Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Win7 Spyware 2012, now have problems.


  • This topic is locked This topic is locked
27 replies to this topic

#1 Gonzowerke

Gonzowerke

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 11 December 2011 - 09:13 PM

Hello All,

I was infected with the fake removal tool Win7 Spyware 2012, and removed it with Spybot Search and destroy. After doing this, I noticed my harddrive was constantly being accessed, and my activity light on my motherboard's network controller was blinking like mad, even though as a test I went into taskmanager and shut down all programs. Also, my screen would black out momentarily, and then come back on with no apparent changes. I have Firefox set to not allow pop ups, and to warn on re-directs, but every so often, not every time I clicked a link, I would get re-directed in a new tab to some BS site for some product or another. I opened taskmanager, and 3 processes were listed as having no Username nor description. right clicking and selecting open location would not work. The three processes were; ATICLIEXX.EXE, CSRSS.EXE, and WINLOGON.EXE. I disabled the ATI executable, and when I ran in safe mode with networking, and opened task manager, CSRSS.EXE was listed with SYSTEM as the user, and I could open it's location folder. WINLOGON.EXE did not appear. Reboot in normal mode, and they were listed with no user and access was denied again. I ran McAfee, Super anti-spyware, and MalwareBytes, and only Malwarebytes found a problem, removing 2 trojans and 10 tracking cookies. Problem still persisted. I then ran Webroot, and it found and removed 2 trojans, but the problems still persisted. I then found and ran Hitman pro 3.5, and after it found and removed some hinky registry key values, all seemed good...for about 30 minutes. I no longer have the blacking screen and the re-directs opening new tabs, and my hard drive seems to be no longer sending info to the net, but now firefox is occasionally telling me it is blocking an attempted re-direct. It will happen 2 out of 3 links I click on for sites. I installed Hijack this to make a log, but it seems to hang up on me, and right clicking the program icon, not the shortcut, does not give me the option to run as admin. I did select the troubleshoot compatibility option, and it finally made a log. After being directed here by a Mod on McAfee communities, I installed DSS and made a log with that too.

I am afraid to do anything online with this PC right now. Any help I can get to fix this issue would be greatly appreciated! I have included the relevant info below.

Thanks in advance,

Chris


Here is my system info;

Microsoft Windows 7 Home Premium
Motherboard: Gigabyte GA-770TA-UD3
Processor: AMD Athlon II X4 630 Processor 2800/200mhz
4 gig RAM
ATI Radeon 5700 by Saphire


Here is the DDS Log;

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by The Gagnons at 20:14:33 on 2011-12-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2657 [GMT -5:00]
.
AV: AVG Internet Security *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Internet Security *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {34A811A1-D438-CA83-C13E-A23981B1E8F9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxblcoms.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.yahoo.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{92620506-DFF0-4BF9-9F04-8B7B240AB474} : DhcpNameServer = 68.87.73.246 68.87.71.230
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\The Gagnons\AppData\Roaming\Mozilla\Firefox\Profiles\7xvmknnd.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\The Gagnons\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\system32\Drivers\AVGIDSwa.sys --> C:\Windows\system32\Drivers\AVGIDSwa.sys [?]
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-4-18 308064]
R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2010-4-18 2325816]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-3-28 65536]
R2 lxbl_device;lxbl_device;C:\Windows\system32\lxblcoms.exe -service --> C:\Windows\system32\lxblcoms.exe -service [?]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2011-12-10 637208]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-4-18 132616]
R3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-4-18 35848]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 66632]
S2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-4-18 916760]
S2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-4-18 5888008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-26 1153368]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-4-18 431432]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro35.sys --> C:\Windows\system32\drivers\hitmanpro35.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
.
=============== Created Last 30 ================
.
2011-12-11 16:29:05 388096 ----a-r- C:\Users\The Gagnons\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-11 16:29:05 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-12-10 23:32:25 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-12-10 23:32:25 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-12-10 23:31:24 -------- d-----w- C:\ProgramData\Hitman Pro
2011-12-10 23:26:15 91832 ----a-w- C:\Windows\System32\WRusr.dll
2011-12-10 23:26:15 141272 ----a-w- C:\Windows\SysWow64\WRusr.dll
2011-12-10 23:26:14 108896 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2011-12-10 23:26:14 -------- d-----w- C:\Program Files\Webroot
2011-12-10 23:25:04 -------- d-----w- C:\ProgramData\WRData
2011-12-09 07:10:28 -------- d-----we C:\Windows\system64
2011-12-08 05:02:34 -------- d-----w- C:\Users\The Gagnons\AppData\Roaming\Unity
2011-12-08 04:16:17 -------- d-----w- C:\Users\The Gagnons\AppData\Local\Unity
2011-12-02 18:20:32 -------- d-----w- C:\Users\The Gagnons\AppData\Local\AMD
2011-12-02 18:19:53 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-12-02 18:19:42 -------- d-----w- C:\ProgramData\AMD
2011-12-02 18:19:41 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
.
==================== Find3M ====================
.
2011-10-26 03:05:10 10496512 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-26 02:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-10-26 02:21:48 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-10-26 02:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll
2011-10-26 02:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll
2011-10-26 02:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll
2011-10-26 02:20:42 13950464 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-10-26 02:19:56 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-10-26 02:19:50 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-10-26 02:16:06 24866816 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-26 02:06:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-26 02:05:58 748544 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-26 02:04:28 892416 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-26 02:01:46 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-26 02:01:36 517120 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-26 02:00:58 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-26 01:59:48 18757120 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-26 01:59:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-26 01:59:22 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-26 01:59:16 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-26 01:59:04 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-26 01:58:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-26 01:58:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-26 01:58:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-26 01:55:48 4292096 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-26 01:46:12 5041664 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-26 01:43:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-26 01:43:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-26 01:43:12 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-26 01:38:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-26 01:38:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-26 01:38:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-26 01:38:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-26 01:38:08 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-26 01:35:38 4353536 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-26 01:34:56 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-26 01:32:30 4189184 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-26 01:29:32 5510144 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-26 01:29:24 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-26 01:22:38 486912 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-26 01:22:30 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-26 01:22:20 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-26 01:22:16 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-26 01:22:16 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-26 01:22:12 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-26 01:22:06 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-26 01:21:58 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-26 01:21:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-26 01:21:06 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-26 01:21:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-26 01:20:52 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-26 01:20:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-10-01 18:46:00 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:15:11.64 ===============



and here is the HijackThis log;


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:59:21 PM, on 12/11/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe

--
End of file - 6395 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 18 December 2011 - 03:19 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Gonzowerke

Gonzowerke
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 18 December 2011 - 06:58 PM

Gringo,

Thanks for helping me. The two DDS logs are below,the problems I'm having are the still as listed in my OP, with the exception of a phone call from my bank. Seems someone donated $25 dollars four times to the Las Vegas police, then tried a $3795.00 purchase at an office supply store, all on my Suntrust debit card. They approved the small ones, but denied the big one and called me. they are launching an investigation and giving me my $100 back. As I said in the OP, I am afraid to do anything with this pc right now, so the info must be stored somewhere on it as they got it anyway. I turned off and cleared autofill as a precaution.

Thank you again for all your help!

Chris


DDS Log;

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by The Gagnons at 17:11:55 on 2011-12-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2737 [GMT -5:00]
.
AV: AVG Internet Security *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Internet Security *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {34A811A1-D438-CA83-C13E-A23981B1E8F9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxblcoms.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.yahoo.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{92620506-DFF0-4BF9-9F04-8B7B240AB474} : DhcpNameServer = 68.87.73.246 68.87.71.230
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\The Gagnons\AppData\Roaming\Mozilla\Firefox\Profiles\7xvmknnd.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\The Gagnons\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\system32\Drivers\AVGIDSwa.sys --> C:\Windows\system32\Drivers\AVGIDSwa.sys [?]
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-4-18 308064]
R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2010-4-18 2325816]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-3-28 65536]
R2 lxbl_device;lxbl_device;C:\Windows\system32\lxblcoms.exe -service --> C:\Windows\system32\lxblcoms.exe -service [?]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2011-12-10 637208]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-4-18 132616]
R3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-4-18 35848]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 66632]
S2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-4-18 916760]
S2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-4-18 5888008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-26 1153368]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-4-18 431432]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro35.sys --> C:\Windows\system32\drivers\hitmanpro35.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
.
=============== Created Last 30 ================
.
2011-12-16 00:15:46 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-12-16 00:15:46 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-12-15 23:32:59 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-15 23:31:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 23:31:05 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-11 16:29:05 388096 ----a-r- C:\Users\The Gagnons\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-11 16:29:05 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-12-10 23:32:25 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-12-10 23:32:25 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-12-10 23:31:24 -------- d-----w- C:\ProgramData\Hitman Pro
2011-12-10 23:26:15 91832 ----a-w- C:\Windows\System32\WRusr.dll
2011-12-10 23:26:15 141272 ----a-w- C:\Windows\SysWow64\WRusr.dll
2011-12-10 23:26:14 108896 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2011-12-10 23:26:14 -------- d-----w- C:\Program Files\Webroot
2011-12-10 23:25:04 -------- d-----w- C:\ProgramData\WRData
2011-12-09 07:10:28 -------- d-----we C:\Windows\system64
2011-12-08 05:02:34 -------- d-----w- C:\Users\The Gagnons\AppData\Roaming\Unity
2011-12-08 04:16:17 -------- d-----w- C:\Users\The Gagnons\AppData\Local\Unity
2011-12-02 18:20:32 -------- d-----w- C:\Users\The Gagnons\AppData\Local\AMD
2011-12-02 18:19:53 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-12-02 18:19:42 -------- d-----w- C:\ProgramData\AMD
2011-12-02 18:19:41 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
.
==================== Find3M ====================
.
2011-12-16 00:21:35 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-10 10:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-26 03:05:10 10496512 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-26 02:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-10-26 02:21:48 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-10-26 02:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll
2011-10-26 02:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll
2011-10-26 02:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll
2011-10-26 02:20:42 13950464 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-10-26 02:19:56 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-10-26 02:19:50 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-10-26 02:16:06 24866816 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-26 02:06:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-26 02:05:58 748544 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-26 02:04:28 892416 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-26 02:01:46 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-26 02:01:36 517120 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-26 02:00:58 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-26 01:59:48 18757120 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-26 01:59:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-26 01:59:22 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-26 01:59:16 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-26 01:59:04 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-26 01:58:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-26 01:58:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-26 01:58:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-26 01:55:48 4292096 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-26 01:46:12 5041664 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-26 01:43:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-26 01:43:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-26 01:43:12 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-26 01:38:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-26 01:38:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-26 01:38:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-26 01:38:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-26 01:38:08 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-26 01:35:38 4353536 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-26 01:34:56 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-26 01:32:30 4189184 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-26 01:29:32 5510144 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-26 01:29:24 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-26 01:22:38 486912 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-26 01:22:30 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-26 01:22:20 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-26 01:22:16 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-26 01:22:16 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-26 01:22:12 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-26 01:22:06 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-26 01:21:58 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-26 01:21:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-26 01:21:06 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-26 01:21:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-26 01:20:52 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-26 01:20:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 17:12:21.58 ===============



Attach.txt



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/26/2010 7:41:20 PM
System Uptime: 12/18/2011 11:16:13 AM (6 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-770TA-UD3
Processor: AMD Athlon™ II X4 630 Processor | Socket M2 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 462.785 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AVG AVI Loader Driver x64
Device ID: ROOT\LEGACY_AVGLDX64\0000
Manufacturer:
Name: AVG AVI Loader Driver x64
PNP Device ID: ROOT\LEGACY_AVGLDX64\0000
Service: AvgLdx64
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
Advertising Center
Aliens vs. Predator
Alliance of Valiant Arms
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
ATI Catalyst Registration
AVG 9.0
BioShock
BlackBerry Desktop Software 6.0
Brink
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
DARK VOID
Dead Space
DolbyFiles
Fallout 3 - Game of the Year Edition
Fallout: New Vegas
ffdshow [rev 2527] [2008-12-19]
GECK - New Vegas Edition
Gigabyte Raid Cinfigurer
Grand Theft Auto: Vice City
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life® 2
Half-Life: Blue Shift
Half-Life: Opposing Force
Half-Life: Source
HiJackThis
HydraVision
ImagXpress
Java Auto Updater
Java™ 6 Update 30
Left 4 Dead 2
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.2.1300
Mass Effect
Mass Effect 2
McAfee Security Scan Plus
Metro 2033
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MotoHelper 2.0.53 Driver 5.2.0
MotoHelper MergeModules
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
Nero 9 Essentials
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Update
Nero Vision
Nero Vision Help
nero.prerequisites.msi
NeroExpress
neroxml
NVIDIA PhysX
Portal
Post Apocalyptic Mayhem
Quake II
Quake II: Ground Zero
Quake II: The Reckoning
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
redist
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
S.T.A.L.K.E.R.: Shadow of Chernobyl
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Serious Sam Classic: The First Encounter
Serious Sam Classic: The Second Encounter
Serious Sam HD: The First Encounter
Serious Sam HD: The Second Encounter
Spybot - Search & Destroy
Star Trek DAC
Star Wars: The Force Unleashed
Steam
SUPERAntiSpyware Free Edition
System Shock2
Team Fortress 2
The Lord of the Rings FREE Trial
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Verizon V CAST Media Manager
Visual C++ 8.0 Runtime Setup Package (x64)
Warhammer 40,000 Space Marine
Warhammer 40,000: Space Marine Prima Official Strategy Guide
Webroot SecureAnywhere
Windows Media Player 5.2
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
12/18/2011 11:17:12 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
12/18/2011 11:17:12 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
12/18/2011 11:17:12 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
12/18/2011 11:17:12 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
12/18/2011 11:16:47 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx64 SASDIFSV SASKUTIL
12/18/2011 11:16:44 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
12/18/2011 11:16:44 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/18/2011 11:16:44 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
12/18/2011 11:16:42 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/18/2011 11:16:42 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/18/2011 11:16:35 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88009794248, 0xfffff88009793ab0, 0xfffff880014398a0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121811-21840-01.
12/18/2011 11:16:25 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/18/2011 11:16:25 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/15/2011 7:20:56 PM, Error: Service Control Manager [7023] -
12/15/2011 7:19:10 PM, Error: Service Control Manager [7000] - The MotoHelper Service service failed to start due to the following error: The pipe has been ended.
12/15/2011 7:19:08 PM, Error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The pipe has been ended.
12/15/2011 7:19:07 PM, Error: Service Control Manager [7031] - The Nero BackItUp Scheduler 4.0 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.
12/15/2011 7:19:06 PM, Error: Service Control Manager [7034] - The Nero Update service terminated unexpectedly. It has done this 1 time(s).
12/15/2011 7:19:06 PM, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/15/2011 7:19:06 PM, Error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
12/15/2011 7:19:01 PM, Error: Service Control Manager [7031] - The Nero BackItUp Scheduler 4.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.
12/15/2011 7:19:00 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
12/15/2011 7:18:59 PM, Error: Service Control Manager [7034] - The JMB36X service terminated unexpectedly. It has done this 1 time(s).
12/15/2011 7:18:59 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/15/2011 7:18:57 PM, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/15/2011 7:15:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
12/14/2011 6:09:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000000031, 0xfffffa800544d340, 0xfffff880065a7000, 0xfffff8a0094ea8d7). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121411-25194-01.
12/11/2011 11:22:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa80008d2070, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121111-16114-01.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 19 December 2011 - 12:22 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Gonzowerke

Gonzowerke
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 21 December 2011 - 08:02 PM

Gringo,

For some reason, even though I disabled them, when Combofix rebooted my PC some of my AV's came back on too, and I think they interfered, even though I clicked allow when it warned me of what Combofix was doing. I will try again tomorrow when I get home from work. I include the Combofix log that was generated just in case it shows something you see as a problem. No new problems have occured, but it still tries to re-direct me on every web page I visit.

Thanks again for your help!

Chris



ComboFix 11-12-19.03 - The Gagnons 12/19/2011 20:55:08.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2700 [GMT -5:00]
Running from: c:\users\The Gagnons\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
FW: AVG Firewall *Disabled* {34A811A1-D438-CA83-C13E-A23981B1E8F9}
SP: AVG Internet Security *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\SysWow64\system
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 02:00 . 2011-12-20 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-16 00:15 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-12-16 00:15 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-12-15 23:32 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-15 23:31 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 23:31 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 23:18 . 2011-12-14 23:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-11 16:29 . 2011-12-11 16:29 388096 ----a-r- c:\users\The Gagnons\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-11 16:29 . 2011-12-11 16:29 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-10 23:32 . 2011-12-10 23:39 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-10 23:32 . 2011-12-10 23:32 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-12-10 23:31 . 2011-12-10 23:36 -------- d-----w- c:\programdata\Hitman Pro
2011-12-10 23:26 . 2011-12-15 16:20 91832 ----a-w- c:\windows\system32\WRusr.dll
2011-12-10 23:26 . 2011-12-15 16:20 141272 ----a-w- c:\windows\SysWow64\WRusr.dll
2011-12-10 23:26 . 2011-12-15 16:20 108896 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-12-10 23:26 . 2011-12-15 16:20 -------- d-----w- c:\program files\Webroot
2011-12-10 23:25 . 2011-12-20 02:03 -------- d-----w- c:\programdata\WRData
2011-12-09 07:10 . 2011-12-09 07:10 -------- d-----we c:\windows\system64
2011-12-08 05:02 . 2011-12-08 05:02 -------- d-----w- c:\users\The Gagnons\AppData\Roaming\Unity
2011-12-08 04:16 . 2011-12-08 04:16 -------- d-----w- c:\users\The Gagnons\AppData\Local\Unity
2011-12-02 18:20 . 2011-12-02 18:20 -------- d-----w- c:\users\The Gagnons\AppData\Local\AMD
2011-12-02 18:20 . 2011-12-02 18:20 -------- d-----w- c:\programdata\ATI
2011-12-02 18:19 . 2011-12-02 18:19 -------- d-----w- c:\program files (x86)\AMD APP
2011-12-02 18:19 . 2011-12-02 18:19 -------- d-----w- c:\programdata\AMD
2011-12-02 18:19 . 2010-02-18 14:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 00:21 . 2011-05-22 14:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 10:54 . 2011-02-20 23:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-26 03:05 . 2011-10-26 03:05 10496512 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-26 02:21 . 2011-10-26 02:21 66560 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-10-26 02:21 . 2011-10-26 02:21 66560 ----a-w- c:\windows\system32\OVDecoder64.dll
2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll
2011-10-26 02:21 . 2011-10-26 02:21 16991744 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-26 02:20 . 2011-10-26 02:20 13950464 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-10-26 02:19 . 2011-10-26 02:19 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-26 02:19 . 2011-10-26 02:19 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-26 02:16 . 2011-10-26 02:16 24866816 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-26 02:06 . 2011-10-26 02:06 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 02:05 . 2011-10-26 02:05 748544 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-10-26 02:04 . 2010-03-03 04:15 892416 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-26 02:01 . 2011-10-26 02:01 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:01 . 2011-10-26 02:01 517120 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-26 02:00 . 2011-10-26 02:00 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-26 01:59 . 2011-10-26 01:59 18757120 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-26 01:59 . 2011-10-26 01:59 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-26 01:59 . 2011-10-26 01:59 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-26 01:58 . 2011-10-26 01:58 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-26 01:58 . 2011-10-26 01:58 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-26 01:58 . 2011-10-26 01:58 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-26 01:55 . 2011-10-26 01:55 4292096 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-10-26 01:46 . 2009-11-25 03:04 5041664 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-26 01:43 . 2011-10-26 01:43 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-26 01:43 . 2011-10-26 01:43 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-26 01:43 . 2011-10-26 01:43 4044288 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-26 01:38 . 2011-10-26 01:38 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-26 01:38 . 2011-10-26 01:38 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-10-26 01:38 . 2011-10-26 01:38 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-26 01:38 . 2011-10-26 01:38 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-10-26 01:38 . 2011-10-26 01:38 9978880 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-26 01:35 . 2011-10-26 01:35 4353536 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-10-26 01:34 . 2011-10-26 01:34 8449024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-10-26 01:32 . 2011-10-26 01:32 4189184 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-10-26 01:29 . 2011-10-26 01:29 5510144 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-26 01:29 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-26 01:22 . 2011-10-26 01:22 486912 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 339968 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-26 01:22 . 2011-10-26 01:22 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-26 01:22 . 2011-10-26 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-10-26 01:21 . 2011-10-26 01:21 326656 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-26 01:21 . 2010-03-03 03:06 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-26 01:21 . 2011-10-26 01:21 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-26 01:21 . 2011-10-26 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-26 01:20 . 2011-10-26 01:20 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-10-26 01:20 . 2011-10-26 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:16 . 2011-10-26 01:16 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-10-26 01:16 . 2011-10-26 01:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2118984]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-09-27 17:31 2118984 ----a-w- c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2118984]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-08 1242448]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SUPERAntiSpyware"="c:\program files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-29 2012912]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2010-12-08 5247624]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2010-04-19 2064736]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2011-12-15 637208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-04-18 916760]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-09-27 431432]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwa.sys [x]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-26 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-04-18 308064]
S2 avgfws9;AVG Firewall;c:\program files (x86)\AVG\AVG9\avgfws9.exe [2010-04-18 2325816]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
S2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 566704]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2011-12-15 637208]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-04-18 132616]
S3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-04-18 35848]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = my.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\The Gagnons\AppData\Roaming\Mozilla\Firefox\Profiles\7xvmknnd.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3670261082-2514615973-3324030379-1001\Software\SecuROM\License information*]
"datasecu"=hex:6a,aa,d2,7f,db,0b,b0,ac,bb,8c,39,bf,77,70,f2,85,e6,c5,d8,ca,1c,
41,d0,80,04,15,1d,88,5e,a8,16,0a,13,21,6b,41,a5,a9,6f,ff,56,13,6d,b6,25,87,\
"rkeysecu"=hex:27,14,5d,c0,8d,38,37,a6,c5,13,56,73,1c,14,84,9f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\AVG\AVG9\avgtray.exe
c:\program files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2011-12-19 21:10:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-20 02:10
.
Pre-Run: 496,659,378,176 bytes free
Post-Run: 496,883,478,528 bytes free
.
- - End Of File - - 158FFF72263C5C17A8381C1CE0E71A0C

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 21 December 2011 - 10:13 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Gonzowerke

Gonzowerke
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 22 December 2011 - 07:20 PM

Gringo,

It found nothing weird, yet I still have the redirect issue.


Here is the log;



19:12:41.0914 9324 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27
19:12:42.0164 9324 ============================================================
19:12:42.0164 9324 Current date / time: 2011/12/22 19:12:42.0164
19:12:42.0164 9324 SystemInfo:
19:12:42.0164 9324
19:12:42.0164 9324 OS Version: 6.1.7600 ServicePack: 0.0
19:12:42.0164 9324 Product type: Workstation
19:12:42.0164 9324 ComputerName: HAL-9000
19:12:42.0164 9324 UserName: The Gagnons
19:12:42.0164 9324 Windows directory: C:\Windows
19:12:42.0164 9324 System windows directory: C:\Windows
19:12:42.0164 9324 Running under WOW64
19:12:42.0164 9324 Processor architecture: Intel x64
19:12:42.0164 9324 Number of processors: 4
19:12:42.0164 9324 Page size: 0x1000
19:12:42.0164 9324 Boot type: Normal boot
19:12:42.0164 9324 ============================================================
19:12:43.0131 9324 Initialize success
19:12:55.0330 12884 ============================================================
19:12:55.0330 12884 Scan started
19:12:55.0330 12884 Mode: Manual;
19:12:55.0330 12884 ============================================================
19:12:55.0814 12884 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:12:55.0814 12884 1394ohci - ok
19:12:55.0845 12884 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:12:55.0845 12884 ACPI - ok
19:12:55.0876 12884 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:12:55.0876 12884 AcpiPmi - ok
19:12:55.0892 12884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:12:55.0907 12884 adp94xx - ok
19:12:55.0923 12884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:12:55.0923 12884 adpahci - ok
19:12:55.0939 12884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:12:55.0939 12884 adpu320 - ok
19:12:55.0985 12884 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
19:12:56.0001 12884 AFD - ok
19:12:56.0017 12884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:12:56.0017 12884 agp440 - ok
19:12:56.0048 12884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:12:56.0048 12884 aliide - ok
19:12:56.0095 12884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:12:56.0095 12884 amdide - ok
19:12:56.0110 12884 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
19:12:56.0126 12884 amdiox64 - ok
19:12:56.0157 12884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:12:56.0157 12884 AmdK8 - ok
19:12:56.0329 12884 amdkmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
19:12:56.0375 12884 amdkmdag - ok
19:12:56.0407 12884 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
19:12:56.0407 12884 amdkmdap - ok
19:12:56.0438 12884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:12:56.0438 12884 AmdPPM - ok
19:12:56.0453 12884 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
19:12:56.0453 12884 amdsata - ok
19:12:56.0469 12884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:12:56.0469 12884 amdsbs - ok
19:12:56.0485 12884 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
19:12:56.0485 12884 amdxata - ok
19:12:56.0547 12884 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:12:56.0547 12884 AODDriver4.01 - ok
19:12:56.0563 12884 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:12:56.0563 12884 AppID - ok
19:12:56.0609 12884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:12:56.0609 12884 arc - ok
19:12:56.0625 12884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:12:56.0625 12884 arcsas - ok
19:12:56.0656 12884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:12:56.0656 12884 AsyncMac - ok
19:12:56.0672 12884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:12:56.0672 12884 atapi - ok
19:12:56.0719 12884 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
19:12:56.0719 12884 AtiHDAudioService - ok
19:12:56.0765 12884 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
19:12:56.0765 12884 AtiHdmiService - ok
19:12:56.0906 12884 atikmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
19:12:56.0953 12884 atikmdag - ok
19:12:57.0015 12884 Avgfwfd (b611370218f2a7dd6d0f089781eb8eae) C:\Windows\system32\DRIVERS\avgfwd6a.sys
19:12:57.0015 12884 Avgfwfd - ok
19:12:57.0062 12884 AVGIDSDriverw7a (35c281a248887a8eb3bced7e3418c631) C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys
19:12:57.0077 12884 AVGIDSDriverw7a - ok
19:12:57.0109 12884 AVGIDSErHrw7a (3a1393e733d068ba14a1089ea907f081) C:\Windows\system32\Drivers\AVGIDSwa.sys
19:12:57.0109 12884 AVGIDSErHrw7a - ok
19:12:57.0109 12884 AVGIDSFilterw7a (6e683d9dbdddf650d2fcc85757167305) C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys
19:12:57.0109 12884 AVGIDSFilterw7a - ok
19:12:57.0140 12884 AvgLdx64 (033157ae7f8067b85e94635491b69b03) C:\Windows\system32\Drivers\avgldx64.sys
19:12:57.0140 12884 AvgLdx64 - ok
19:12:57.0171 12884 AvgMfx64 (826e5265069f43069fcdbec6a4ea3f3c) C:\Windows\system32\Drivers\avgmfx64.sys
19:12:57.0171 12884 AvgMfx64 - ok
19:12:57.0187 12884 AvgRkx64 (5e7f0f9cbe0f7823371a4d51df29f7ff) C:\Windows\system32\Drivers\avgrkx64.sys
19:12:57.0187 12884 AvgRkx64 - ok
19:12:57.0202 12884 AvgTdiA (defebee78a1d11a9c5364cfe0536f795) C:\Windows\system32\Drivers\avgtdia.sys
19:12:57.0218 12884 AvgTdiA - ok
19:12:57.0249 12884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:12:57.0249 12884 b06bdrv - ok
19:12:57.0265 12884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:12:57.0265 12884 b57nd60a - ok
19:12:57.0296 12884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:12:57.0296 12884 Beep - ok
19:12:57.0311 12884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:12:57.0311 12884 blbdrive - ok
19:12:57.0358 12884 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:12:57.0358 12884 bowser - ok
19:12:57.0389 12884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:12:57.0389 12884 BrFiltLo - ok
19:12:57.0405 12884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:12:57.0405 12884 BrFiltUp - ok
19:12:57.0436 12884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:12:57.0436 12884 Brserid - ok
19:12:57.0452 12884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:12:57.0452 12884 BrSerWdm - ok
19:12:57.0467 12884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:12:57.0467 12884 BrUsbMdm - ok
19:12:57.0483 12884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:12:57.0483 12884 BrUsbSer - ok
19:12:57.0514 12884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:12:57.0514 12884 BTHMODEM - ok
19:12:57.0530 12884 catchme - ok
19:12:57.0545 12884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:12:57.0545 12884 cdfs - ok
19:12:57.0561 12884 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:12:57.0561 12884 cdrom - ok
19:12:57.0592 12884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:12:57.0592 12884 circlass - ok
19:12:57.0623 12884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:12:57.0623 12884 CLFS - ok
19:12:57.0670 12884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:12:57.0670 12884 CmBatt - ok
19:12:57.0701 12884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:12:57.0701 12884 cmdide - ok
19:12:57.0733 12884 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
19:12:57.0733 12884 CNG - ok
19:12:57.0748 12884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:12:57.0748 12884 Compbatt - ok
19:12:57.0764 12884 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:12:57.0764 12884 CompositeBus - ok
19:12:57.0779 12884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:12:57.0779 12884 crcdisk - ok
19:12:57.0826 12884 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:12:57.0826 12884 DfsC - ok
19:12:57.0842 12884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:12:57.0842 12884 discache - ok
19:12:57.0873 12884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:12:57.0873 12884 Disk - ok
19:12:57.0920 12884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:12:57.0920 12884 drmkaud - ok
19:12:58.0045 12884 dump_wmimmc - ok
19:12:58.0091 12884 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:12:58.0091 12884 DXGKrnl - ok
19:12:58.0169 12884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:12:58.0201 12884 ebdrv - ok
19:12:58.0247 12884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:12:58.0247 12884 elxstor - ok
19:12:58.0263 12884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:12:58.0263 12884 ErrDev - ok
19:12:58.0294 12884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:12:58.0294 12884 exfat - ok
19:12:58.0310 12884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:12:58.0310 12884 fastfat - ok
19:12:58.0325 12884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:12:58.0325 12884 fdc - ok
19:12:58.0341 12884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:12:58.0341 12884 FileInfo - ok
19:12:58.0357 12884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:12:58.0357 12884 Filetrace - ok
19:12:58.0372 12884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:12:58.0388 12884 flpydisk - ok
19:12:58.0403 12884 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:12:58.0403 12884 FltMgr - ok
19:12:58.0419 12884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:12:58.0419 12884 FsDepends - ok
19:12:58.0419 12884 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:12:58.0419 12884 Fs_Rec - ok
19:12:58.0450 12884 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:12:58.0466 12884 fvevol - ok
19:12:58.0481 12884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:12:58.0481 12884 gagp30kx - ok
19:12:58.0497 12884 gdrv - ok
19:12:58.0528 12884 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:12:58.0528 12884 GEARAspiWDM - ok
19:12:58.0559 12884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:12:58.0559 12884 hcw85cir - ok
19:12:58.0591 12884 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:12:58.0591 12884 HdAudAddService - ok
19:12:58.0637 12884 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:12:58.0637 12884 HDAudBus - ok
19:12:58.0653 12884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:12:58.0653 12884 HidBatt - ok
19:12:58.0669 12884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:12:58.0669 12884 HidBth - ok
19:12:58.0684 12884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:12:58.0684 12884 HidIr - ok
19:12:58.0715 12884 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:12:58.0715 12884 HidUsb - ok
19:12:58.0762 12884 hitmanpro35 (c6ff685e2ea55c3ac5c90b9e7d6930c0) C:\Windows\system32\drivers\hitmanpro35.sys
19:12:58.0762 12884 hitmanpro35 - ok
19:12:58.0825 12884 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:12:58.0825 12884 HpSAMD - ok
19:12:58.0856 12884 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:12:58.0871 12884 HTTP - ok
19:12:58.0903 12884 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:12:58.0903 12884 hwpolicy - ok
19:12:58.0934 12884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:12:58.0934 12884 i8042prt - ok
19:12:58.0949 12884 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
19:12:58.0949 12884 iaStorV - ok
19:12:58.0965 12884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:12:58.0965 12884 iirsp - ok
19:12:58.0996 12884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:12:58.0996 12884 intelide - ok
19:12:59.0012 12884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:12:59.0012 12884 intelppm - ok
19:12:59.0043 12884 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:12:59.0043 12884 IpFilterDriver - ok
19:12:59.0059 12884 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:12:59.0059 12884 IPMIDRV - ok
19:12:59.0074 12884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:12:59.0074 12884 IPNAT - ok
19:12:59.0121 12884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:12:59.0121 12884 IRENUM - ok
19:12:59.0137 12884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:12:59.0137 12884 isapnp - ok
19:12:59.0168 12884 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:12:59.0168 12884 iScsiPrt - ok
19:12:59.0215 12884 JRAID (6ebe4832b1a7c063fdf87035afc1e3dc) C:\Windows\system32\DRIVERS\jraid.sys
19:12:59.0215 12884 JRAID - ok
19:12:59.0230 12884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:12:59.0230 12884 kbdclass - ok
19:12:59.0246 12884 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:12:59.0246 12884 kbdhid - ok
19:12:59.0261 12884 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
19:12:59.0277 12884 KSecDD - ok
19:12:59.0293 12884 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
19:12:59.0293 12884 KSecPkg - ok
19:12:59.0293 12884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:12:59.0293 12884 ksthunk - ok
19:12:59.0339 12884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:12:59.0339 12884 lltdio - ok
19:12:59.0371 12884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:12:59.0371 12884 LSI_FC - ok
19:12:59.0386 12884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:12:59.0386 12884 LSI_SAS - ok
19:12:59.0386 12884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:12:59.0386 12884 LSI_SAS2 - ok
19:12:59.0417 12884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:12:59.0417 12884 LSI_SCSI - ok
19:12:59.0417 12884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:12:59.0417 12884 luafv - ok
19:12:59.0464 12884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:12:59.0464 12884 megasas - ok
19:12:59.0480 12884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:12:59.0480 12884 MegaSR - ok
19:12:59.0495 12884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:12:59.0495 12884 Modem - ok
19:12:59.0511 12884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:12:59.0511 12884 monitor - ok
19:12:59.0527 12884 motandroidusb - ok
19:12:59.0558 12884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:12:59.0558 12884 mouclass - ok
19:12:59.0573 12884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:12:59.0573 12884 mouhid - ok
19:12:59.0589 12884 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:12:59.0589 12884 mountmgr - ok
19:12:59.0605 12884 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:12:59.0605 12884 mpio - ok
19:12:59.0620 12884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:12:59.0620 12884 mpsdrv - ok
19:12:59.0636 12884 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:12:59.0636 12884 MRxDAV - ok
19:12:59.0667 12884 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:12:59.0667 12884 mrxsmb - ok
19:12:59.0683 12884 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:12:59.0683 12884 mrxsmb10 - ok
19:12:59.0698 12884 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:12:59.0698 12884 mrxsmb20 - ok
19:12:59.0714 12884 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:12:59.0714 12884 msahci - ok
19:12:59.0729 12884 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:12:59.0729 12884 msdsm - ok
19:12:59.0761 12884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:12:59.0761 12884 Msfs - ok
19:12:59.0776 12884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:12:59.0776 12884 mshidkmdf - ok
19:12:59.0792 12884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:12:59.0792 12884 msisadrv - ok
19:12:59.0823 12884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:12:59.0823 12884 MSKSSRV - ok
19:12:59.0839 12884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:12:59.0839 12884 MSPCLOCK - ok
19:12:59.0854 12884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:12:59.0854 12884 MSPQM - ok
19:12:59.0870 12884 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:12:59.0870 12884 MsRPC - ok
19:12:59.0885 12884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:12:59.0885 12884 mssmbios - ok
19:12:59.0901 12884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:12:59.0901 12884 MSTEE - ok
19:12:59.0917 12884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:12:59.0917 12884 MTConfig - ok
19:12:59.0932 12884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:12:59.0932 12884 Mup - ok
19:12:59.0963 12884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:12:59.0963 12884 NativeWifiP - ok
19:13:00.0026 12884 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:13:00.0041 12884 NDIS - ok
19:13:00.0041 12884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:13:00.0057 12884 NdisCap - ok
19:13:00.0073 12884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:13:00.0073 12884 NdisTapi - ok
19:13:00.0073 12884 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:13:00.0073 12884 Ndisuio - ok
19:13:00.0135 12884 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:13:00.0135 12884 NdisWan - ok
19:13:00.0213 12884 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:13:00.0213 12884 NDProxy - ok
19:13:00.0244 12884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:13:00.0244 12884 NetBIOS - ok
19:13:00.0260 12884 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:13:00.0260 12884 NetBT - ok
19:13:00.0307 12884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:13:00.0307 12884 nfrd960 - ok
19:13:00.0322 12884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:13:00.0322 12884 Npfs - ok
19:13:00.0338 12884 NPPTNT2 - ok
19:13:00.0338 12884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:13:00.0338 12884 nsiproxy - ok
19:13:00.0369 12884 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
19:13:00.0385 12884 Ntfs - ok
19:13:00.0385 12884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:13:00.0385 12884 Null - ok
19:13:00.0416 12884 nusb3hub (a61b0af4d6b934928cfd1140deea5c8d) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:13:00.0416 12884 nusb3hub - ok
19:13:00.0447 12884 nusb3xhc (fa4b2f20561bdbcc6b9ac3e3bdcd7e3f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:13:00.0447 12884 nusb3xhc - ok
19:13:00.0463 12884 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
19:13:00.0463 12884 nvraid - ok
19:13:00.0478 12884 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
19:13:00.0478 12884 nvstor - ok
19:13:00.0494 12884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:13:00.0494 12884 nv_agp - ok
19:13:00.0509 12884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:13:00.0509 12884 ohci1394 - ok
19:13:00.0525 12884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:13:00.0525 12884 Parport - ok
19:13:00.0541 12884 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:13:00.0556 12884 partmgr - ok
19:13:00.0572 12884 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:13:00.0572 12884 pci - ok
19:13:00.0587 12884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:13:00.0587 12884 pciide - ok
19:13:00.0603 12884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:13:00.0603 12884 pcmcia - ok
19:13:00.0634 12884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:13:00.0634 12884 pcw - ok
19:13:00.0650 12884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:13:00.0665 12884 PEAUTH - ok
19:13:00.0712 12884 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
19:13:00.0728 12884 Point64 - ok
19:13:00.0743 12884 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:13:00.0743 12884 PptpMiniport - ok
19:13:00.0759 12884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:13:00.0759 12884 Processor - ok
19:13:00.0775 12884 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:13:00.0775 12884 Psched - ok
19:13:00.0821 12884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:13:00.0821 12884 ql2300 - ok
19:13:00.0837 12884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:13:00.0837 12884 ql40xx - ok
19:13:00.0853 12884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:13:00.0853 12884 QWAVEdrv - ok
19:13:00.0868 12884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:13:00.0868 12884 RasAcd - ok
19:13:00.0884 12884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:13:00.0899 12884 RasAgileVpn - ok
19:13:00.0915 12884 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:13:00.0915 12884 Rasl2tp - ok
19:13:00.0946 12884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:13:00.0946 12884 RasPppoe - ok
19:13:00.0962 12884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:13:00.0962 12884 RasSstp - ok
19:13:00.0977 12884 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:13:00.0977 12884 rdbss - ok
19:13:00.0993 12884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:13:00.0993 12884 rdpbus - ok
19:13:01.0009 12884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:13:01.0009 12884 RDPCDD - ok
19:13:01.0024 12884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:13:01.0024 12884 RDPENCDD - ok
19:13:01.0040 12884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:13:01.0055 12884 RDPREFMP - ok
19:13:01.0071 12884 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:13:01.0071 12884 RDPWD - ok
19:13:01.0087 12884 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:13:01.0102 12884 rdyboost - ok
19:13:01.0133 12884 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:13:01.0133 12884 RimUsb - ok
19:13:01.0165 12884 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
19:13:01.0165 12884 RimVSerPort - ok
19:13:01.0180 12884 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
19:13:01.0180 12884 ROOTMODEM - ok
19:13:01.0211 12884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:13:01.0211 12884 rspndr - ok
19:13:01.0243 12884 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:13:01.0243 12884 RTL8167 - ok
19:13:01.0305 12884 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
19:13:01.0305 12884 SASDIFSV - ok
19:13:01.0321 12884 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
19:13:01.0321 12884 SASENUM - ok
19:13:01.0336 12884 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS
19:13:01.0336 12884 SASKUTIL - ok
19:13:01.0367 12884 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:13:01.0367 12884 sbp2port - ok
19:13:01.0399 12884 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:13:01.0399 12884 scfilter - ok
19:13:01.0414 12884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:13:01.0414 12884 secdrv - ok
19:13:01.0430 12884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:13:01.0430 12884 Serenum - ok
19:13:01.0445 12884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:13:01.0461 12884 Serial - ok
19:13:01.0477 12884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:13:01.0477 12884 sermouse - ok
19:13:01.0492 12884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:13:01.0492 12884 sffdisk - ok
19:13:01.0508 12884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:13:01.0508 12884 sffp_mmc - ok
19:13:01.0523 12884 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:13:01.0523 12884 sffp_sd - ok
19:13:01.0539 12884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:13:01.0539 12884 sfloppy - ok
19:13:01.0586 12884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:13:01.0586 12884 SiSRaid2 - ok
19:13:01.0601 12884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:13:01.0601 12884 SiSRaid4 - ok
19:13:01.0617 12884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:13:01.0617 12884 Smb - ok
19:13:01.0633 12884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:13:01.0633 12884 spldr - ok
19:13:01.0664 12884 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:13:01.0679 12884 srv - ok
19:13:01.0695 12884 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:13:01.0695 12884 srv2 - ok
19:13:01.0726 12884 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:13:01.0726 12884 srvnet - ok
19:13:01.0773 12884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:13:01.0773 12884 stexstor - ok
19:13:01.0804 12884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:13:01.0804 12884 swenum - ok
19:13:01.0867 12884 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:13:01.0867 12884 Tcpip - ok
19:13:01.0898 12884 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:13:01.0913 12884 TCPIP6 - ok
19:13:01.0913 12884 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:13:01.0913 12884 tcpipreg - ok
19:13:01.0929 12884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:13:01.0945 12884 TDPIPE - ok
19:13:01.0945 12884 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:13:01.0945 12884 TDTCP - ok
19:13:01.0960 12884 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:13:01.0960 12884 tdx - ok
19:13:01.0960 12884 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:13:01.0960 12884 TermDD - ok
19:13:01.0991 12884 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:13:01.0991 12884 tssecsrv - ok
19:13:02.0007 12884 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:13:02.0007 12884 tunnel - ok
19:13:02.0023 12884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:13:02.0023 12884 uagp35 - ok
19:13:02.0038 12884 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:13:02.0038 12884 udfs - ok
19:13:02.0069 12884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:13:02.0069 12884 uliagpkx - ok
19:13:02.0101 12884 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:13:02.0101 12884 umbus - ok
19:13:02.0116 12884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:13:02.0132 12884 UmPass - ok
19:13:02.0163 12884 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:13:02.0163 12884 USBAAPL64 - ok
19:13:02.0179 12884 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
19:13:02.0179 12884 usbccgp - ok
19:13:02.0210 12884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:13:02.0210 12884 usbcir - ok
19:13:02.0210 12884 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
19:13:02.0210 12884 usbehci - ok
19:13:02.0241 12884 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
19:13:02.0241 12884 usbhub - ok
19:13:02.0257 12884 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
19:13:02.0257 12884 usbohci - ok
19:13:02.0257 12884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:13:02.0257 12884 usbprint - ok
19:13:02.0272 12884 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:13:02.0272 12884 USBSTOR - ok
19:13:02.0288 12884 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:13:02.0288 12884 usbuhci - ok
19:13:02.0319 12884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:13:02.0319 12884 vdrvroot - ok
19:13:02.0319 12884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:13:02.0319 12884 vga - ok
19:13:02.0335 12884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:13:02.0335 12884 VgaSave - ok
19:13:02.0350 12884 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:13:02.0350 12884 vhdmp - ok
19:13:02.0366 12884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:13:02.0381 12884 viaide - ok
19:13:02.0381 12884 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:13:02.0397 12884 volmgr - ok
19:13:02.0413 12884 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:13:02.0413 12884 volmgrx - ok
19:13:02.0428 12884 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:13:02.0428 12884 volsnap - ok
19:13:02.0444 12884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:13:02.0459 12884 vsmraid - ok
19:13:02.0475 12884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:13:02.0475 12884 vwifibus - ok
19:13:02.0491 12884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:13:02.0491 12884 WacomPen - ok
19:13:02.0522 12884 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:13:02.0522 12884 WANARP - ok
19:13:02.0522 12884 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:13:02.0522 12884 Wanarpv6 - ok
19:13:02.0537 12884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:13:02.0537 12884 Wd - ok
19:13:02.0569 12884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:13:02.0569 12884 Wdf01000 - ok
19:13:02.0600 12884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:13:02.0600 12884 WfpLwf - ok
19:13:02.0615 12884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:13:02.0615 12884 WIMMount - ok
19:13:02.0678 12884 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
19:13:02.0678 12884 WinUsb - ok
19:13:02.0693 12884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:13:02.0693 12884 WmiAcpi - ok
19:13:02.0756 12884 WRkrn (cb220fcf67a7c469af85126fd70ccccb) C:\Windows\system32\drivers\WRkrn.sys
19:13:02.0756 12884 WRkrn - ok
19:13:02.0787 12884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:13:02.0787 12884 ws2ifsl - ok
19:13:02.0834 12884 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:13:02.0834 12884 WudfPf - ok
19:13:02.0849 12884 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:13:02.0849 12884 WUDFRd - ok
19:13:02.0881 12884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:13:02.0881 12884 \Device\Harddisk0\DR0 - ok
19:13:02.0896 12884 Boot (0x1200) (5169dcd1385ac40ba0f38ca77f7d21bd) \Device\Harddisk0\DR0\Partition0
19:13:02.0896 12884 \Device\Harddisk0\DR0\Partition0 - ok
19:13:02.0896 12884 Boot (0x1200) (640ee38b85ece4c93a3e38ba564b7fc0) \Device\Harddisk0\DR0\Partition1
19:13:02.0896 12884 \Device\Harddisk0\DR0\Partition1 - ok
19:13:02.0896 12884 ============================================================
19:13:02.0896 12884 Scan finished
19:13:02.0896 12884 ============================================================
19:13:02.0912 1360 Detected object count: 0
19:13:02.0912 1360 Actual detected object count: 0
19:13:19.0042 6524 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 23 December 2011 - 08:59 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Gonzowerke

Gonzowerke
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 23 December 2011 - 09:59 AM

Gringo,

Here is the log.

Chris


aswMBR version 0.9.9.1116 Copyright© 2011 AVAST Software
Run date: 2011-12-23 09:40:46
-----------------------------
09:40:46.136 OS Version: Windows x64 6.1.7600
09:40:46.136 Number of processors: 4 586 0x502
09:40:46.136 ComputerName: HAL-9000 UserName:
09:40:47.493 Initialize success
09:41:53.327 AVAST engine defs: 11122300
09:41:56.697 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
09:41:56.697 Disk 0 Vendor: SAMSUNG_HD754JJ 1AJ10001 Size: 715404MB BusType: 3
09:41:58.725 Disk 0 MBR read successfully
09:41:58.725 Disk 0 MBR scan
09:41:58.740 Disk 0 Windows 7 default MBR code
09:41:58.756 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:41:58.772 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
09:41:58.787 Service scanning
09:41:59.536 Service WRkrn C:\Windows\System32\drivers\WRkrn.sys **LOCKED** 32
09:42:00.051 Modules scanning
09:42:00.051 Disk 0 trace - called modules:
09:42:00.066 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
09:42:00.082 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a5a060]
09:42:00.082 3 CLASSPNP.SYS[fffff8800190343f] -> nt!IofCallDriver -> [0xfffffa8004419520]
09:42:00.082 5 ACPI.sys[fffff88000e6f781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004415680]
09:42:01.377 AVAST engine scan C:\Windows
09:42:04.871 AVAST engine scan C:\Windows\system32
09:43:26.506 AVAST engine scan C:\Windows\system32\drivers
09:43:34.337 AVAST engine scan C:\Users\The Gagnons
09:49:00.019 AVAST engine scan C:\ProgramData
09:49:39.877 Scan finished successfully
09:56:55.633 Disk 0 MBR has been saved successfully to "C:\Users\The Gagnons\Desktop\MBR.dat"
09:56:55.633 The log file has been saved successfully to "C:\Users\The Gagnons\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 23 December 2011 - 10:24 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Gonzowerke

Gonzowerke
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 23 December 2011 - 12:01 PM

Gringo,

Here is the new log.

Thanks again!


Chris

OTL logfile created on: 12/23/2011 11:22:37 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\The Gagnons\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 57.63% Memory free
8.00 Gb Paging File | 5.83 Gb Available in Paging File | 72.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 462.33 Gb Free Space | 66.19% Space Free | Partition Type: NTFS
Drive D: | 6.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HAL-9000 | User Name: The Gagnons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\The Gagnons\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Webroot\WRSA.exe (Webroot)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\The Gagnons\AppData\Local\Temp\~CFC0.tmp ()
MOD - C:\Users\The Gagnons\AppData\Local\Temp\~CDBC.tmp ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Users\The Gagnons\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
MOD - C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll ()
MOD - C:\Program Files\Verizon V CAST Media Manager\libexpat.dll ()
MOD - C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll ()
MOD - C:\Users\The Gagnons\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll ()
MOD - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WRSVC) -- C:\Program Files\Webroot\WRSA.exe (Webroot)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (lxbl_device) -- C:\Windows\SysNative\lxblcoms.exe ( )
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (avgfws9) -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (lxbl_device) -- C:\Windows\SysWow64\lxblcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (WRkrn) -- C:\Windows\SysNative\drivers\WRkrn.sys (Webroot)
DRV:64bit: - (hitmanpro35) -- C:\Windows\SysNative\drivers\hitmanpro35.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSErHrw7a) -- C:\Windows\SysNative\drivers\AVGIDSwa.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AvgRkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (AVGIDSDriverw7a) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterw7a) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3670261082-2514615973-3324030379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.yahoo.com
IE - HKU\S-1-5-21-3670261082-2514615973-3324030379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3670261082-2514615973-3324030379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 CE A1 1A 3E CD CA 01 [binary data]
IE - HKU\S-1-5-21-3670261082-2514615973-3324030379-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3670261082-2514615973-3324030379-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3670261082-2514615973-3324030379-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.003
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\The Gagnons\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/04/21 22:28:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/10 12:25:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/22 19:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/13 23:24:11 | 000,000,000 | ---D | M]

[2010/03/26 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Gagnons\AppData\Roaming\Mozilla\Extensions
[2010/09/25 17:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Gagnons\AppData\Roaming\Mozilla\Firefox\Profiles\7xvmknnd.default\extensions
[2011/12/22 19:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/22 19:21:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 12:03:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 14:49:31 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/19 21:02:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3670261082-2514615973-3324030379-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\S-1-5-21-3670261082-2514615973-3324030379-1001..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKU\S-1-5-21-3670261082-2514615973-3324030379-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3670261082-2514615973-3324030379-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3670261082-2514615973-3324030379-1001..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3670261082-2514615973-3324030379-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3670261082-2514615973-3324030379-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92620506-DFF0-4BF9-9F04-8B7B240AB474}: DhcpNameServer = 68.87.73.246 68.87.71.230
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2011/12/23 10:54:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\The Gagnons\Desktop\OTL.exe
[2011/12/23 09:39:33 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Users\The Gagnons\Desktop\aswMBR.exe
[2011/12/22 07:18:55 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\The Gagnons\Desktop\tdsskiller.exe
[2011/12/19 21:18:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/19 21:10:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/19 20:54:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/19 20:54:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/19 20:54:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/19 20:54:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/19 20:53:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/19 20:49:28 | 004,345,296 | R--- | C] (Swearware) -- C:\Users\The Gagnons\Desktop\ComboFix.exe
[2011/12/15 18:34:03 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/12/15 18:34:02 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/12/15 18:34:02 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/12/15 18:34:02 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/12/15 18:34:01 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/12/15 18:34:01 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/12/15 18:34:01 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/12/15 18:34:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/12/15 18:34:01 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/12/15 18:34:01 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/12/15 18:34:01 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/12/15 18:34:01 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/12/15 18:34:01 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/12/15 18:33:48 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/15 18:33:47 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/15 18:33:47 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/15 18:33:47 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/15 18:33:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/15 18:33:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/15 18:33:46 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/15 18:33:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/15 18:33:46 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/15 18:33:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/15 18:33:46 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/15 18:33:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/15 18:33:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/15 18:33:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/15 18:33:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/15 18:33:40 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/12/15 18:33:40 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/12/15 18:33:40 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/12/15 18:33:40 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/12/15 18:33:40 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/12/15 18:33:40 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/12/15 18:33:37 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/12/15 18:33:37 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/12/15 18:33:35 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/12/15 18:33:35 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/12/15 18:33:34 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/12/15 18:33:33 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/12/15 18:33:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/12/15 18:33:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/12/15 18:33:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/12/15 18:33:31 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/12/15 18:33:30 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/12/15 18:33:28 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/12/15 18:33:28 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/12/15 18:33:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/12/15 18:33:28 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/12/15 18:33:28 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/12/15 18:33:28 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/12/15 18:33:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/12/15 18:33:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/12/15 18:33:27 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/12/15 18:33:16 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/12/15 18:33:15 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/12/15 18:33:15 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/12/15 18:33:15 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/12/15 18:33:15 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/12/15 18:33:14 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/12/15 18:33:13 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/12/15 18:33:13 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/12/15 18:33:13 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/12/15 18:33:13 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/12/15 18:33:13 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/12/15 18:33:13 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/12/15 18:33:13 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/12/15 18:33:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/12/15 18:33:13 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/12/15 18:33:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/12/15 18:33:09 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/12/15 18:33:09 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/12/15 18:33:08 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/12/15 18:33:08 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/12/15 18:33:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/12/15 18:33:08 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/12/15 18:33:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/12/15 18:33:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/12/15 18:33:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/12/15 18:33:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/12/15 18:33:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/12/15 18:33:08 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/12/15 18:33:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/12/15 18:33:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/12/15 18:33:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/12/15 18:33:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/15 18:33:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/15 18:33:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/15 18:33:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/15 18:33:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/12/15 18:33:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/12/15 18:33:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/12/15 18:33:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/15 18:33:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/15 18:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/15 18:33:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/12/15 18:33:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/15 18:33:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/15 18:33:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/12/15 18:33:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/12/15 18:33:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/15 18:33:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/12/15 18:33:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/15 18:33:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/12/15 18:33:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/12/15 18:33:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/15 18:33:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/15 18:33:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/12/15 18:33:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/12/15 18:33:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/12/15 18:33:06 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/12/15 18:32:58 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/12/15 18:32:58 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/12/15 18:32:58 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/12/15 18:32:58 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/12/15 18:32:58 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/12/15 18:32:58 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/12/15 18:32:58 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/12/15 18:32:58 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/12/15 18:32:58 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/12/15 18:32:58 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/12/15 18:32:57 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/12/15 18:32:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/12/15 18:32:57 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/12/15 18:32:57 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/12/15 18:32:57 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/12/15 18:32:57 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/12/15 18:32:57 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/12/15 18:32:56 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/12/15 18:32:56 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/12/15 18:32:55 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/15 18:32:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/15 18:32:55 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/12/15 18:32:54 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/12/15 18:32:54 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/12/15 18:32:54 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/12/15 18:32:53 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/12/15 18:32:53 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/12/15 18:32:52 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/12/15 18:32:49 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/12/15 18:32:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/12/15 18:32:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/12/15 18:32:47 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/12/15 18:32:47 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/12/15 18:32:47 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/12/15 18:32:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/12/15 18:32:46 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/12/15 18:32:45 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/12/15 18:32:45 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/12/15 18:32:45 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/12/15 18:32:44 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/15 18:32:44 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/15 18:32:44 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/12/15 18:32:44 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/12/15 18:32:43 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/12/15 18:32:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/12/15 18:32:42 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/12/15 18:32:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/12/15 18:32:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/15 18:32:38 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/12/15 18:32:38 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/12/15 18:32:36 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/12/15 18:26:56 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/12/15 18:26:56 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/12/15 18:26:21 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/12/15 18:26:20 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/12/15 18:26:20 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/12/14 18:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/14 18:17:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/14 18:17:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/14 18:17:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/11 20:08:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\The Gagnons\Desktop\dds.scr
[2011/12/11 11:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/11 11:29:05 | 000,000,000 | ---D | C] -- C:\Users\The Gagnons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/10 18:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/12/10 18:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/12/10 18:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/12/10 18:26:15 | 000,141,272 | ---- | C] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2011/12/10 18:26:15 | 000,091,832 | ---- | C] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2011/12/10 18:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
[2011/12/10 18:26:14 | 000,108,896 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2011/12/10 18:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/12/10 18:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2011/12/09 02:10:28 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/08 00:02:34 | 000,000,000 | ---D | C] -- C:\Users\The Gagnons\AppData\Roaming\Unity
[2011/12/07 23:16:17 | 000,000,000 | ---D | C] -- C:\Users\The Gagnons\AppData\Local\Unity
[2011/12/02 13:20:32 | 000,000,000 | ---D | C] -- C:\Users\The Gagnons\AppData\Local\AMD
[2011/12/02 13:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/12/02 13:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/12/02 13:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/12/02 13:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/12/02 13:19:41 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2011/12/02 11:56:29 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/12/02 11:56:29 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/12/02 11:56:29 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011/12/02 11:56:29 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/12/02 11:56:29 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011/12/02 11:56:29 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/12/02 11:56:29 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/12/02 11:56:28 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011/12/02 11:56:28 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/12/02 11:56:28 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011/12/02 11:56:28 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011/12/02 11:56:27 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011/12/02 11:56:27 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/12/02 11:56:27 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/12/02 11:56:27 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/12/02 11:56:27 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011/12/02 11:56:27 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011/12/02 11:56:27 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/12/02 11:56:27 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/12/02 11:56:27 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/12/02 11:56:27 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/12/02 11:56:25 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/12/02 11:56:25 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011/12/02 11:56:25 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011/12/02 11:56:25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011/12/02 11:56:24 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/12/02 11:56:24 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/12/02 11:56:24 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011/12/02 11:56:24 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/12/02 11:56:24 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/12/02 11:56:24 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011/12/02 11:56:24 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/12/02 11:56:24 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/12/02 11:56:23 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011/12/02 11:56:23 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/12/02 11:56:23 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/12/02 11:56:23 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/12/02 11:56:23 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011/12/02 11:56:23 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011/12/02 11:56:23 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/12/02 11:56:23 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/12/02 11:56:23 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/12/02 11:56:23 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/12/02 11:56:22 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011/12/02 11:56:22 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/12/02 11:56:22 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/12/02 11:56:22 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/12/02 11:56:22 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011/12/02 11:56:22 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011/12/02 11:56:22 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/12/02 11:56:22 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/12/02 11:56:22 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/12/02 11:56:22 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/11/09 18:48:32 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/11/09 18:48:32 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/11/09 18:48:32 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/11/09 18:48:31 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/11/09 18:48:31 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/11/08 20:43:52 | 000,000,000 | ---D | C] -- C:\Users\The Gagnons\Desktop\File Splitter
[2011/11/08 20:42:32 | 000,000,000 | ---D | C] -- C:\Users\The Gagnons\AppData\Roaming\WinRAR
[2011/11/08 20:42:32 | 000,000,000 | ---D | C] -- C:\Users\The Gagnons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/11/08 20:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/11/08 20:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/11/08 12:22:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/11/08 12:22:01 | 000,000,000 | ---D | C] -- C:\Users\The Gagnons\AppData\Local\Fallout3
[2011/11/08 12:21:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011/11/08 12:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011/11/08 12:21:14 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011/11/08 12:21:14 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/11/08 12:21:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/11/08 12:21:14 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011/11/08 12:21:14 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/11/08 12:21:14 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/11/08 12:21:14 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/11/08 12:21:14 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/11/08 12:21:13 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011/11/08 12:21:13 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/11/08 12:21:12 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011/11/08 12:21:12 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/11/08 12:21:12 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/11/08 12:21:12 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/11/08 12:21:12 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011/11/08 12:21:12 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/11/08 12:21:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/11/08 12:21:12 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011/11/08 12:21:12 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/11/08 12:21:12 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/11/08 12:21:11 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/11/08 12:21:11 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/11/08 12:21:11 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011/11/08 12:21:11 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/11/08 12:21:11 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011/11/08 12:21:11 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/11/08 12:21:10 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011/11/08 12:21:10 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/11/08 12:21:10 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/11/08 12:21:10 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/11/08 12:21:10 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011/11/08 12:21:10 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/11/08 12:21:10 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011/11/08 12:21:10 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/11/08 12:21:09 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011/11/08 12:21:09 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/11/08 12:21:09 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/11/08 12:21:09 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/11/08 12:21:09 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011/11/08 12:21:09 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/11/08 12:21:09 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011/11/08 12:21:09 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/11/08 12:21:09 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/11/08 12:21:09 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/11/08 12:21:08 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011/11/08 12:21:08 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/11/08 12:21:08 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/11/08 12:21:08 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/11/08 12:21:08 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011/11/08 12:21:08 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/11/08 12:21:08 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011/11/08 12:21:08 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/11/08 12:21:07 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011/11/08 12:21:07 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/11/08 12:21:06 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/11/08 12:21:06 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/11/08 12:21:06 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011/11/08 12:21:06 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/11/08 12:21:06 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011/11/08 12:21:06 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011/11/08 12:21:06 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011/11/08 12:21:06 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/11/08 12:21:06 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/11/08 12:21:06 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/11/08 12:21:06 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/11/08 12:21:06 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/11/08 12:21:05 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011/11/08 12:21:05 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/11/08 12:21:05 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011/11/08 12:21:05 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/11/08 12:21:05 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/11/08 12:21:05 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/11/08 12:21:05 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011/11/08 12:21:05 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/11/08 12:21:05 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/11/08 12:21:05 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/11/08 12:21:04 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/11/08 12:21:04 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/11/08 12:21:02 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011/11/08 12:21:02 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/11/08 12:21:01 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/11/08 12:21:01 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/11/08 12:21:01 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/11/08 12:21:01 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/11/08 12:21:01 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/11/08 12:21:01 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/11/08 12:21:00 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/11/08 12:21:00 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/11/08 12:21:00 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/11/08 12:21:00 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/11/08 12:20:59 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/11/08 12:20:59 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/11/08 12:20:59 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/11/08 12:20:59 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/11/08 12:20:59 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/11/08 12:20:59 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/11/08 09:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2011/11/08 09:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola
[2011/10/25 22:05:10 | 010,496,512 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2011/10/25 21:21:24 | 016,991,744 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2011/10/25 21:20:42 | 013,950,464 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2011/10/25 21:19:56 | 000,051,200 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/25 21:19:50 | 000,044,032 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/25 21:16:06 | 024,866,816 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2011/10/25 21:06:10 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2011/10/25 21:05:58 | 000,748,544 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2011/10/25 21:01:46 | 000,466,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011/10/25 21:01:36 | 000,517,120 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011/10/25 21:00:58 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011/10/25 20:59:48 | 018,757,120 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2011/10/25 20:59:44 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011/10/25 20:59:22 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2011/10/25 20:59:16 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2011/10/25 20:59:04 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2011/10/25 20:58:58 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/10/25 20:58:54 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2011/10/25 20:58:48 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2011/10/25 20:55:48 | 004,292,096 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2011/10/25 20:43:48 | 001,113,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2011/10/25 20:43:24 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2011/10/25 20:43:12 | 004,044,288 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2011/10/25 20:38:32 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2011/10/25 20:38:30 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2011/10/25 20:38:20 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2011/10/25 20:38:18 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2011/10/25 20:38:08 | 009,978,880 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2011/10/25 20:35:38 | 004,353,536 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2011/10/25 20:34:56 | 008,449,024 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2011/10/25 20:32:30 | 004,189,184 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2011/10/25 20:29:32 | 005,510,144 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2011/10/25 20:22:38 | 000,486,912 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2011/10/25 20:22:30 | 000,339,968 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2011/10/25 20:22:20 | 000,017,408 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2011/10/25 20:22:16 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2011/10/25 20:22:16 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2011/10/25 20:22:12 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2011/10/25 20:22:06 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2011/10/25 20:21:58 | 000,326,656 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2011/10/25 20:21:06 | 000,031,744 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2011/10/25 20:21:00 | 000,038,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2011/10/25 20:20:52 | 000,029,184 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2011/10/25 20:20:20 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2011/10/25 20:16:06 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2011/10/25 20:16:06 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2011/10/25 20:15:58 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2011/10/25 20:15:58 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2010/04/18 11:35:27 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblserv.dll
[2010/04/18 11:35:27 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblusb1.dll
[2010/04/18 11:35:27 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblhbn3.dll
[2010/04/18 11:35:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcomc.dll
[2010/04/18 11:35:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblpmui.dll
[2010/04/18 11:35:27 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbllmpm.dll
[2010/04/18 11:35:27 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcoms.exe
[2010/04/18 11:35:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcomm.dll
[2010/04/18 11:35:27 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblinpa.dll
[2010/04/18 11:35:27 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbliesc.dll
[2010/04/18 11:35:27 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblih.exe
[2010/04/18 11:35:27 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcfg.exe
[2010/04/18 11:35:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblppls.exe
[2010/04/18 11:35:27 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblprox.dll
[2010/04/18 11:35:27 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblpplc.dll

========== Files - Modified Within 60 Days ==========

[2011/12/23 10:54:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Gagnons\Desktop\OTL.exe
[2011/12/23 10:14:13 | 000,000,130 | ---- | M] () -- C:\Users\The Gagnons\AppData\Roaming\default.rss
[2011/12/23 10:03:05 | 000,054,725 | ---- | M] () -- C:\Users\The Gagnons\Desktop\funny-celebrity-pictures-its-funny-because-its-true.jpg
[2011/12/23 09:56:55 | 000,000,512 | ---- | M] () -- C:\Users\The Gagnons\Desktop\MBR.dat
[2011/12/23 09:39:38 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Users\The Gagnons\Desktop\aswMBR.exe
[2011/12/22 21:50:10 | 000,015,223 | ---- | M] () -- C:\Users\The Gagnons\Desktop\_57518002_013568882-2.jpg
[2011/12/22 20:20:29 | 000,105,568 | ---- | M] () -- C:\Users\The Gagnons\Desktop\crazy-parenting-fails-cut-the-middle-man-woman-person.jpg
[2011/12/22 19:21:10 | 000,002,056 | ---- | M] () -- C:\Users\The Gagnons\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/22 19:12:17 | 001,558,059 | ---- | M] () -- C:\Users\The Gagnons\Desktop\tdsskiller.zip
[2011/12/22 18:34:54 | 000,044,424 | ---- | M] () -- C:\Users\The Gagnons\Desktop\funny-pictures-this-is-what-peepers-lookedlike-when-someone-finally-said-no.jpg
[2011/12/22 18:30:54 | 000,630,234 | ---- | M] () -- C:\Users\The Gagnons\Desktop\the engine that never grew up. sketch of bike.1.jpg
[2011/12/22 13:52:46 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 13:52:46 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 07:53:54 | 000,023,721 | ---- | M] () -- C:\Users\The Gagnons\Desktop\3445380998_a966f009ff_o.jpg
[2011/12/22 07:18:56 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\The Gagnons\Desktop\tdsskiller.exe
[2011/12/21 21:20:49 | 000,002,001 | ---- | M] () -- C:\Users\The Gagnons\Desktop\emot-05.gif
[2011/12/21 20:28:59 | 000,066,377 | ---- | M] () -- C:\Users\The Gagnons\Desktop\funny-pictures-something-amiss.jpg
[2011/12/21 20:13:44 | 000,061,710 | ---- | M] () -- C:\Users\The Gagnons\Desktop\truman-kicks-gop-ass.jpg
[2011/12/21 11:45:34 | 000,030,335 | ---- | M] () -- C:\Users\The Gagnons\Desktop\Chris Gagnon resume1.1.rtf
[2011/12/21 10:42:47 | 000,037,949 | ---- | M] () -- C:\Users\The Gagnons\Desktop\Chris Gagnon resume1.0.rtf
[2011/12/21 10:41:43 | 000,037,949 | ---- | M] () -- C:\Users\The Gagnons\Desktop\Chris Gagnon resume2.1.rtf
[2011/12/20 21:48:43 | 000,491,079 | ---- | M] () -- C:\Users\The Gagnons\Desktop\velobanjogentEx Woods Dog Kennel 350, july 1973-3.jpg
[2011/12/20 20:27:32 | 000,054,400 | ---- | M] () -- C:\Users\The Gagnons\Desktop\epic-fail-at-least-theyre-not-asking-for-a-taste-fail.jpg
[2011/12/19 21:35:03 | 000,045,340 | ---- | M] () -- C:\Users\The Gagnons\Desktop\demotivational-posters-reincarnation.jpg
[2011/12/19 21:33:50 | 000,045,359 | ---- | M] () -- C:\Users\The Gagnons\Desktop\demotivational-posters-a-bloodbath.jpg
[2011/12/19 21:22:03 | 006,018,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/19 21:22:03 | 001,927,526 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/19 21:22:03 | 000,005,176 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/19 21:17:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/19 21:17:33 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 21:02:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/19 20:49:29 | 004,345,296 | R--- | M] (Swearware) -- C:\Users\The Gagnons\Desktop\ComboFix.exe
[2011/12/18 17:11:45 | 000,000,000 | ---- | M] () -- C:\Users\The Gagnons\defogger_reenable
[2011/12/18 17:11:10 | 000,050,477 | ---- | M] () -- C:\Users\The Gagnons\Desktop\Defogger.exe
[2011/12/18 14:24:06 | 000,333,159 | ---- | M] () -- C:\Users\The Gagnons\Desktop\D228.1237238.pdf
[2011/12/18 11:16:29 | 370,176,113 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/17 13:11:30 | 000,090,318 | ---- | M] () -- C:\Users\The Gagnons\Desktop\sci-fi-fantasy-the-sound-of-awesome-squared.jpg
[2011/12/17 02:00:26 | 000,056,166 | ---- | M] () -- C:\Users\The Gagnons\Desktop\crazy-parenting-fails-but-mary-was-convinced-to-the-contrary.jpg
[2011/12/17 01:54:46 | 000,026,125 | ---- | M] () -- C:\Users\The Gagnons\Desktop\crazy-parenting-fails-we-have-the-murder-on-film.jpg
[2011/12/17 01:54:11 | 000,049,823 | ---- | M] () -- C:\Users\The Gagnons\Desktop\crazy-parenting-fails-your-poorly-drawn-representations-of-married-life-mean-nothing-to-us.jpg
[2011/12/17 01:53:07 | 000,062,107 | ---- | M] () -- C:\Users\The Gagnons\Desktop\crazy-parenting-fails-i-mean-its-out-already.jpg
[2011/12/17 01:46:12 | 000,004,260 | ---- | M] () -- C:\Users\The Gagnons\Desktop\b7735a26-0e2d-4629-9e04-88e0be902010.jpeg
[2011/12/17 01:42:33 | 000,212,294 | ---- | M] () -- C:\Users\The Gagnons\Desktop\big_GPMacau20113.jpg
[2011/12/16 19:01:03 | 000,069,166 | ---- | M] () -- C:\Users\The Gagnons\Desktop\demotivational-posters-sports-fans.jpg
[2011/12/16 03:01:58 | 000,058,618 | ---- | M] () -- C:\Users\The Gagnons\Desktop\dating-fails-jesus-envy-say-my-name-times.jpg
[2011/12/16 02:54:50 | 000,065,500 | ---- | M] () -- C:\Users\The Gagnons\Desktop\dating-fails-a-romantic-evening-in-cucumber-sexy-times.jpg
[2011/12/16 02:28:13 | 000,018,949 | ---- | M] () -- C:\Users\The Gagnons\Desktop\party-fails-weekend-party-hard-diaper-poop.jpg
[2011/12/16 01:52:57 | 000,083,705 | ---- | M] () -- C:\Users\The Gagnons\Desktop\31219e2a-a78a-403c-8823-218586e16371.jpg
[2011/12/15 19:21:35 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/15 19:20:16 | 000,288,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/15 11:20:05 | 000,141,272 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2011/12/15 11:20:05 | 000,108,896 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2011/12/15 11:20:05 | 000,091,832 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2011/12/13 23:24:11 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/13 22:07:16 | 000,701,539 | ---- | M] () -- C:\Users\The Gagnons\Desktop\snowflake-admiral_ackbar.pdf
[2011/12/13 22:06:54 | 000,831,980 | ---- | M] () -- C:\Users\The Gagnons\Desktop\snowflake-C3PO.pdf
[2011/12/13 22:05:55 | 000,701,407 | ---- | M] () -- C:\Users\The Gagnons\Desktop\snowflake-yoda.pdf
[2011/12/13 22:05:26 | 000,051,459 | ---- | M] () -- C:\Users\The Gagnons\Desktop\snowflake-vader.pdf
[2011/12/13 22:04:53 | 000,051,293 | ---- | M] () -- C:\Users\The Gagnons\Desktop\snowflake-stormtrooper.pdf
[2011/12/13 21:30:54 | 000,023,132 | ---- | M] () -- C:\Users\The Gagnons\Desktop\epic-fail-staffed-by-pedobear-fail.jpg
[2011/12/13 14:55:12 | 002,578,001 | ---- | M] () -- C:\Users\The Gagnons\Desktop\2011-12-13_13-55-12_478.jpg
[2011/12/13 13:58:16 | 002,612,698 | ---- | M] () -- C:\Users\The Gagnons\Desktop\2011-12-13_13-58-17_121.jpg
[2011/12/13 13:58:00 | 002,256,534 | ---- | M] () -- C:\Users\The Gagnons\Desktop\2011-12-13_13-58-00_948.jpg
[2011/12/13 13:57:40 | 002,247,762 | ---- | M] () -- C:\Users\The Gagnons\Desktop\2011-12-13_13-57-41_373.jpg
[2011/12/12 23:27:10 | 000,037,261 | ---- | M] () -- C:\Users\The Gagnons\Desktop\551e979f-abf6-4518-9e9a-e5345acb237b.jpg
[2011/12/11 20:08:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\The Gagnons\Desktop\dds.scr
[2011/12/11 11:29:05 | 000,003,003 | ---- | M] () -- C:\Users\The Gagnons\Desktop\HiJackThis.lnk
[2011/12/10 20:02:52 | 000,057,252 | ---- | M] () -- C:\Users\The Gagnons\Desktop\sci-fi-fantasy-how-awesome-am-i.jpg
[2011/12/10 18:39:07 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/10 18:36:48 | 000,001,014 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2011/12/10 18:32:25 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/12/09 14:27:00 | 000,000,112 | ---- | M] () -- C:\ProgramData\p4uyu1Q.dat
[2011/12/09 14:27:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\CCQ51H1.com.b
[2011/11/11 01:41:43 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/11/11 00:50:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/11/10 12:26:13 | 290,619,392 | ---- | M] () -- C:\BMW S1000RR Service Manual 1st Edition 06-2010.iso
[2011/11/10 05:54:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/10 05:54:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/10 05:54:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/10 05:54:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/09 18:49:31 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2011/11/09 09:09:00 | 000,039,955 | ---- | M] () -- C:\Users\The Gagnons\Desktop\bmw-1298268059.jpg
[2011/11/05 00:26:28 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/11/05 00:23:43 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/11/05 00:23:41 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/11/05 00:23:10 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/11/05 00:22:40 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/11/05 00:19:56 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/11/04 23:35:47 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/11/04 23:34:40 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/11/04 23:34:15 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/11/04 23:34:00 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/11/04 23:32:00 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/11/04 23:07:32 | 000,482,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/11/04 22:28:41 | 000,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/11/02 09:40:56 | 000,037,960 | ---- | M] () -- C:\Users\The Gagnons\Desktop\Chris Gagnon resume.rtf
[2011/11/02 09:06:36 | 003,060,854 | ---- | M] () -- C:\Users\The Gagnons\Desktop\CRG_MARTCP.jpg
[2011/10/26 00:19:07 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/10/25 22:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2011/10/25 21:21:54 | 000,066,560 | ---- | M] () -- C:\Windows\SysNative\OpenVideo64.dll
[2011/10/25 21:21:48 | 000,056,832 | ---- | M] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/25 21:21:40 | 000,066,560 | ---- | M] () -- C:\Windows\SysNative\OVDecoder64.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | M] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/25 21:21:24 | 016,991,744 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2011/10/25 21:20:42 | 013,950,464 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2011/10/25 21:19:56 | 000,051,200 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/25 21:19:50 | 000,044,032 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/25 21:16:06 | 024,866,816 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2011/10/25 21:06:58 | 000,205,712 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2011/10/25 21:06:58 | 000,205,712 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2011/10/25 21:06:10 | 000,159,744 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2011/10/25 21:05:58 | 000,748,544 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2011/10/25 21:04:28 | 000,892,416 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2011/10/25 21:01:46 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011/10/25 21:01:36 | 000,517,120 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011/10/25 21:00:58 | 000,204,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011/10/25 20:59:48 | 018,757,120 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2011/10/25 20:59:44 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011/10/25 20:59:22 | 000,423,424 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2011/10/25 20:59:16 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2011/10/25 20:59:04 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2011/10/25 20:58:58 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/10/25 20:58:54 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2011/10/25 20:58:48 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2011/10/25 20:55:48 | 004,292,096 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2011/10/25 20:46:12 | 005,041,664 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2011/10/25 20:43:48 | 001,113,088 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2011/10/25 20:43:24 | 001,828,864 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2011/10/25 20:43:12 | 004,044,288 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2011/10/25 20:38:38 | 001,987,040 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/10/25 20:38:38 | 000,204,952 | ---- | M] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/10/25 20:38:38 | 000,204,952 | ---- | M] () -- C:\Windows\SysNative\ativvsvl.dat
[2011/10/25 20:38:38 | 000,157,144 | ---- | M] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/25 20:38:38 | 000,157,144 | ---- | M] () -- C:\Windows\SysNative\ativvsva.dat
[2011/10/25 20:38:32 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2011/10/25 20:38:30 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2011/10/25 20:38:20 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2011/10/25 20:38:18 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2011/10/25 20:38:08 | 009,978,880 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2011/10/25 20:35:38 | 004,353,536 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2011/10/25 20:34:56 | 008,449,024 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2011/10/25 20:32:30 | 004,189,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2011/10/25 20:31:36 | 001,988,768 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/10/25 20:29:32 | 005,510,144 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2011/10/25 20:29:24 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011/10/25 20:22:38 | 000,486,912 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2011/10/25 20:22:30 | 000,339,968 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2011/10/25 20:22:20 | 000,017,408 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2011/10/25 20:22:16 | 000,014,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2011/10/25 20:22:16 | 000,014,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2011/10/25 20:22:12 | 000,039,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2011/10/25 20:22:06 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2011/10/25 20:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2011/10/25 20:21:12 | 000,040,960 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2011/10/25 20:21:06 | 000,031,744 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2011/10/25 20:21:00 | 000,038,912 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2011/10/25 20:20:52 | 000,029,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2011/10/25 20:20:20 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2011/10/25 20:16:06 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2011/10/25 20:16:06 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2011/10/25 20:15:58 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2011/10/25 20:15:58 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2011/10/25 12:58:06 | 000,036,194 | ---- | M] () -- C:\Windows\atiogl.xml

========== Files Created - No Company Name ==========

[2011/12/23 10:03:03 | 000,054,725 | ---- | C] () -- C:\Users\The Gagnons\Desktop\funny-celebrity-pictures-its-funny-because-its-true.jpg
[2011/12/23 09:57:58 | 000,000,130 | ---- | C] () -- C:\Users\The Gagnons\AppData\Roaming\default.rss
[2011/12/23 09:56:55 | 000,000,512 | ---- | C] () -- C:\Users\The Gagnons\Desktop\MBR.dat
[2011/12/22 21:50:09 | 000,015,223 | ---- | C] () -- C:\Users\The Gagnons\Desktop\_57518002_013568882-2.jpg
[2011/12/22 20:20:27 | 000,105,568 | ---- | C] () -- C:\Users\The Gagnons\Desktop\crazy-parenting-fails-cut-the-middle-man-woman-person.jpg
[2011/12/22 19:12:16 | 001,558,059 | ---- | C] () -- C:\Users\The Gagnons\Desktop\tdsskiller.zip
[2011/12/22 18:34:53 | 000,044,424 | ---- | C] () -- C:\Users\The Gagnons\Desktop\funny-pictures-this-is-what-peepers-lookedlike-when-someone-finally-said-no.jpg
[2011/12/22 18:22:52 | 000,630,234 | ---- | C] () -- C:\Users\The Gagnons\Desktop\the engine that never grew up. sketch of bike.1.jpg
[2011/12/22 07:53:52 | 000,023,721 | ---- | C] () -- C:\Users\The Gagnons\Desktop\3445380998_a966f009ff_o.jpg
[2011/12/21 21:20:47 | 000,002,001 | ---- | C] () -- C:\Users\The Gagnons\Desktop\emot-05.gif
[2011/12/21 20:28:58 | 000,066,377 | ---- | C] () -- C:\Users\The Gagnons\Desktop\funny-pictures-something-amiss.jpg
[2011/12/21 20:13:43 | 000,061,710 | ---- | C] () -- C:\Users\The Gagnons\Desktop\truman-kicks-gop-ass.jpg
[2011/12/21 11:43:23 | 000,030,335 | ---- | C] () -- C:\Users\The Gagnons\Desktop\Chris Gagnon resume1.1.rtf
[2011/12/21 10:42:47 | 000,037,949 | ---- | C] () -- C:\Users\The Gagnons\Desktop\Chris Gagnon resume1.0.rtf
[2011/12/21 10:41:08 | 000,037,949 | ---- | C] () -- C:\Users\The Gagnons\Desktop\Chris Gagnon resume2.1.rtf
[2011/12/20 21:48:41 | 000,491,079 | ---- | C] () -- C:\Users\The Gagnons\Desktop\velobanjogentEx Woods Dog Kennel 350, july 1973-3.jpg
[2011/12/20 20:27:30 | 000,054,400 | ---- | C] () -- C:\Users\The Gagnons\Desktop\epic-fail-at-least-theyre-not-asking-for-a-taste-fail.jpg
[2011/12/19 21:35:02 | 000,045,340 | ---- | C] () -- C:\Users\The Gagnons\Desktop\demotivational-posters-reincarnation.jpg
[2011/12/19 21:33:49 | 000,045,359 | ---- | C] () -- C:\Users\The Gagnons\Desktop\demotivational-posters-a-bloodbath.jpg
[2011/12/19 20:54:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/19 20:54:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/19 20:54:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/19 20:54:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/19 20:54:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/18 17:11:45 | 000,000,000 | ---- | C] () -- C:\Users\The Gagnons\defogger_reenable
[2011/12/18 17:11:09 | 000,050,477 | ---- | C] () -- C:\Users\The Gagnons\Desktop\Defogger.exe
[2011/12/18 14:24:05 | 000,333,159 | ---- | C] () -- C:\Users\The Gagnons\Desktop\D228.1237238.pdf
[2011/12/17 13:11:28 | 000,090,318 | ---- | C] () -- C:\Users\The Gagnons\Desktop\sci-fi-fantasy-the-sound-of-awesome-squared.jpg
[2011/12/17 02:00:26 | 000,056,166 | ---- | C] () -- C:\Users\The Gagnons\Desktop\crazy-parenting-fails-but-mary-was-convinced-to-the-contrary.jpg
[2011/12/17 01:54:46 | 000,026,125 | ---- | C] () -- C:\Users\The Gagnons\Desktop\crazy-parenting-fails-we-have-the-murder-on-film.jpg
[2011/12/17 01:54:11 | 000,049,823 | ---- | C] () -- C:\Users\The Gagnons\Desktop\crazy-parenting-fails-your-poorly-drawn-representations-of-married-life-mean-nothing-to-us.jpg
[2011/12/17 01:53:06 | 000,062,107 | ---- | C] () -- C:\Users\The Gagnons\Desktop\crazy-parenting-fails-i-mean-its-out-already.jpg
[2011/12/17 01:46:12 | 000,004,260 | ---- | C] () -- C:\Users\The Gagnons\Desktop\b7735a26-0e2d-4629-9e04-88e0be902010.jpeg
[2011/12/17 01:42:31 | 000,212,294 | ---- | C] () -- C:\Users\The Gagnons\Desktop\big_GPMacau20113.jpg
[2011/12/16 19:01:01 | 000,069,166 | ---- | C] () -- C:\Users\The Gagnons\Desktop\demotivational-posters-sports-fans.jpg
[2011/12/16 03:01:57 | 000,058,618 | ---- | C] () -- C:\Users\The Gagnons\Desktop\dating-fails-jesus-envy-say-my-name-times.jpg
[2011/12/16 02:54:49 | 000,065,500 | ---- | C] () -- C:\Users\The Gagnons\Desktop\dating-fails-a-romantic-evening-in-cucumber-sexy-times.jpg
[2011/12/16 02:28:12 | 000,018,949 | ---- | C] () -- C:\Users\The Gagnons\Desktop\party-fails-weekend-party-hard-diaper-poop.jpg
[2011/12/16 01:52:55 | 000,083,705 | ---- | C] () -- C:\Users\The Gagnons\Desktop\31219e2a-a78a-403c-8823-218586e16371.jpg
[2011/12/13 23:24:11 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/13 22:07:16 | 000,701,539 | ---- | C] () -- C:\Users\The Gagnons\Desktop\snowflake-admiral_ackbar.pdf
[2011/12/13 22:06:54 | 000,831,980 | ---- | C] () -- C:\Users\The Gagnons\Desktop\snowflake-C3PO.pdf
[2011/12/13 22:05:55 | 000,701,407 | ---- | C] () -- C:\Users\The Gagnons\Desktop\snowflake-yoda.pdf
[2011/12/13 22:05:26 | 000,051,459 | ---- | C] () -- C:\Users\The Gagnons\Desktop\snowflake-vader.pdf
[2011/12/13 22:04:53 | 000,051,293 | ---- | C] () -- C:\Users\The Gagnons\Desktop\snowflake-stormtrooper.pdf
[2011/12/13 21:30:53 | 000,023,132 | ---- | C] () -- C:\Users\The Gagnons\Desktop\epic-fail-staffed-by-pedobear-fail.jpg
[2011/12/13 14:00:03 | 002,256,534 | ---- | C] () -- C:\Users\The Gagnons\Desktop\2011-12-13_13-58-00_948.jpg
[2011/12/13 14:00:02 | 002,247,762 | ---- | C] () -- C:\Users\The Gagnons\Desktop\2011-12-13_13-57-41_373.jpg
[2011/12/13 14:00:01 | 002,612,698 | ---- | C] () -- C:\Users\The Gagnons\Desktop\2011-12-13_13-58-17_121.jpg
[2011/12/13 14:00:01 | 002,578,001 | ---- | C] () -- C:\Users\The Gagnons\Desktop\2011-12-13_13-55-12_478.jpg
[2011/12/12 23:27:09 | 000,037,261 | ---- | C] () -- C:\Users\The Gagnons\Desktop\551e979f-abf6-4518-9e9a-e5345acb237b.jpg
[2011/12/11 11:29:05 | 000,003,003 | ---- | C] () -- C:\Users\The Gagnons\Desktop\HiJackThis.lnk
[2011/12/10 20:02:51 | 000,057,252 | ---- | C] () -- C:\Users\The Gagnons\Desktop\sci-fi-fantasy-how-awesome-am-i.jpg
[2011/12/10 18:36:48 | 000,001,014 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2011/12/10 18:32:25 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/10 18:32:25 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/12/09 14:27:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\CCQ51H1.com.b
[2011/12/09 14:25:28 | 000,000,112 | ---- | C] () -- C:\ProgramData\p4uyu1Q.dat
[2011/11/18 14:08:43 | 370,176,113 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/10 12:26:11 | 290,619,392 | ---- | C] () -- C:\BMW S1000RR Service Manual 1st Edition 06-2010.iso
[2011/11/09 18:49:31 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2011/11/09 09:08:43 | 000,039,955 | ---- | C] () -- C:\Users\The Gagnons\Desktop\bmw-1298268059.jpg
[2011/11/02 09:14:58 | 003,060,854 | ---- | C] () -- C:\Users\The Gagnons\Desktop\CRG_MARTCP.jpg
[2011/10/25 21:21:54 | 000,066,560 | ---- | C] () -- C:\Windows\SysNative\OpenVideo64.dll
[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/25 21:21:40 | 000,066,560 | ---- | C] () -- C:\Windows\SysNative\OVDecoder64.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/25 21:06:58 | 000,205,712 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2011/10/25 21:06:58 | 000,205,712 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2011/10/25 20:38:38 | 001,987,040 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/10/25 20:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/10/25 20:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2011/10/25 20:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/25 20:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2011/10/25 20:31:36 | 001,988,768 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/10/25 12:58:06 | 000,036,194 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/08 21:14:33 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/15 08:22:13 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/25 11:43:20 | 000,000,000 | ---- | C] () -- C:\Users\The Gagnons\AppData\Roaming\downloads.m3u
[2010/04/18 15:22:14 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat
[2010/04/18 15:21:58 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010/04/18 11:35:27 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxblcomx.dll
[2010/04/18 11:35:27 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBLinst.dll
[2010/03/28 18:02:11 | 000,065,536 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010/03/27 09:00:43 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/03/26 19:02:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/27 02:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 23 December 2011 - 06:20 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
    O18:64bit: - Protocol\Handler\cdo - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    MOD - C:\Users\The Gagnons\AppData\Local\Temp\~CFC0.tmp ()
    MOD - C:\Users\The Gagnons\AppData\Local\Temp\~CDBC.tmp ()
    [2011/12/09 02:10:28 | 000,000,000 | ---D | C] -- C:\Windows\system64  
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Gonzowerke

Gonzowerke
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 23 December 2011 - 10:04 PM

Gringo,

It crapped out with an error message that it could not create hosts, and it is just sitting there with "RESETTING HOSTS file, DO NOT INTERRUPT" at the bottom of the window.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 24 December 2011 - 11:59 AM

ok stop it and restart the computer and let me know how things are


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Gonzowerke

Gonzowerke
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 24 December 2011 - 06:16 PM

Gringo,

I did what you asked, and now I have a boat anchor. When it restarted, Startup repair popped up and failed, then shutdown the pc. Safe mode will not start with any options. I poked around in startup repair and found an error message that a critical boot file, ntoskrnl.exe was corrupt. Do I have any options now besides a complete re-install? I have alot of stuff I do not want to lose.

Thanks

Chris




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users