:33:18 -------- d-----w- C:\Users\Darren\AppData\Local\{73F1AF16-ED06-4F5B-BFEF-C3F6DFD44772}
2011-11-04 18:32:56 -------- d-----w- C:\Users\Darren\AppData\Local\{E2207966-C221-4D21-B929-C6B07C568152}
2011-11-04 14:15:56 -------- d-----w- C:\Users\Darren\AppData\Local\{9C780FD8-FFFE-47AB-BA2C-278A2A682710}
2011-11-04 12:57:04 -------- d-----w- C:\Users\Darren\AppData\Local\{05EE4869-2325-40E3-B214-C4373F075E7E}
2011-11-03 16:08:24 -------- d-----w- C:\Users\Darren\AppData\Local\ElevatedDiagnostics
2011-11-02 19:04:37 329728 ----a-w- C:\Windows\System32\NmUninst.exe
2011-11-02 19:04:37 -------- d-----w- C:\Program Files\NMSERIES
2011-11-01 17:17:16 -------- d-----w- C:\Users\Darren\AppData\Local\{4E45214A-CD91-4876-A8D4-858275DAF54D}
2011-11-01 17:16:54 -------- d-----w- C:\Users\Darren\AppData\Local\{06156021-6B20-44F0-BB56-7E034DFA153F}
2011-10-31 17:52:32 -------- d-----w- C:\Users\Darren\AppData\Local\{17ABB66E-9D60-4CEA-B596-1D5A009A58B3}
2011-10-31 17:52:10 -------- d-----w- C:\Users\Darren\AppData\Local\{E6607E26-A264-482C-97C1-CD48626E6A84}
2011-10-31 17:50:44 -------- d-----w- C:\Users\Darren\AppData\Local\{BA1BC6FF-A3C7-4A7A-9D32-3873DC4D2524}
2011-10-31 17:50:32 -------- d-----w- C:\Users\Darren\AppData\Local\{A5E8ED92-8DC2-4638-97D6-7027D8C1FC9B}
2011-10-30 11:18:33 -------- d-----w- C:\Users\Darren\AppData\Local\{32BD9E50-1485-4F2D-837B-5F1CF612A680}
2011-10-30 11:18:21 -------- d-----w- C:\Users\Darren\AppData\Local\{D3221642-1262-47AF-BCF2-4205DF47E661}
2011-10-29 18:29:21 -------- d-----w- C:\Users\Darren\AppData\Local\{489A404E-F14A-486E-9381-8F3B468EE441}
2011-10-29 18:10:04 -------- d-----w- C:\Users\Darren\AppData\Local\{A79B0EC2-BFC8-465B-97D6-03167B6BE030}
2011-10-29 18:09:46 -------- d-----w- C:\ProgramData\Samsung
2011-10-29 18:09:41 -------- d-----w- C:\Users\Darren\AppData\Roaming\Samsung
2011-10-29 16:31:46 -------- d-----w- C:\Users\Darren\AppData\Local\{891E9270-F257-40E1-9568-254BB9854AD8}
2011-10-29 16:27:40 -------- d-----w- C:\Users\Darren\AppData\Local\{43B2B7AA-43E3-4806-B97F-B435B1D0D74E}
2011-10-28 18:34:33 -------- d-----w- C:\Program Files (x86)\Algodoo
2011-10-28 13:58:27 -------- d-----w- C:\Users\Darren\AppData\Local\{5B136A8A-0553-4E96-B7E0-4EC4CE67F203}
2011-10-28 13:58:05 -------- d-----w- C:\Users\Darren\AppData\Local\{AC890F2D-914F-4F0D-9CF7-042492DA8B1B}
2011-10-28 12:57:07 -------- d-----w- C:\Users\Darren\AppData\Local\{CD05D77F-3212-4124-850E-E4235F44ADD9}
2011-10-27 16:32:06 -------- d-----w- C:\Users\Darren\AppData\Local\{6CC2189C-2F5E-43D8-9580-CAC836E3B187}
2011-10-27 16:31:44 -------- d-----w- C:\Users\Darren\AppData\Local\{7F1AC5DB-16DB-43D0-91F9-EE515911E777}
.
==================== Find3M ====================
.
2011-11-25 14:34:13 10488 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2011-11-25 14:34:13 10488 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2011-11-25 14:34:12 52856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2011-11-25 14:34:12 129784 ------w- C:\Windows\SysWow64\pxafs.dll
2011-11-25 14:34:12 118520 ------w- C:\Windows\SysWow64\pxinsi64.exe
2011-11-25 14:34:12 116472 ------w- C:\Windows\SysWow64\pxcpyi64.exe
2011-11-13 07:02:43 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 04:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-24 08:43:28 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-17 13:15:25 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-09-17 13:15:25 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-17 10:43:15 53248 ----a-w- C:\Windows\SysWow64\iernnonce.dll
2011-08-31 16:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-30 22:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 22:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 22:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-30 22:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 22:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 22:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 22:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-30 22:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 10:00:28.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 AM

Posted 27 November 2011 - 11:28 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Grale

Grale
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 28 November 2011 - 12:49 PM

Hello Gringo, and thankyou for your help.

Here's the comofix report.

Edit: still getting redirect on internet explorer

ComboFix 11-11-28.02 - Darren 28/11/2011 17:14:23.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.6143.5031 [GMT 0:00]
Running from: c:\users\Darren\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Darren\AppData\Roaming\Xbins
c:\users\Darren\AppData\Roaming\Xbins\dict
c:\users\Darren\AppData\Roaming\Xbins\FileZilla.xml
c:\users\Darren\AppData\Roaming\Xbins\icon.ico
c:\users\Darren\AppData\Roaming\Xbins\xbinsftp.exe
.
---- Previous Run -------
.
c:\users\Darren\AppData\Roaming\Xbins\dict
c:\users\Darren\AppData\Roaming\Xbins\FileZilla.xml
c:\users\Darren\AppData\Roaming\Xbins\icon.ico
c:\users\Darren\AppData\Roaming\Xbins\xbinsftp.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\c_209932.nls
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 17:27 . 2011-11-28 17:27 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1E303FA-B5A5-41E2-81AF-CB5D8C64AED1}\offreg.dll
2011-11-28 17:23 . 2011-11-28 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 09:12 . 2011-11-27 09:12 -------- d-----w- c:\users\UpdatusUser
2011-11-27 09:01 . 2011-11-27 09:01 -------- d-----w- C:\NVIDIA
2011-11-27 08:27 . 2011-11-27 08:27 -------- d-----w- c:\users\Darren\Logitech
2011-11-27 08:27 . 2011-11-27 08:27 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common
2011-11-27 08:27 . 2011-11-27 08:27 -------- d-----w- c:\program files (x86)\Logitech
2011-11-27 08:27 . 2011-11-27 08:27 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver
2011-11-27 08:27 . 2007-01-24 16:24 46616 ----a-w- c:\windows\system32\drivers\rcblan.sys
2011-11-27 08:27 . 2011-11-27 08:27 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-11-27 08:26 . 2011-11-27 08:26 -------- d-----w- c:\users\Darren\AppData\Roaming\InstallShield
2011-11-27 07:47 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1E303FA-B5A5-41E2-81AF-CB5D8C64AED1}\mpengine.dll
2011-11-25 14:40 . 2011-11-25 14:40 -------- d-----w- c:\programdata\FLEXnet
2011-11-25 14:35 . 2011-11-25 14:35 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-11-25 14:35 . 2011-11-25 14:34 10488 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-11-25 14:35 . 2011-11-25 14:34 10488 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-11-25 14:35 . 2011-11-25 14:34 52856 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-11-25 14:26 . 2011-11-25 14:26 -------- d-----w- c:\program files (x86)\MagicISO
2011-11-25 13:44 . 2011-11-25 13:44 -------- d-----w- c:\windows\en
2011-11-25 13:44 . 2011-11-25 13:44 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-11-25 13:43 . 2011-11-25 13:43 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\46bd6bd01ccab7812\bingbarsetup.exe
2011-11-25 13:42 . 2011-11-25 13:42 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\82f62101ccab7804\MeshBetaRemover.exe
2011-11-25 13:40 . 2011-11-27 09:25 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-11-25 13:38 . 2011-11-25 13:38 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\919723681ccab7706\DSETUP.dll
2011-11-25 13:38 . 2011-11-25 13:38 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\919723681ccab7706\DXSETUP.exe
2011-11-25 13:38 . 2011-11-25 13:38 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\919723681ccab7706\dsetup32.dll
2011-11-25 13:38 . 2011-11-25 13:38 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8e4ede081ccab7705\DSETUP.dll
2011-11-25 13:38 . 2011-11-25 13:38 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8e4ede081ccab7705\DXSETUP.exe
2011-11-25 13:38 . 2011-11-25 13:38 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8e4ede081ccab7705\dsetup32.dll
2011-11-25 13:38 . 2011-11-25 13:38 6260088 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7ee1f8101ccab7701\Silverlight.4.0.exe
2011-11-24 17:49 . 2011-11-24 17:49 -------- d-----w- c:\users\Darren\AppData\Roaming\OfficeRecovery
2011-11-20 16:34 . 2011-05-10 13:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-20 16:34 . 2011-05-10 13:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-20 16:34 . 2011-05-10 13:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-20 16:34 . 2011-05-10 12:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-20 16:34 . 2011-05-10 12:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-20 16:34 . 2011-05-10 12:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-20 16:34 . 2011-05-10 13:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-20 16:34 . 2011-05-10 13:10 40112 ----a-w- c:\windows\avastSS.scr
2011-11-20 16:34 . 2011-05-10 13:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-20 16:34 . 2011-11-20 16:34 -------- d-----w- c:\program files\AVAST Software
2011-11-20 15:48 . 2011-11-22 18:25 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-20 15:48 . 2011-11-20 16:00 -------- d-----w- c:\programdata\Hitman Pro
2011-11-20 15:41 . 2011-11-20 15:41 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-19 12:59 . 2011-11-19 15:08 -------- d-----w- c:\users\Darren\AppData\Roaming\To the Moon - Freebird Games
2011-11-19 12:58 . 2011-11-19 12:58 -------- d-----w- c:\windows\SysWow64\1005
2011-11-19 07:36 . 2011-11-19 07:36 -------- d-----w- c:\users\Darren\AppData\Roaming\BeSpotted
2011-11-18 14:49 . 2011-11-18 14:49 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll
2011-11-18 14:18 . 2011-11-18 14:18 -------- d-sha-w- c:\users\Public\DRM
2011-11-18 11:09 . 2011-11-18 11:09 -------- d-----w- C:\RHG-XSVF
2011-11-13 07:02 . 2011-11-13 07:02 -------- d-----w- c:\windows\system32\Macromed
2011-11-12 14:10 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-12 14:10 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-12 14:10 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-12 14:09 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-12 10:18 . 2011-11-19 07:37 -------- d-----w- c:\users\Darren\AppData\Roaming\ObviousIdea
2011-11-12 10:17 . 2011-11-12 10:17 -------- d-----w- c:\program files (x86)\ObviousIdea
2011-11-11 18:37 . 2011-11-11 18:37 -------- d-----w- c:\users\Darren\AppData\Local\Tech-Modz.Net
2011-11-11 14:35 . 2008-03-07 11:20 33280 ----a-w- c:\windows\SysWow64\PTLIBUSB0.DLL
2011-11-11 14:35 . 2008-03-06 12:15 53760 ----a-w- c:\windows\system32\PTLIBUSB0.DLL
2011-11-11 14:35 . 2008-03-06 12:15 30720 ----a-w- c:\windows\system32\drivers\PTLIBUSB0.SYS
2011-11-11 14:34 . 2011-11-11 14:34 15008 ----a-w- c:\windows\system32\drivers\inpoutx64.sys
2011-11-11 14:31 . 2011-11-20 16:35 -------- d-----w- c:\program files (x86)\Jtag Tool
2011-11-08 19:16 . 2011-11-08 19:16 -------- d-----w- c:\program files (x86)\Runtime Software
2011-11-08 18:50 . 2011-11-27 08:27 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-11-08 18:25 . 2011-11-08 18:25 -------- d-----w- c:\users\Darren\AppData\Roaming\X-Projects
2011-11-07 18:53 . 2011-11-07 18:53 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-11-06 09:08 . 2011-11-06 09:08 -------- d-----w- c:\users\Darren\AppData\Roaming\mkvtoolnix
2011-11-06 09:07 . 2011-11-06 09:07 -------- d-----w- c:\program files (x86)\MKVtoolnix
2011-11-06 08:31 . 2011-11-06 08:31 -------- d-----w- c:\users\Darren\AppData\Roaming\Digilent
2011-11-06 08:31 . 2011-11-09 20:09 -------- d-----w- c:\users\Darren\AppData\Roaming\Xilinx
2011-11-06 08:22 . 2011-11-06 08:22 -------- d-----w- c:\program files (x86)\Common Files\Digilent
2011-11-06 08:22 . 2011-11-06 08:22 -------- d-----w- c:\program files (x86)\Digilent
2011-11-06 08:22 . 2011-10-04 05:46 27384 ----a-w- c:\windows\system32\drivers\xpc4drvr.sys
2011-11-06 08:15 . 2011-10-04 05:46 254976 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2011-11-03 16:08 . 2011-11-03 16:08 -------- d-----w- c:\users\Darren\AppData\Local\ElevatedDiagnostics
2011-11-02 19:04 . 2011-11-02 19:04 -------- d-----w- c:\program files\NMSERIES
2011-11-02 19:04 . 2010-01-19 18:16 329728 ----a-w- c:\windows\system32\NmUninst.exe
2011-10-29 18:09 . 2011-10-29 18:35 -------- d-----w- c:\programdata\Samsung
2011-10-29 18:09 . 2011-10-29 18:18 -------- d-----w- c:\users\Darren\AppData\Roaming\Samsung
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 12:51 . 2011-09-17 10:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-08 03:51 . 2011-09-17 10:16 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-11-08 03:51 . 2011-09-17 10:16 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-11-08 03:51 . 2011-09-17 10:16 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-11-08 03:51 . 2011-09-17 10:16 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-11-08 03:51 . 2011-09-17 10:16 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-11-08 03:51 . 2011-09-17 10:16 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-11-08 03:51 . 2011-09-17 10:16 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-11-08 03:51 . 2011-09-17 10:16 8792384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-11-08 03:51 . 2011-09-17 10:16 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-11-08 03:51 . 2011-09-17 10:16 1543488 ----a-w- c:\windows\system32\nvdispco64.dll
2011-11-08 03:51 . 2011-09-17 10:16 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 07:25 . 2011-10-15 07:25 29184 ----a-r- c:\users\Darren\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2011-10-03 04:06 . 2011-09-19 16:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-24 08:43 . 2011-09-24 08:43 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-17 13:15 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-17 13:15 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-17 12:03 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-17 10:43 . 2011-09-17 10:43 53248 ----a-w- c:\windows\SysWow64\iernnonce.dll
2011-08-31 16:00 . 2011-10-07 13:14 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 22:05 . 2011-08-30 22:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F823386-2459-4307-32BD-795D2B2E2BE8}]
2009-07-14 01:11 98304 ----a-w- c:\windows\SysWOW64\KBBDINBE2.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 PTLIBUSB0;PRUFTECHNIK-USB-WIN-KERNEL DRIVER 02/25/2008, 1.12.0.1;c:\windows\system32\DRIVERS\PTLIBUSB0.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 inpoutx64;inpoutx64;c:\windows\system32\Drivers\inpoutx64.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-07 381248]
S3 NmPar;PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 13:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\lwr59kb5.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2336325715-1334469260-311099162-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2336325715-1334469260-311099162-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2011-11-28 17:39:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-28 17:39
.
Pre-Run: 6,298,058,752 bytes free
Post-Run: 6,221,066,240 bytes free
.
- - End Of File - - 9B825B74D9E2A2589336313209D9D093

Edited by Grale, 28 November 2011 - 12:55 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 AM

Posted 28 November 2011 - 01:11 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Grale

Grale
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 28 November 2011 - 01:48 PM

tdskiller ran with no reboot or detection.

18:46:59.0734 4004 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
18:46:59.0890 4004 ============================================================
18:46:59.0890 4004 Current date / time: 2011/11/28 18:46:59.0890
18:46:59.0890 4004 SystemInfo:
18:46:59.0890 4004
18:46:59.0890 4004 OS Version: 6.1.7601 ServicePack: 1.0
18:46:59.0890 4004 Product type: Workstation
18:46:59.0890 4004 ComputerName: DESKTOP
18:46:59.0890 4004 UserName: Darren
18:46:59.0890 4004 Windows directory: C:\Windows
18:46:59.0890 4004 System windows directory: C:\Windows
18:46:59.0890 4004 Running under WOW64
18:46:59.0890 4004 Processor architecture: Intel x64
18:46:59.0890 4004 Number of processors: 4
18:46:59.0890 4004 Page size: 0x1000
18:46:59.0890 4004 Boot type: Normal boot
18:46:59.0890 4004 ============================================================
18:47:00.0078 4004 Initialize success
18:47:01.0279 3432 ============================================================
18:47:01.0279 3432 Scan started
18:47:01.0279 3432 Mode: Manual;
18:47:01.0279 3432 ============================================================
18:47:01.0450 3432 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:47:01.0450 3432 1394ohci - ok
18:47:01.0466 3432 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:47:01.0466 3432 ACPI - ok
18:47:01.0482 3432 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:47:01.0482 3432 AcpiPmi - ok
18:47:01.0513 3432 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:47:01.0513 3432 adp94xx - ok
18:47:01.0528 3432 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:47:01.0528 3432 adpahci - ok
18:47:01.0560 3432 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:47:01.0560 3432 adpu320 - ok
18:47:01.0591 3432 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:47:01.0591 3432 AFD - ok
18:47:01.0606 3432 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:47:01.0606 3432 agp440 - ok
18:47:01.0622 3432 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:47:01.0622 3432 aliide - ok
18:47:01.0638 3432 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:47:01.0638 3432 amdide - ok
18:47:01.0653 3432 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:47:01.0653 3432 AmdK8 - ok
18:47:01.0669 3432 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:47:01.0669 3432 AmdPPM - ok
18:47:01.0684 3432 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:47:01.0684 3432 amdsata - ok
18:47:01.0700 3432 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:47:01.0700 3432 amdsbs - ok
18:47:01.0716 3432 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:47:01.0716 3432 amdxata - ok
18:47:01.0731 3432 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:47:01.0731 3432 AppID - ok
18:47:01.0762 3432 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:47:01.0762 3432 arc - ok
18:47:01.0778 3432 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:47:01.0778 3432 arcsas - ok
18:47:01.0794 3432 Aspi32 - ok
18:47:01.0809 3432 aswFsBlk (f1dbe3d02ffcdee5246f29b0ecebe6e0) C:\Windows\system32\drivers\aswFsBlk.sys
18:47:01.0809 3432 aswFsBlk - ok
18:47:01.0825 3432 aswMonFlt (f3e75dd1bcc358fb4629357ad09e7c84) C:\Windows\system32\drivers\aswMonFlt.sys
18:47:01.0840 3432 aswMonFlt - ok
18:47:01.0840 3432 aswRdr (fccbdc045dc12afd1508205117e7ed11) C:\Windows\system32\drivers\aswRdr.sys
18:47:01.0840 3432 aswRdr - ok
18:47:01.0872 3432 aswSnx (5824dca602a0a30e866bc2ac98c6d970) C:\Windows\system32\drivers\aswSnx.sys
18:47:01.0872 3432 aswSnx - ok
18:47:01.0903 3432 aswSP (af07b4bef920f90205148f3a05e2974c) C:\Windows\system32\drivers\aswSP.sys
18:47:01.0903 3432 aswSP - ok
18:47:01.0918 3432 aswTdi (a3eca5af3b4823a523c285a8df0f9e4f) C:\Windows\system32\drivers\aswTdi.sys
18:47:01.0918 3432 aswTdi - ok
18:47:01.0934 3432 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:47:01.0934 3432 AsyncMac - ok
18:47:01.0950 3432 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:47:01.0950 3432 atapi - ok
18:47:01.0981 3432 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:47:01.0981 3432 b06bdrv - ok
18:47:02.0012 3432 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:47:02.0012 3432 b57nd60a - ok
18:47:02.0028 3432 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:47:02.0028 3432 Beep - ok
18:47:02.0043 3432 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:47:02.0043 3432 blbdrive - ok
18:47:02.0074 3432 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:47:02.0074 3432 bowser - ok
18:47:02.0090 3432 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:47:02.0090 3432 BrFiltLo - ok
18:47:02.0106 3432 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:47:02.0106 3432 BrFiltUp - ok
18:47:02.0121 3432 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:47:02.0121 3432 Brserid - ok
18:47:02.0137 3432 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:47:02.0137 3432 BrSerWdm - ok
18:47:02.0152 3432 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:47:02.0152 3432 BrUsbMdm - ok
18:47:02.0168 3432 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:47:02.0168 3432 BrUsbSer - ok
18:47:02.0184 3432 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:47:02.0184 3432 BTHMODEM - ok
18:47:02.0199 3432 catchme - ok
18:47:02.0215 3432 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:47:02.0215 3432 cdfs - ok
18:47:02.0230 3432 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:47:02.0230 3432 cdrom - ok
18:47:02.0246 3432 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:47:02.0246 3432 circlass - ok
18:47:02.0277 3432 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:47:02.0277 3432 CLFS - ok
18:47:02.0308 3432 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:47:02.0308 3432 CmBatt - ok
18:47:02.0324 3432 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:47:02.0324 3432 cmdide - ok
18:47:02.0340 3432 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:47:02.0340 3432 CNG - ok
18:47:02.0355 3432 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:47:02.0355 3432 Compbatt - ok
18:47:02.0371 3432 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:47:02.0371 3432 CompositeBus - ok
18:47:02.0402 3432 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:47:02.0402 3432 crcdisk - ok
18:47:02.0433 3432 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:47:02.0433 3432 CSC - ok
18:47:02.0449 3432 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:47:02.0464 3432 DfsC - ok
18:47:02.0480 3432 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:47:02.0480 3432 discache - ok
18:47:02.0496 3432 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:47:02.0496 3432 Disk - ok
18:47:02.0511 3432 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:47:02.0511 3432 drmkaud - ok
18:47:02.0558 3432 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:47:02.0558 3432 DXGKrnl - ok
18:47:02.0620 3432 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:47:02.0652 3432 ebdrv - ok
18:47:02.0683 3432 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:47:02.0698 3432 elxstor - ok
18:47:02.0698 3432 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:47:02.0714 3432 ErrDev - ok
18:47:02.0730 3432 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:47:02.0730 3432 exfat - ok
18:47:02.0761 3432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:47:02.0761 3432 fastfat - ok
18:47:02.0776 3432 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:47:02.0776 3432 fdc - ok
18:47:02.0792 3432 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:47:02.0792 3432 FileInfo - ok
18:47:02.0808 3432 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:47:02.0808 3432 Filetrace - ok
18:47:02.0823 3432 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:47:02.0823 3432 flpydisk - ok
18:47:02.0854 3432 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:47:02.0854 3432 FltMgr - ok
18:47:02.0870 3432 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:47:02.0870 3432 FsDepends - ok
18:47:02.0886 3432 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:47:02.0886 3432 Fs_Rec - ok
18:47:02.0901 3432 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:47:02.0917 3432 fvevol - ok
18:47:02.0932 3432 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:47:02.0932 3432 gagp30kx - ok
18:47:02.0948 3432 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:47:02.0948 3432 hcw85cir - ok
18:47:02.0964 3432 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:47:02.0964 3432 HdAudAddService - ok
18:47:02.0979 3432 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:47:02.0979 3432 HDAudBus - ok
18:47:02.0995 3432 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:47:02.0995 3432 HidBatt - ok
18:47:03.0010 3432 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:47:03.0010 3432 HidBth - ok
18:47:03.0026 3432 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:47:03.0026 3432 HidIr - ok
18:47:03.0057 3432 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:47:03.0057 3432 HidUsb - ok
18:47:03.0073 3432 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:47:03.0073 3432 HpSAMD - ok
18:47:03.0104 3432 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:47:03.0120 3432 HTTP - ok
18:47:03.0120 3432 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:47:03.0135 3432 hwpolicy - ok
18:47:03.0151 3432 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:47:03.0151 3432 i8042prt - ok
18:47:03.0166 3432 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:47:03.0166 3432 iaStorV - ok
18:47:03.0182 3432 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:47:03.0198 3432 iirsp - ok
18:47:03.0213 3432 inpoutx64 (9321a61a25c7961d9f36852ecaa86f55) C:\Windows\system32\Drivers\inpoutx64.sys
18:47:03.0213 3432 inpoutx64 - ok
18:47:03.0229 3432 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:47:03.0229 3432 intelide - ok
18:47:03.0244 3432 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:47:03.0244 3432 intelppm - ok
18:47:03.0260 3432 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:47:03.0260 3432 IpFilterDriver - ok
18:47:03.0276 3432 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:47:03.0291 3432 IPMIDRV - ok
18:47:03.0307 3432 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:47:03.0307 3432 IPNAT - ok
18:47:03.0322 3432 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:47:03.0322 3432 IRENUM - ok
18:47:03.0338 3432 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:47:03.0338 3432 isapnp - ok
18:47:03.0354 3432 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:47:03.0354 3432 iScsiPrt - ok
18:47:03.0369 3432 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:47:03.0369 3432 kbdclass - ok
18:47:03.0385 3432 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:47:03.0385 3432 kbdhid - ok
18:47:03.0400 3432 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:47:03.0400 3432 KSecDD - ok
18:47:03.0416 3432 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:47:03.0416 3432 KSecPkg - ok
18:47:03.0432 3432 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:47:03.0432 3432 ksthunk - ok
18:47:03.0463 3432 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:47:03.0463 3432 lltdio - ok
18:47:03.0494 3432 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:47:03.0494 3432 LSI_FC - ok
18:47:03.0510 3432 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:47:03.0510 3432 LSI_SAS - ok
18:47:03.0525 3432 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:47:03.0525 3432 LSI_SAS2 - ok
18:47:03.0541 3432 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:47:03.0541 3432 LSI_SCSI - ok
18:47:03.0556 3432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:47:03.0556 3432 luafv - ok
18:47:03.0588 3432 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:47:03.0588 3432 megasas - ok
18:47:03.0603 3432 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:47:03.0603 3432 MegaSR - ok
18:47:03.0619 3432 mf (8d0e52f36a153d099de7d5a1e233fac7) C:\Windows\system32\DRIVERS\mf.sys
18:47:03.0619 3432 mf - ok
18:47:03.0634 3432 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:47:03.0634 3432 Modem - ok
18:47:03.0650 3432 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:47:03.0650 3432 monitor - ok
18:47:03.0666 3432 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:47:03.0666 3432 mouclass - ok
18:47:03.0697 3432 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:47:03.0697 3432 mouhid - ok
18:47:03.0712 3432 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:47:03.0712 3432 mountmgr - ok
18:47:03.0728 3432 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:47:03.0728 3432 mpio - ok
18:47:03.0744 3432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:47:03.0744 3432 mpsdrv - ok
18:47:03.0759 3432 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:47:03.0759 3432 MRxDAV - ok
18:47:03.0775 3432 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:47:03.0775 3432 mrxsmb - ok
18:47:03.0790 3432 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:47:03.0806 3432 mrxsmb10 - ok
18:47:03.0806 3432 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:47:03.0822 3432 mrxsmb20 - ok
18:47:03.0822 3432 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
18:47:03.0837 3432 msahci - ok
18:47:03.0853 3432 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:47:03.0853 3432 msdsm - ok
18:47:03.0868 3432 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:47:03.0868 3432 Msfs - ok
18:47:03.0884 3432 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:47:03.0884 3432 mshidkmdf - ok
18:47:03.0900 3432 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:47:03.0900 3432 msisadrv - ok
18:47:03.0931 3432 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:47:03.0931 3432 MSKSSRV - ok
18:47:03.0946 3432 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:47:03.0946 3432 MSPCLOCK - ok
18:47:03.0962 3432 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:47:03.0962 3432 MSPQM - ok
18:47:03.0978 3432 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:47:03.0993 3432 MsRPC - ok
18:47:04.0009 3432 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:47:04.0009 3432 mssmbios - ok
18:47:04.0024 3432 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:47:04.0024 3432 MSTEE - ok
18:47:04.0040 3432 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:47:04.0040 3432 MTConfig - ok
18:47:04.0056 3432 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:47:04.0056 3432 Mup - ok
18:47:04.0071 3432 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:47:04.0087 3432 NativeWifiP - ok
18:47:04.0118 3432 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:47:04.0118 3432 NDIS - ok
18:47:04.0134 3432 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:47:04.0134 3432 NdisCap - ok
18:47:04.0149 3432 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:47:04.0149 3432 NdisTapi - ok
18:47:04.0165 3432 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:47:04.0165 3432 Ndisuio - ok
18:47:04.0196 3432 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:47:04.0196 3432 NdisWan - ok
18:47:04.0212 3432 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:47:04.0212 3432 NDProxy - ok
18:47:04.0227 3432 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:47:04.0227 3432 NetBIOS - ok
18:47:04.0243 3432 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:47:04.0243 3432 NetBT - ok
18:47:04.0274 3432 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:47:04.0274 3432 nfrd960 - ok
18:47:04.0290 3432 NmPar (2f48ab72b6d554a41817020171dc53d6) C:\Windows\system32\DRIVERS\NmPar.sys
18:47:04.0290 3432 NmPar - ok
18:47:04.0305 3432 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:47:04.0305 3432 Npfs - ok
18:47:04.0321 3432 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:47:04.0321 3432 nsiproxy - ok
18:47:04.0383 3432 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:47:04.0399 3432 Ntfs - ok
18:47:04.0414 3432 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:47:04.0414 3432 Null - ok
18:47:04.0430 3432 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
18:47:04.0430 3432 NVHDA - ok
18:47:04.0617 3432 nvlddmkm (cbf698abe989d60ec0d0b6b81ad82930) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:47:04.0726 3432 nvlddmkm - ok
18:47:04.0758 3432 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:47:04.0758 3432 nvraid - ok
18:47:04.0773 3432 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:47:04.0773 3432 nvstor - ok
18:47:04.0789 3432 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:47:04.0804 3432 nv_agp - ok
18:47:04.0820 3432 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:47:04.0820 3432 ohci1394 - ok
18:47:04.0836 3432 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:47:04.0836 3432 Parport - ok
18:47:04.0851 3432 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:47:04.0851 3432 partmgr - ok
18:47:04.0867 3432 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:47:04.0882 3432 pci - ok
18:47:04.0882 3432 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:47:04.0898 3432 pciide - ok
18:47:04.0914 3432 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:47:04.0914 3432 pcmcia - ok
18:47:04.0929 3432 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:47:04.0929 3432 pcw - ok
18:47:04.0960 3432 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:47:04.0960 3432 PEAUTH - ok
18:47:05.0023 3432 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:47:05.0023 3432 PptpMiniport - ok
18:47:05.0038 3432 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:47:05.0038 3432 Processor - ok
18:47:05.0054 3432 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:47:05.0054 3432 Psched - ok
18:47:05.0070 3432 PTLIBUSB0 (fd2c9507fe22208113300ebfa03190e8) C:\Windows\system32\DRIVERS\PTLIBUSB0.SYS
18:47:05.0070 3432 PTLIBUSB0 - ok
18:47:05.0101 3432 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys
18:47:05.0101 3432 PxHlpa64 - ok
18:47:05.0148 3432 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:47:05.0148 3432 ql2300 - ok
18:47:05.0163 3432 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:47:05.0179 3432 ql40xx - ok
18:47:05.0194 3432 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:47:05.0194 3432 QWAVEdrv - ok
18:47:05.0210 3432 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:47:05.0210 3432 RasAcd - ok
18:47:05.0226 3432 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:47:05.0226 3432 RasAgileVpn - ok
18:47:05.0241 3432 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:47:05.0241 3432 Rasl2tp - ok
18:47:05.0272 3432 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:47:05.0272 3432 RasPppoe - ok
18:47:05.0288 3432 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:47:05.0288 3432 RasSstp - ok
18:47:05.0304 3432 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:47:05.0304 3432 rdbss - ok
18:47:05.0319 3432 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:47:05.0319 3432 rdpbus - ok
18:47:05.0335 3432 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:47:05.0335 3432 RDPCDD - ok
18:47:05.0366 3432 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:47:05.0366 3432 RDPDR - ok
18:47:05.0382 3432 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:47:05.0382 3432 RDPENCDD - ok
18:47:05.0397 3432 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:47:05.0397 3432 RDPREFMP - ok
18:47:05.0413 3432 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:47:05.0413 3432 RdpVideoMiniport - ok
18:47:05.0428 3432 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:47:05.0444 3432 RDPWD - ok
18:47:05.0460 3432 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:47:05.0460 3432 rdyboost - ok
18:47:05.0475 3432 RemoteControl-USBLAN (bfa4873cd96d7144dc0059a70e1e358f) C:\Windows\system32\DRIVERS\rcblan.sys
18:47:05.0475 3432 RemoteControl-USBLAN - ok
18:47:05.0506 3432 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:47:05.0506 3432 rspndr - ok
18:47:05.0522 3432 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:47:05.0522 3432 RTL8167 - ok
18:47:05.0538 3432 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:47:05.0538 3432 s3cap - ok
18:47:05.0569 3432 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:47:05.0569 3432 sbp2port - ok
18:47:05.0584 3432 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:47:05.0584 3432 scfilter - ok
18:47:05.0616 3432 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:47:05.0616 3432 secdrv - ok
18:47:05.0647 3432 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:47:05.0647 3432 Serenum - ok
18:47:05.0662 3432 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:47:05.0662 3432 Serial - ok
18:47:05.0678 3432 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:47:05.0678 3432 sermouse - ok
18:47:05.0709 3432 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:47:05.0709 3432 sffdisk - ok
18:47:05.0725 3432 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:47:05.0725 3432 sffp_mmc - ok
18:47:05.0740 3432 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:47:05.0740 3432 sffp_sd - ok
18:47:05.0756 3432 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:47:05.0756 3432 sfloppy - ok
18:47:05.0787 3432 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:47:05.0787 3432 SiSRaid2 - ok
18:47:05.0803 3432 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:47:05.0803 3432 SiSRaid4 - ok
18:47:05.0818 3432 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:47:05.0818 3432 Smb - ok
18:47:05.0834 3432 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:47:05.0834 3432 spldr - ok
18:47:05.0881 3432 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:47:05.0881 3432 srv - ok
18:47:05.0896 3432 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:47:05.0912 3432 srv2 - ok
18:47:05.0928 3432 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:47:05.0928 3432 srvnet - ok
18:47:05.0943 3432 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
18:47:05.0943 3432 SSPORT - ok
18:47:05.0959 3432 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:47:05.0974 3432 stexstor - ok
18:47:05.0990 3432 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:47:05.0990 3432 storflt - ok
18:47:06.0006 3432 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:47:06.0006 3432 storvsc - ok
18:47:06.0021 3432 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:47:06.0021 3432 swenum - ok
18:47:06.0037 3432 Synth3dVsc - ok
18:47:06.0099 3432 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:47:06.0115 3432 Tcpip - ok
18:47:06.0162 3432 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:47:06.0177 3432 TCPIP6 - ok
18:47:06.0193 3432 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:47:06.0193 3432 tcpipreg - ok
18:47:06.0208 3432 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:47:06.0208 3432 TDPIPE - ok
18:47:06.0224 3432 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:47:06.0224 3432 TDTCP - ok
18:47:06.0255 3432 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:47:06.0255 3432 tdx - ok
18:47:06.0271 3432 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:47:06.0271 3432 TermDD - ok
18:47:06.0302 3432 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:47:06.0302 3432 tssecsrv - ok
18:47:06.0318 3432 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:47:06.0318 3432 TsUsbFlt - ok
18:47:06.0333 3432 tsusbhub - ok
18:47:06.0349 3432 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:47:06.0349 3432 tunnel - ok
18:47:06.0364 3432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:47:06.0364 3432 uagp35 - ok
18:47:06.0396 3432 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:47:06.0396 3432 udfs - ok
18:47:06.0427 3432 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:47:06.0427 3432 uliagpkx - ok
18:47:06.0442 3432 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:47:06.0442 3432 umbus - ok
18:47:06.0458 3432 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:47:06.0458 3432 UmPass - ok
18:47:06.0474 3432 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:47:06.0474 3432 USBAAPL64 - ok
18:47:06.0489 3432 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:47:06.0489 3432 usbccgp - ok
18:47:06.0505 3432 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:47:06.0520 3432 usbcir - ok
18:47:06.0536 3432 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:47:06.0536 3432 usbehci - ok
18:47:06.0552 3432 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:47:06.0552 3432 usbhub - ok
18:47:06.0567 3432 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:47:06.0567 3432 usbohci - ok
18:47:06.0583 3432 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:47:06.0583 3432 usbprint - ok
18:47:06.0598 3432 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:47:06.0598 3432 USBSTOR - ok
18:47:06.0614 3432 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:47:06.0614 3432 usbuhci - ok
18:47:06.0645 3432 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:47:06.0645 3432 vdrvroot - ok
18:47:06.0661 3432 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:47:06.0661 3432 vga - ok
18:47:06.0676 3432 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:47:06.0676 3432 VgaSave - ok
18:47:06.0692 3432 VGPU - ok
18:47:06.0708 3432 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:47:06.0723 3432 vhdmp - ok
18:47:06.0739 3432 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:47:06.0739 3432 viaide - ok
18:47:06.0754 3432 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:47:06.0754 3432 vmbus - ok
18:47:06.0770 3432 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:47:06.0770 3432 VMBusHID - ok
18:47:06.0786 3432 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:47:06.0786 3432 volmgr - ok
18:47:06.0801 3432 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:47:06.0817 3432 volmgrx - ok
18:47:06.0832 3432 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:47:06.0832 3432 volsnap - ok
18:47:06.0848 3432 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:47:06.0848 3432 vsmraid - ok
18:47:06.0864 3432 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:47:06.0864 3432 vwifibus - ok
18:47:06.0895 3432 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:47:06.0895 3432 WacomPen - ok
18:47:06.0910 3432 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:47:06.0910 3432 WANARP - ok
18:47:06.0926 3432 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:47:06.0926 3432 Wanarpv6 - ok
18:47:06.0957 3432 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:47:06.0957 3432 Wd - ok
18:47:06.0973 3432 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:47:06.0988 3432 Wdf01000 - ok
18:47:07.0020 3432 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:47:07.0020 3432 WfpLwf - ok
18:47:07.0035 3432 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:47:07.0035 3432 WIMMount - ok
18:47:07.0066 3432 WinDriver6 (7922583c802203a54cdd47d9ecf028f2) C:\Windows\system32\drivers\windrvr6.sys
18:47:07.0066 3432 WinDriver6 - ok
18:47:07.0098 3432 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:47:07.0098 3432 WinUsb - ok
18:47:07.0113 3432 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:47:07.0113 3432 WmiAcpi - ok
18:47:07.0144 3432 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:47:07.0160 3432 ws2ifsl - ok
18:47:07.0176 3432 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:47:07.0191 3432 WudfPf - ok
18:47:07.0207 3432 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:47:07.0207 3432 WUDFRd - ok
18:47:07.0222 3432 XilinxPC4Driver (0d7d5def542cf01ad9665f398a0d0c78) C:\Windows\System32\drivers\xpc4drvr.sys
18:47:07.0222 3432 XilinxPC4Driver - ok
18:47:07.0238 3432 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:47:07.0254 3432 \Device\Harddisk0\DR0 - ok
18:47:07.0254 3432 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
18:47:07.0254 3432 \Device\Harddisk1\DR1 - ok
18:47:07.0254 3432 Boot (0x1200) (5b8951f1ba0a82aa1edaf898468b1eed) \Device\Harddisk0\DR0\Partition0
18:47:07.0269 3432 \Device\Harddisk0\DR0\Partition0 - ok
18:47:07.0269 3432 Boot (0x1200) (9069df57071cd48b5f9785b4240a963c) \Device\Harddisk0\DR0\Partition1
18:47:07.0269 3432 \Device\Harddisk0\DR0\Partition1 - ok
18:47:07.0269 3432 Boot (0x1200) (688c591c1726afdc268ba3127767cf37) \Device\Harddisk1\DR1\Partition0
18:47:07.0269 3432 \Device\Harddisk1\DR1\Partition0 - ok
18:47:07.0269 3432 ============================================================
18:47:07.0269 3432 Scan finished
18:47:07.0269 3432 ============================================================
18:47:07.0285 3440 Detected object count: 0
18:47:07.0285 3440 Actual detected object count: 0
18:47:10.0982 1352 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 AM

Posted 28 November 2011 - 02:05 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Grale

Grale
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 28 November 2011 - 02:20 PM

aswmbr report:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-28 19:10:41
-----------------------------
19:10:41.412 OS Version: Windows x64 6.1.7601 Service Pack 1
19:10:41.412 Number of processors: 4 586 0x402
19:10:41.412 ComputerName: DESKTOP UserName: Darren
19:10:41.630 Initialize success
19:10:41.708 AVAST engine defs: 11112801
19:10:55.514 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
19:10:55.514 Disk 0 Vendor: OCZ-VERTEX2 1.33 Size: 52472MB BusType: 3
19:10:55.514 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
19:10:55.514 Disk 1 Vendor: ST3200822AS 3.02 Size: 190781MB BusType: 3
19:10:55.545 Disk 0 MBR read successfully
19:10:55.545 Disk 0 MBR scan
19:10:55.545 Disk 0 Windows 7 default MBR code
19:10:55.545 Service scanning
19:10:56.669 Modules scanning
19:10:56.669 Disk 0 trace - called modules:
19:10:56.669 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:10:56.684 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80052bb060]
19:10:56.684 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004fd1520]
19:10:56.684 5 ACPI.sys[fffff88000eca7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8004fbc060]
19:10:56.887 AVAST engine scan C:\Windows
19:10:57.230 AVAST engine scan C:\Windows\system32
19:11:24.109 AVAST engine scan C:\Windows\system32\drivers
19:11:26.387 AVAST engine scan C:\Users\Darren
19:12:16.983 AVAST engine scan C:\ProgramData
19:12:19.338 Scan finished successfully
19:17:34.627 Disk 0 MBR has been saved successfully to "C:\Users\Darren\Desktop\MBR.dat"
19:17:34.627 The log file has been saved successfully to "C:\Users\Darren\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 AM

Posted 28 November 2011 - 02:39 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Grale

Grale
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 28 November 2011 - 02:48 PM

OTL logfile created on: 28/11/2011 19:42:14 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Darren\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.80 Gb Available Physical Memory | 80.10% Memory free
12.00 Gb Paging File | 10.53 Gb Available in Paging File | 87.78% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 51.14 Gb Total Space | 5.86 Gb Free Space | 11.46% Space Free | Partition Type: NTFS
Drive E: | 186.31 Gb Total Space | 46.47 Gb Free Space | 24.94% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: Darren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Darren\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\iernnonce.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (inpoutx64) -- C:\Windows\SysNative\drivers\inpoutx64.sys (Highresolution Enterprises [www.highrez.co.uk])
DRV:64bit: - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo)
DRV:64bit: - (XilinxPC4Driver) -- C:\Windows\SysNative\drivers\xpc4drvr.sys (Xilinx, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.sys (Samsung Electronics)
DRV:64bit: - (NmPar) -- C:\Windows\SysNative\drivers\NmPar.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (mf) -- C:\Windows\SysNative\drivers\mf.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (PTLIBUSB0) -- C:\Windows\SysNative\drivers\PTLIBUSB0.SYS (PRUFTECHNIK AG)
DRV:64bit: - (RemoteControl-USBLAN) -- C:\Windows\SysNative\drivers\rcblan.sys (Belcarra Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Aspi32) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2336325715-1334469260-311099162-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2336325715-1334469260-311099162-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2336325715-1334469260-311099162-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 9E A4 73 22 75 CC 01 [binary data]
IE - HKU\S-1-5-21-2336325715-1334469260-311099162-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2336325715-1334469260-311099162-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/20 16:34:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/27 09:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/21 12:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darren\AppData\Roaming\Mozilla\Extensions
[2011/10/21 12:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/27 09:41:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/29 01:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/29 01:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/29 01:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/29 01:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/29 01:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/11/28 17:25:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove Folder Synchronization) - {6F823386-2459-4307-32BD-795D2B2E2BE8} - C:\Windows\SysWOW64\KBBDINBE2.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-2336325715-1334469260-311099162-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2336325715-1334469260-311099162-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2336325715-1334469260-311099162-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2336325715-1334469260-311099162-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2336325715-1334469260-311099162-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2336325715-1334469260-311099162-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECD3B20E-7FB2-4F41-B88E-FB0D70008E21}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 19:40:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Darren\Desktop\OTL.exe
[2011/11/28 19:17:39 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{D725FE27-D35A-4F9C-9409-401D2C32CF6A}
[2011/11/28 19:10:32 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Darren\Desktop\aswMBR.exe
[2011/11/28 17:53:58 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{CE76A31E-2A2F-4A23-BBD9-512FFC1511E8}
[2011/11/28 17:39:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/28 17:25:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/27 09:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/11/27 09:02:06 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2011/11/27 09:02:06 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011/11/27 09:02:06 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011/11/27 09:02:04 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/11/27 09:02:04 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/11/27 09:02:04 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/11/27 09:02:04 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/11/27 09:02:04 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/11/27 09:02:04 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/11/27 09:02:04 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/11/27 09:02:04 | 007,042,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/11/27 09:02:04 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/11/27 09:02:04 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/11/27 09:02:04 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/11/27 09:02:04 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/11/27 09:02:04 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/11/27 09:02:04 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/11/27 09:02:04 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/11/27 09:02:04 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/11/27 09:01:02 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/11/27 08:27:26 | 000,000,000 | ---D | C] -- C:\Users\Darren\Logitech
[2011/11/27 08:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control Software Common
[2011/11/27 08:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011/11/27 08:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2011/11/27 08:27:04 | 000,046,616 | ---- | C] (Belcarra Technologies) -- C:\Windows\SysNative\drivers\rcblan.sys
[2011/11/27 08:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control USB Driver
[2011/11/27 08:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/11/27 08:26:51 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\InstallShield
[2011/11/27 08:17:52 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{AD850809-4D43-41C6-B1C8-6BB3EDABC8C6}
[2011/11/27 08:17:30 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{2E4D1537-1760-4A35-8A57-DE194506EDF3}
[2011/11/26 09:06:07 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{8C3466DC-7B87-48A4-B5F5-B429D7DEB0F1}
[2011/11/26 09:05:44 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{CC75D810-4B57-473F-9D75-5FA1F3B83BEF}
[2011/11/26 09:02:57 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{99D25193-79DC-4188-B093-90ECF2993105}
[2011/11/26 09:02:32 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{167BB32A-7E63-4219-B1DB-12E9986D0E1C}
[2011/11/25 14:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/11/25 14:40:23 | 000,000,000 | ---D | C] -- C:\Users\Darren\Documents\Adobe
[2011/11/25 14:36:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2011/11/25 14:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/11/25 14:35:05 | 000,052,856 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2011/11/25 14:35:05 | 000,010,488 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2011/11/25 14:35:05 | 000,010,488 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2011/11/25 14:26:25 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/11/25 14:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/11/25 14:26:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2011/11/25 13:58:43 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{A6F2B3C0-B404-44B6-ACEF-7A93887778E0}
[2011/11/25 13:58:21 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{B0C22E21-5153-4F70-8C41-766DE63FD5B2}
[2011/11/25 13:44:35 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/11/25 13:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/11/25 13:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/11/25 13:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/11/25 13:29:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/11/25 13:29:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/11/25 13:29:16 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/11/25 13:29:16 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/11/25 13:29:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/11/25 13:29:16 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/11/25 13:29:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/11/25 13:29:16 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/11/25 13:29:16 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/11/25 13:29:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/11/25 13:29:16 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/11/25 13:29:16 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/11/25 13:29:16 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/11/25 13:29:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/11/25 13:29:16 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/11/25 13:29:16 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/11/25 13:29:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/11/25 13:29:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/11/25 13:29:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/11/25 13:29:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/11/25 13:29:16 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/11/25 13:29:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/11/25 13:29:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/11/25 13:29:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/11/25 13:29:16 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/11/25 13:29:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/11/25 13:29:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/11/25 13:29:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/11/25 13:29:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/11/25 13:29:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/11/25 13:29:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/11/25 13:29:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/11/25 13:29:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/11/25 13:29:16 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/11/25 13:29:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/11/25 13:29:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/11/25 13:29:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/11/25 13:29:16 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/11/25 13:29:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/11/25 13:29:16 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/11/25 13:29:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/11/25 13:29:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/11/25 13:29:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/11/25 13:29:16 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/11/25 13:29:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/11/25 13:29:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/11/25 13:29:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/11/25 13:29:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/11/25 13:29:16 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/11/25 13:29:16 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/11/25 13:29:16 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/11/25 13:29:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/11/25 13:29:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/11/25 13:29:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/11/25 13:29:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/11/25 13:29:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/11/25 13:29:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/11/25 13:29:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/11/25 13:29:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/11/25 13:29:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/11/25 13:29:16 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/11/25 13:29:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/11/25 13:29:16 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/11/25 13:29:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/11/25 13:29:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/11/25 13:29:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/11/25 13:29:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/11/25 13:29:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/11/25 13:29:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/11/25 13:29:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/11/25 13:29:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/11/25 13:29:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/11/24 17:49:49 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\OfficeRecovery
[2011/11/23 20:08:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/23 20:08:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/23 20:08:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/23 20:08:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/23 20:07:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/22 19:23:51 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/11/22 19:23:51 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011/11/22 19:23:51 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/11/22 19:23:51 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011/11/22 19:23:51 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/11/22 19:23:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/11/22 19:23:50 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/11/22 19:23:50 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/11/22 19:23:50 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/11/22 19:23:50 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/11/22 19:23:49 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011/11/22 19:23:49 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/11/22 19:23:49 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011/11/22 19:23:49 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/11/22 19:23:48 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011/11/22 19:23:48 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/11/22 19:23:48 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011/11/22 19:23:48 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/11/22 19:23:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/11/22 19:23:48 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011/11/22 19:23:48 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/11/22 19:23:48 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/11/22 19:23:47 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011/11/22 19:23:47 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/11/22 19:23:47 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/11/22 19:23:47 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011/11/22 19:23:47 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/11/22 19:23:47 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/11/22 19:23:46 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/11/22 19:23:46 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/11/22 19:23:43 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/11/22 19:23:43 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/11/22 19:23:43 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011/11/22 19:23:43 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/11/22 19:23:42 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011/11/22 19:23:42 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/11/22 19:23:42 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/11/22 19:23:42 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/11/22 19:23:41 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/11/22 19:23:41 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011/11/22 19:23:41 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011/11/22 19:23:41 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011/11/22 19:23:40 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/11/22 19:23:40 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/11/22 19:23:39 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011/11/22 19:23:39 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/11/22 19:23:39 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/11/22 19:23:39 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011/11/22 19:23:39 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/11/22 19:23:39 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/11/22 19:23:39 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/11/22 19:23:39 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/11/22 19:23:38 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/11/22 19:23:38 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/11/22 19:23:38 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011/11/22 19:23:38 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/11/22 19:23:37 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011/11/22 19:23:37 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/11/22 19:23:36 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011/11/22 19:23:36 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/11/22 19:23:36 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011/11/22 19:23:36 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/11/22 19:23:36 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/11/22 19:23:36 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011/11/22 19:23:36 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/11/22 19:23:36 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/11/22 19:23:36 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/11/22 19:23:36 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/11/22 19:23:36 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/11/22 19:23:36 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/11/22 19:23:35 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/11/22 19:23:35 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/11/22 19:23:35 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/11/22 19:23:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/11/22 19:23:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/11/22 19:23:35 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011/11/22 19:23:33 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/11/22 19:23:33 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/11/22 19:23:33 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011/11/22 19:23:33 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/11/22 19:23:33 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/11/22 19:23:33 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011/11/22 19:23:33 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/11/22 19:23:33 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/11/22 19:23:33 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/11/22 19:23:33 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/11/22 19:23:32 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/11/22 19:23:32 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/11/22 19:23:32 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011/11/22 19:23:32 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/11/22 19:23:31 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011/11/22 19:23:31 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/11/22 19:23:30 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011/11/22 19:23:30 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/11/22 19:23:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/11/22 19:23:30 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011/11/22 19:23:30 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/11/22 19:23:30 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/11/22 19:23:29 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/11/22 19:23:29 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/11/22 19:23:29 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011/11/22 19:23:29 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/11/22 19:23:28 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011/11/22 19:23:28 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/11/22 19:23:28 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011/11/22 19:23:28 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/11/22 19:23:27 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/11/22 19:23:27 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/11/22 19:23:27 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011/11/22 19:23:27 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/11/22 19:23:26 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011/11/22 19:23:26 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/11/22 19:23:25 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/11/22 19:23:25 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/11/22 19:23:25 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011/11/22 19:23:25 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/11/22 19:23:25 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011/11/22 19:23:25 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/11/22 19:23:23 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011/11/22 19:23:23 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/11/22 19:23:23 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011/11/22 19:23:23 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/11/22 19:23:23 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/11/22 19:23:23 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/11/22 19:23:22 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/11/22 19:23:22 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/11/22 19:23:22 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011/11/22 19:23:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/11/22 19:23:21 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011/11/22 19:23:21 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/11/22 19:23:21 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011/11/22 19:23:21 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/11/22 19:23:21 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011/11/22 19:23:21 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/11/22 19:23:20 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/11/22 19:23:20 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/11/22 19:23:20 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011/11/22 19:23:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/11/22 19:23:19 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011/11/22 19:23:19 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/11/22 19:23:19 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011/11/22 19:23:19 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/11/22 19:23:18 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011/11/22 19:23:18 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/11/22 19:23:18 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011/11/22 19:23:18 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/11/22 19:23:17 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/11/22 19:23:17 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/11/22 19:23:17 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011/11/22 19:23:17 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/11/22 19:23:17 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/11/22 19:23:17 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/11/22 19:23:16 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011/11/22 19:23:16 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/11/22 19:23:16 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011/11/22 19:23:16 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/11/22 19:23:15 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/11/22 19:23:15 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/11/22 19:23:15 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011/11/22 19:23:15 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/11/22 19:23:15 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/11/22 19:23:15 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/11/22 19:23:14 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/11/22 19:23:14 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/11/22 19:23:10 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011/11/22 19:23:10 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/11/22 19:23:10 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/11/22 19:23:10 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/11/22 19:23:10 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/11/22 19:23:10 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/11/22 19:23:09 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/11/22 19:23:09 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/11/22 19:23:08 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/11/22 19:23:08 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/11/22 19:23:07 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/11/22 19:23:07 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/11/22 19:23:07 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/11/22 19:23:07 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/11/22 19:23:06 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/11/22 19:23:06 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/11/22 19:23:05 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/11/22 19:23:05 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/11/22 19:06:02 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{1A8F312D-EB30-45DD-BFE0-4F6D233CBFF9}
[2011/11/20 16:34:53 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/20 16:34:53 | 000,287,576 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/20 16:34:53 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/20 16:34:53 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/20 16:34:53 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/20 16:34:53 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/20 16:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2011/11/20 16:34:51 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/20 16:34:40 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/20 16:34:39 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/20 16:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/20 15:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/11/20 15:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/20 09:23:33 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{01A54578-B55B-48AA-BFD8-951DAE5F99F3}
[2011/11/20 09:23:08 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{1DA9E19C-3516-41EF-80EA-92AB6CDB7C6A}
[2011/11/20 08:03:34 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{9A50CAB3-4E96-42F6-8E75-305F53B99D84}
[2011/11/19 12:59:06 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\To the Moon - Freebird Games
[2011/11/19 12:58:58 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\To the Moon
[2011/11/19 12:58:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1005
[2011/11/19 11:13:40 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{7FC20255-64BF-484B-A36B-0AE1BCE6CEFB}
[2011/11/19 11:13:18 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{CD14AC4C-4186-472F-A292-4C55CBE51590}
[2011/11/19 07:36:45 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\BeSpotted
[2011/11/18 19:08:10 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{0AB007F8-15FC-404D-AEAA-AA272D836E8E}
[2011/11/18 19:07:48 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{DDD33CD9-CB73-4D16-95EF-ACDFDD747993}
[2011/11/18 14:49:23 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2011/11/18 11:09:00 | 000,000,000 | ---D | C] -- C:\RHG-XSVF
[2011/11/14 15:36:00 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{2F068A02-F3E2-4C69-87F4-B497BD0A7DC1}
[2011/11/14 15:35:35 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{E781BA4F-C595-4167-BB43-68B42B2516FF}
[2011/11/14 09:42:49 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{7303D00E-2892-4197-8EEB-F3D7A5AE3709}
[2011/11/14 07:59:00 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{137F9CF1-964A-4778-8B72-BB1164CFF1FD}
[2011/11/13 12:04:35 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{2679A94F-00AE-43E6-BEF7-21BD903682E8}
[2011/11/13 08:06:15 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{92AA89A3-8075-4829-ADCD-9C1F0DB48C49}
[2011/11/13 07:02:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/12 10:18:29 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\ObviousIdea
[2011/11/12 10:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ObviousIdea
[2011/11/12 10:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ObviousIdea
[2011/11/11 18:37:53 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Tech-Modz.Net
[2011/11/11 14:48:00 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{9668A168-624E-4A76-979D-B672E2784D6D}
[2011/11/11 14:47:38 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{99521C31-5E25-48C3-9592-A2B18E0AD6D7}
[2011/11/11 14:35:26 | 000,053,760 | ---- | C] (PRUFTECHNIK AG) -- C:\Windows\SysNative\PTLIBUSB0.DLL
[2011/11/11 14:35:26 | 000,033,280 | ---- | C] (http://www.pruftechnik.com/usbgpl) -- C:\Windows\SysWow64\PTLIBUSB0.DLL
[2011/11/11 14:35:26 | 000,030,720 | ---- | C] (PRUFTECHNIK AG) -- C:\Windows\SysNative\drivers\PTLIBUSB0.SYS
[2011/11/11 14:34:58 | 000,015,008 | ---- | C] (Highresolution Enterprises [www.highrez.co.uk]) -- C:\Windows\SysNative\drivers\inpoutx64.sys
[2011/11/11 14:31:10 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jtag Tool
[2011/11/11 14:31:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jtag Tool
[2011/11/08 19:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2011/11/08 19:21:46 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{C36C5E4E-ADA8-4577-B4F8-359A80A252F5}
[2011/11/08 19:21:23 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{5AE93B12-190D-418E-A5A4-8AA6AE2757D5}
[2011/11/08 19:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software
[2011/11/08 18:50:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/11/08 18:25:56 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\X-Projects
[2011/11/07 18:17:06 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{C24A6EC3-2045-4E50-A462-15B86E039903}
[2011/11/06 09:08:06 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\mkvtoolnix
[2011/11/06 09:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVtoolnix
[2011/11/06 09:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix
[2011/11/06 08:31:27 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Digilent
[2011/11/06 08:31:06 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Xilinx
[2011/11/06 08:22:55 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digilent
[2011/11/06 08:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digilent
[2011/11/06 08:22:48 | 000,027,384 | ---- | C] (Xilinx, Inc.) -- C:\Windows\SysNative\drivers\xpc4drvr.sys
[2011/11/06 08:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digilent
[2011/11/06 08:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilinx ISE Design Suite 13.3
[2011/11/06 08:15:22 | 000,254,976 | ---- | C] (Jungo) -- C:\Windows\SysNative\drivers\windrvr6.sys
[2011/11/06 07:50:47 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{9C16A83B-4805-4264-AC56-FDF4C3C6C2AC}
[2011/11/06 07:50:25 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{5E6DC99E-15F6-48C1-934E-936496DD2D28}
[2011/11/05 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{D689CADA-8622-4209-9589-680F46E66458}
[2011/11/04 18:33:18 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{73F1AF16-ED06-4F5B-BFEF-C3F6DFD44772}
[2011/11/04 18:32:56 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{E2207966-C221-4D21-B929-C6B07C568152}
[2011/11/04 14:15:56 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{9C780FD8-FFFE-47AB-BA2C-278A2A682710}
[2011/11/04 12:57:04 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{05EE4869-2325-40E3-B214-C4373F075E7E}
[2011/11/03 16:08:24 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\ElevatedDiagnostics
[2011/11/02 19:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\NMSERIES
[2011/11/01 17:17:16 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{4E45214A-CD91-4876-A8D4-858275DAF54D}
[2011/11/01 17:16:54 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{06156021-6B20-44F0-BB56-7E034DFA153F}
[2011/10/31 17:52:32 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{17ABB66E-9D60-4CEA-B596-1D5A009A58B3}
[2011/10/31 17:52:10 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{E6607E26-A264-482C-97C1-CD48626E6A84}
[2011/10/31 17:50:44 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{BA1BC6FF-A3C7-4A7A-9D32-3873DC4D2524}
[2011/10/31 17:50:32 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{A5E8ED92-8DC2-4638-97D6-7027D8C1FC9B}
[2011/10/30 11:18:33 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{32BD9E50-1485-4F2D-837B-5F1CF612A680}
[2011/10/30 11:18:21 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\{D3221642-1262-47AF-BCF2-4205DF47E661}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/28 19:40:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Darren\Desktop\OTL.exe
[2011/11/28 19:17:34 | 000,000,512 | ---- | M] () -- C:\Users\Darren\Desktop\MBR.dat
[2011/11/28 19:10:32 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Darren\Desktop\aswMBR.exe
[2011/11/28 18:44:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/28 17:32:01 | 000,014,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 17:32:01 | 000,014,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 17:25:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/28 17:24:48 | 535,732,223 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/28 17:07:25 | 002,937,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/28 17:07:25 | 001,253,998 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/28 17:07:25 | 000,005,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/27 15:58:57 | 000,268,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/27 12:51:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/27 08:27:24 | 000,002,357 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
[2011/11/25 15:16:44 | 601,015,998 | ---- | M] () -- C:\Users\Darren\Desktop\Untitled1.avi
[2011/11/25 14:34:13 | 000,010,488 | ---- | M] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2011/11/25 14:34:13 | 000,010,488 | ---- | M] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2011/11/25 14:34:12 | 000,052,856 | ---- | M] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2011/11/25 14:26:25 | 000,001,799 | ---- | M] () -- C:\Users\Darren\Desktop\MagicISO.lnk
[2011/11/25 13:44:16 | 000,000,020 | ---- | M] () -- C:\Windows\¨χΑ
[2011/11/25 13:29:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/11/25 13:29:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/11/25 13:29:16 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/11/25 13:29:16 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/11/25 13:29:16 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/11/25 13:29:16 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/11/25 13:29:16 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/11/25 13:29:16 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/11/25 13:29:16 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/11/25 13:29:16 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/11/25 13:29:16 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/11/25 13:29:16 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/11/25 13:29:16 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/11/25 13:29:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/11/25 13:29:16 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/11/25 13:29:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/11/25 13:29:16 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/11/25 13:29:16 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/11/25 13:29:16 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/11/25 13:29:16 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/11/25 13:29:16 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/11/25 13:29:16 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/11/25 13:29:16 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/11/25 13:29:16 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/11/25 13:29:16 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/11/25 13:29:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/11/25 13:29:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/11/25 13:29:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/11/25 13:29:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/11/25 13:29:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/11/25 13:29:16 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/11/25 13:29:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/11/25 13:29:16 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/11/25 13:29:16 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/11/25 13:29:16 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/11/25 13:29:16 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/11/25 13:29:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/11/25 13:29:16 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/11/25 13:29:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/11/25 13:29:16 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/11/25 13:29:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/11/25 13:29:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/11/25 13:29:16 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/11/25 13:29:16 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/11/25 13:29:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/11/25 13:29:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/11/25 13:29:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/11/25 13:29:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/11/25 13:29:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/11/25 13:29:16 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/11/25 13:29:16 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/11/25 13:29:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/11/25 13:29:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/11/25 13:29:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/11/25 13:29:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/11/25 13:29:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/11/25 13:29:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/11/25 13:29:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/11/25 13:29:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/11/25 13:29:16 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/11/25 13:29:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/11/25 13:29:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/11/25 13:29:16 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/11/25 13:29:16 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/11/25 13:29:16 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/11/25 13:29:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/11/25 13:29:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/11/25 13:29:16 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/11/25 13:29:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/11/25 13:29:16 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/11/25 13:29:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/11/25 13:29:16 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/11/25 13:29:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/11/25 13:29:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/11/22 18:25:22 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/20 16:34:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/20 16:29:36 | 000,000,838 | ---- | M] () -- C:\Users\Darren\.recently-used.xbel
[2011/11/20 15:41:31 | 000,000,512 | ---- | M] () -- C:\Users\Darren\Documents\MBR.dat
[2011/11/19 07:37:24 | 000,000,041 | ---- | M] () -- C:\Users\Darren\AppData\Local\Images.fl
[2011/11/18 14:49:23 | 001,122,304 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2011/11/12 10:17:51 | 000,001,220 | ---- | M] () -- C:\Users\Darren\Application Data\Microsoft\Internet Explorer\Quick Launch\Light Image Resizer 4.lnk
[2011/11/11 14:34:58 | 000,015,008 | ---- | M] (Highresolution Enterprises [www.highrez.co.uk]) -- C:\Windows\SysNative\drivers\inpoutx64.sys
[2011/11/11 14:31:10 | 000,001,909 | ---- | M] () -- C:\Users\Darren\Desktop\Jtag Tool.lnk
[2011/11/08 19:24:14 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
[2011/11/08 03:51:00 | 024,796,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/11/08 03:51:00 | 024,742,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/11/08 03:51:00 | 018,871,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/11/08 03:51:00 | 017,248,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/11/08 03:51:00 | 015,693,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/11/08 03:51:00 | 013,205,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/11/08 03:51:00 | 010,406,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/11/08 03:51:00 | 008,792,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/11/08 03:51:00 | 007,581,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/11/08 03:51:00 | 007,042,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/11/08 03:51:00 | 005,578,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/11/08 03:51:00 | 005,067,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/11/08 03:51:00 | 003,074,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011/11/08 03:51:00 | 002,808,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/11/08 03:51:00 | 002,542,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/11/08 03:51:00 | 002,458,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/11/08 03:51:00 | 002,401,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/11/08 03:51:00 | 002,232,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/11/08 03:51:00 | 002,099,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/11/08 03:51:00 | 001,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/11/08 03:51:00 | 001,454,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/11/08 03:51:00 | 000,837,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/11/08 03:51:00 | 000,222,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/11/08 03:51:00 | 000,137,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/11/08 03:51:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/11/08 03:51:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/11/08 03:51:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011/11/07 18:53:44 | 000,321,856 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/11/06 09:07:55 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/28 19:17:34 | 000,000,512 | ---- | C] () -- C:\Users\Darren\Desktop\MBR.dat
[2011/11/27 08:27:24 | 000,002,357 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
[2011/11/25 15:10:21 | 601,015,998 | ---- | C] () -- C:\Users\Darren\Desktop\Untitled1.avi
[2011/11/25 14:26:25 | 000,001,799 | ---- | C] () -- C:\Users\Darren\Desktop\MagicISO.lnk
[2011/11/25 13:44:30 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/25 13:44:19 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/25 13:44:15 | 000,000,020 | ---- | C] () -- C:\Windows\¨χΑ
[2011/11/25 13:29:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/11/25 13:29:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/11/23 20:08:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/23 20:08:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/23 20:08:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/23 20:08:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/23 20:08:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/20 16:29:36 | 000,000,838 | ---- | C] () -- C:\Users\Darren\.recently-used.xbel
[2011/11/20 15:48:38 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/20 15:41:31 | 000,000,512 | ---- | C] () -- C:\Users\Darren\Documents\MBR.dat
[2011/11/12 10:18:28 | 000,000,041 | ---- | C] () -- C:\Users\Darren\AppData\Local\Images.fl
[2011/11/12 10:17:51 | 000,001,220 | ---- | C] () -- C:\Users\Darren\Application Data\Microsoft\Internet Explorer\Quick Launch\Light Image Resizer 4.lnk
[2011/11/11 14:31:10 | 000,001,909 | ---- | C] () -- C:\Users\Darren\Desktop\Jtag Tool.lnk
[2011/11/08 19:24:14 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
[2011/11/07 18:53:44 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/11/06 09:07:55 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk
[2011/11/02 19:04:37 | 000,329,728 | ---- | C] () -- C:\Windows\SysNative\NmUninst.exe
[2011/10/15 07:01:15 | 000,016,483 | ---- | C] () -- C:\Users\Darren\AppData\Local\Temp13.html
[2011/10/11 18:18:14 | 000,001,892 | ---- | C] () -- C:\Users\Darren\AppData\Local\Temp1.html
[2011/09/22 16:23:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dvdtest10024.dat
[2011/09/17 16:21:51 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2011/09/17 15:44:29 | 000,000,017 | ---- | C] () -- C:\Users\Darren\AppData\Local\resmon.resmoncfg
[2011/09/17 14:58:39 | 000,000,079 | ---- | C] () -- C:\Users\Darren\AppData\Local\CrystalDiskMark30.ini
[2011/09/17 10:43:15 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\iernnonce.dll
[2010/12/06 13:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 AM

Posted 28 November 2011 - 02:58 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
    O4 - HKU\S-1-5-21-2336325715-1334469260-311099162-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    MOD - C:\Windows\SysWOW64\iernnonce.dll ()  
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Grale

Grale
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 28 November 2011 - 03:14 PM

Ok rebooted and the redirect seems to have stopped! i browsed search many times and no redirect so far.

But navigating forwards and backwards seems very slow, it seems to hang esp when entering a search in google before a page appears.

Ohh and thankyou so much for taking the time to help me, it's very much appreciated Gringo :)

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2336325715-1334469260-311099162-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Darren\Desktop\cmd.bat deleted successfully.
C:\Users\Darren\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Darren
->Temp folder emptied: 377094 bytes
->Temporary Internet Files folder emptied: 23095717 bytes
->Java cache emptied: 48803 bytes
->FireFox cache emptied: 91141688 bytes
->Flash cache emptied: 3588 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 104 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 109.00 mb


[EMPTYJAVA]

User: All Users

User: Darren
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Darren
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11282011_200651

Files\Folders moved on Reboot...
C:\Users\Darren\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Darren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08CKFF7B\page__p__2486953__fromsearch__1[1].htm moved successfully.

Registry entries deleted on Reboot...

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 AM

Posted 28 November 2011 - 03:56 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Grale

Grale
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 29 November 2011 - 01:29 PM

No problems but google is still taking on average 5+ seconds to respond after a search is entered, and back page takes as long, which never happened before the virus.

EDIT: Damn redirect is still active!

ComboFix 11-11-29.04 - Darren 29/11/2011 18:03:30.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.6143.4966 [GMT 0:00]
Running from: c:\users\Darren\Desktop\ComboFix.exe
Command switches used :: c:\users\Darren\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 18:15 . 2011-11-29 18:15 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1E303FA-B5A5-41E2-81AF-CB5D8C64AED1}\offreg.dll
2011-11-29 18:12 . 2011-11-29 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 20:06 . 2011-11-28 20:06 -------- d-----w- C:\_OTL
2011-11-27 09:12 . 2011-11-27 09:12 -------- d-----w- c:\users\UpdatusUser
2011-11-27 09:01 . 2011-11-27 09:01 -------- d-----w- C:\NVIDIA
2011-11-27 08:27 . 2011-11-27 08:27 -------- d-----w- c:\users\Darren\Logitech
2011-11-27 08:27 . 2011-11-27 08:27 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common
2011-11-27 08:27 . 2011-11-27 08:27 -------- d-----w- c:\program files (x86)\Logitech
2011-11-27 08:27 . 2011-11-27 08:27 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver
2011-11-27 08:27 . 2007-01-24 16:24 46616 ----a-w- c:\windows\system32\drivers\rcblan.sys
2011-11-27 08:27 . 2011-11-27 08:27 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-11-27 08:26 . 2011-11-27 08:26 -------- d-----w- c:\users\Darren\AppData\Roaming\InstallShield
2011-11-27 07:47 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1E303FA-B5A5-41E2-81AF-CB5D8C64AED1}\mpengine.dll
2011-11-25 14:40 . 2011-11-25 14:40 -------- d-----w- c:\programdata\FLEXnet
2011-11-25 14:35 . 2011-11-25 14:35 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-11-25 14:35 . 2011-11-25 14:34 10488 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-11-25 14:35 . 2011-11-25 14:34 10488 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-11-25 14:35 . 2011-11-25 14:34 52856 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-11-25 14:26 . 2011-11-25 14:26 -------- d-----w- c:\program files (x86)\MagicISO
2011-11-25 13:44 . 2011-11-25 13:44 -------- d-----w- c:\windows\en
2011-11-25 13:44 . 2011-11-25 13:44 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-11-25 13:43 . 2011-11-25 13:43 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\46bd6bd01ccab7812\bingbarsetup.exe
2011-11-25 13:42 . 2011-11-25 13:42 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\82f62101ccab7804\MeshBetaRemover.exe
2011-11-25 13:40 . 2011-11-27 09:25 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-11-25 13:38 . 2011-11-25 13:38 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\919723681ccab7706\DSETUP.dll
2011-11-25 13:38 . 2011-11-25 13:38 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\919723681ccab7706\DXSETUP.exe
2011-11-25 13:38 . 2011-11-25 13:38 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\919723681ccab7706\dsetup32.dll
2011-11-25 13:38 . 2011-11-25 13:38 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8e4ede081ccab7705\DSETUP.dll
2011-11-25 13:38 . 2011-11-25 13:38 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8e4ede081ccab7705\DXSETUP.exe
2011-11-25 13:38 . 2011-11-25 13:38 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8e4ede081ccab7705\dsetup32.dll
2011-11-25 13:38 . 2011-11-25 13:38 6260088 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7ee1f8101ccab7701\Silverlight.4.0.exe
2011-11-24 17:49 . 2011-11-24 17:49 -------- d-----w- c:\users\Darren\AppData\Roaming\OfficeRecovery
2011-11-20 16:34 . 2011-05-10 13:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-20 16:34 . 2011-05-10 13:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-20 16:34 . 2011-05-10 13:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-20 16:34 . 2011-05-10 12:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-20 16:34 . 2011-05-10 12:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-20 16:34 . 2011-05-10 12:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-20 16:34 . 2011-05-10 13:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-20 16:34 . 2011-05-10 13:10 40112 ----a-w- c:\windows\avastSS.scr
2011-11-20 16:34 . 2011-05-10 13:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-20 16:34 . 2011-11-20 16:34 -------- d-----w- c:\program files\AVAST Software
2011-11-20 15:48 . 2011-11-22 18:25 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-20 15:48 . 2011-11-20 16:00 -------- d-----w- c:\programdata\Hitman Pro
2011-11-20 15:41 . 2011-11-20 15:41 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-19 12:59 . 2011-11-19 15:08 -------- d-----w- c:\users\Darren\AppData\Roaming\To the Moon - Freebird Games
2011-11-19 12:58 . 2011-11-19 12:58 -------- d-----w- c:\windows\SysWow64\1005
2011-11-19 07:36 . 2011-11-19 07:36 -------- d-----w- c:\users\Darren\AppData\Roaming\BeSpotted
2011-11-18 14:49 . 2011-11-18 14:49 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll
2011-11-18 14:18 . 2011-11-18 14:18 -------- d-sha-w- c:\users\Public\DRM
2011-11-18 11:09 . 2011-11-18 11:09 -------- d-----w- C:\RHG-XSVF
2011-11-13 07:02 . 2011-11-13 07:02 -------- d-----w- c:\windows\system32\Macromed
2011-11-12 14:10 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-12 14:10 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-12 14:10 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-12 14:09 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-12 10:18 . 2011-11-19 07:37 -------- d-----w- c:\users\Darren\AppData\Roaming\ObviousIdea
2011-11-12 10:17 . 2011-11-12 10:17 -------- d-----w- c:\program files (x86)\ObviousIdea
2011-11-11 18:37 . 2011-11-11 18:37 -------- d-----w- c:\users\Darren\AppData\Local\Tech-Modz.Net
2011-11-11 14:35 . 2008-03-07 11:20 33280 ----a-w- c:\windows\SysWow64\PTLIBUSB0.DLL
2011-11-11 14:35 . 2008-03-06 12:15 53760 ----a-w- c:\windows\system32\PTLIBUSB0.DLL
2011-11-11 14:35 . 2008-03-06 12:15 30720 ----a-w- c:\windows\system32\drivers\PTLIBUSB0.SYS
2011-11-11 14:34 . 2011-11-11 14:34 15008 ----a-w- c:\windows\system32\drivers\inpoutx64.sys
2011-11-11 14:31 . 2011-11-20 16:35 -------- d-----w- c:\program files (x86)\Jtag Tool
2011-11-08 19:16 . 2011-11-08 19:16 -------- d-----w- c:\program files (x86)\Runtime Software
2011-11-08 18:50 . 2011-11-27 08:27 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-11-08 18:25 . 2011-11-08 18:25 -------- d-----w- c:\users\Darren\AppData\Roaming\X-Projects
2011-11-07 18:53 . 2011-11-07 18:53 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-11-06 09:08 . 2011-11-06 09:08 -------- d-----w- c:\users\Darren\AppData\Roaming\mkvtoolnix
2011-11-06 09:07 . 2011-11-06 09:07 -------- d-----w- c:\program files (x86)\MKVtoolnix
2011-11-06 08:31 . 2011-11-06 08:31 -------- d-----w- c:\users\Darren\AppData\Roaming\Digilent
2011-11-06 08:31 . 2011-11-09 20:09 -------- d-----w- c:\users\Darren\AppData\Roaming\Xilinx
2011-11-06 08:22 . 2011-11-06 08:22 -------- d-----w- c:\program files (x86)\Common Files\Digilent
2011-11-06 08:22 . 2011-11-06 08:22 -------- d-----w- c:\program files (x86)\Digilent
2011-11-06 08:22 . 2011-10-04 05:46 27384 ----a-w- c:\windows\system32\drivers\xpc4drvr.sys
2011-11-06 08:15 . 2011-10-04 05:46 254976 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2011-11-03 16:08 . 2011-11-03 16:08 -------- d-----w- c:\users\Darren\AppData\Local\ElevatedDiagnostics
2011-11-02 19:04 . 2011-11-02 19:04 -------- d-----w- c:\program files\NMSERIES
2011-11-02 19:04 . 2010-01-19 18:16 329728 ----a-w- c:\windows\system32\NmUninst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 12:51 . 2011-09-17 10:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-08 03:51 . 2011-09-17 10:16 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-11-08 03:51 . 2011-09-17 10:16 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-11-08 03:51 . 2011-09-17 10:16 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-11-08 03:51 . 2011-09-17 10:16 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-11-08 03:51 . 2011-09-17 10:16 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-11-08 03:51 . 2011-09-17 10:16 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-11-08 03:51 . 2011-09-17 10:16 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-11-08 03:51 . 2011-09-17 10:16 8792384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-11-08 03:51 . 2011-09-17 10:16 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-11-08 03:51 . 2011-09-17 10:16 1543488 ----a-w- c:\windows\system32\nvdispco64.dll
2011-11-08 03:51 . 2011-09-17 10:16 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 07:25 . 2011-10-15 07:25 29184 ----a-r- c:\users\Darren\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2011-10-03 04:06 . 2011-09-19 16:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-24 08:43 . 2011-09-24 08:43 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-17 13:15 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-17 13:15 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-17 12:03 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-17 10:43 . 2011-09-17 10:43 53248 ----a-w- c:\windows\SysWow64\iernnonce.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-28_17.25.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-28 17:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-29 18:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-29 18:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-28 17:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-29 18:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-28 17:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-29 18:13 . 2011-11-29 18:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-28 17:24 . 2011-11-28 17:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-11-28 17:24 231724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-29 18:12 231724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2011-11-28 20:12 2954572 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-28 20:12 1262244 c:\windows\system32\perfc009.dat
+ 2011-09-17 11:05 . 2011-11-29 18:12 27365872 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2336325715-1334469260-311099162-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F823386-2459-4307-32BD-795D2B2E2BE8}]
2009-07-14 01:11 98304 ----a-w- c:\windows\SysWOW64\KBBDINBE2.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 PTLIBUSB0;PRUFTECHNIK-USB-WIN-KERNEL DRIVER 02/25/2008, 1.12.0.1;c:\windows\system32\DRIVERS\PTLIBUSB0.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 inpoutx64;inpoutx64;c:\windows\system32\Drivers\inpoutx64.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-07 381248]
S3 NmPar;PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 13:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\lwr59kb5.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2336325715-1334469260-311099162-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2336325715-1334469260-311099162-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2011-11-29 18:26:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 18:26
.
Pre-Run: 6,400,720,896 bytes free
Post-Run: 6,359,461,888 bytes free
.
- - End Of File - - 0B8F06CDE190D70DDE8FC16265118A24

Edited by Grale, 29 November 2011 - 01:30 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:51 AM

Posted 29 November 2011 - 03:21 PM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Grale

Grale
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 30 November 2011 - 01:13 PM

Screenshot attached.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users