Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirects


  • This topic is locked This topic is locked
56 replies to this topic

#1 silvershadowstalker

silvershadowstalker

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 10 January 2012 - 07:24 PM

Started off redirecting my searches. I posted the problem here, and ran a Boot-scan from Avast, which found a few things in Java, but removed them. Avast was still alerting every so often, but I could still go online with my usual browser Firefox. Downloaded Malwarebytes and Superantispyware. All that was found was some tracking cookies. Then all of a sudden, Firefox crashes, and Malwarebytes and Avast started to go off about a malicious IP: 112.175.243.23 (The end 2 digits change back and forth) I tried starting FF and IE multiple times, and they crash as soon as they start, while Avast and Malwarebytes alert about them.

The only browser that works currently is Safari.

Edit Safari now no longer works as of when I closed it out.

Edit again: Firefox now works...

As I am running a 64-bit mode OS, I did not run Gmer.

Sorry if I wasn't clear, as I am a bit frustrated ^.^'''' Thanks in advance to anyone who can help me!




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Susan at 18:58:30 on 2012-01-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.921 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\SysWoW64\svchost.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Users\Susan\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\msdt.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [<NO NAME>]
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A24C0232-5717-4A6D-AEC2-797994F89920} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A24C0232-5717-4A6D-AEC2-797994F89920}\05E485D234F6D6075747562737 : DhcpNameServer = 192.168.2.1 192.168.1.1 192.168.2.1
TCP: Interfaces\{A24C0232-5717-4A6D-AEC2-797994F89920}\2656C6B696E6E2363616 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A24C0232-5717-4A6D-AEC2-797994F89920}\C696E6B6379737F5F475F54363132383 : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [(Default)]
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ehzy69ag.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-25 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-4 44768]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-1-4 127192]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-5-8 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-6-27 2375168]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-6 652872]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-1-4 6583160]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-1-4 528760]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-10 23:42:15 803 ----a-w- C:\ProgramData\gjopeaa.tmp
2012-01-10 23:19:00 803 ----a-w- C:\ProgramData\hjopeaa.tmp
2012-01-10 14:46:58 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C19D2D5-4144-45BE-9B11-102E603FE7EA}\offreg.dll
2012-01-10 14:46:56 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C19D2D5-4144-45BE-9B11-102E603FE7EA}\mpengine.dll
2012-01-08 00:38:16 -------- d-----w- C:\Users\Susan\AppData\Local\Diagnostics
2012-01-07 11:26:48 807 ----a-w- C:\ProgramData\umlhbaa.tmp
2012-01-07 01:57:09 857 ----a-w- C:\ProgramData\rkblbaa.tmp
2012-01-07 01:50:40 823 ----a-w- C:\ProgramData\tkblbaa.tmp
2012-01-07 01:46:34 842 ----a-w- C:\ProgramData\skblbaa.tmp
2012-01-07 01:06:52 -------- d-----w- C:\Users\Susan\AppData\Roaming\SUPERAntiSpyware.com
2012-01-07 01:06:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-07 01:06:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-01-06 23:12:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-06 16:48:00 841 ----a-w- C:\ProgramData\dbplbaa.tmp
2012-01-06 16:38:05 817 ----a-w- C:\ProgramData\ebplbaa.tmp
2012-01-05 01:46:37 860 ----a-w- C:\ProgramData\sjdxaaa.tmp
2012-01-05 01:02:34 -------- d-----w- C:\Users\Susan\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2012-01-05 01:01:45 -------- d-----w- C:\Users\Susan\AppData\Roaming\Wacom
2012-01-05 01:01:37 -------- d-----w- C:\ProgramData\Wacom
2012-01-05 01:01:01 -------- d-----w- C:\Program Files (x86)\Bamboo Dock
2012-01-04 17:20:27 808 ----a-w- C:\ProgramData\odfwaaa.tmp
2012-01-04 17:19:44 140120 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-01-04 17:19:20 258392 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-01-04 17:19:14 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-01-04 17:19:14 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-01-04 17:18:58 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
2012-01-04 17:18:57 41184 ----a-w- C:\Windows\avastSS.scr
2012-01-04 14:20:45 824 ----a-w- C:\ProgramData\cvpobaa.tmp
2012-01-01 21:50:57 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2012-01-01 21:50:57 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-01-01 21:50:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-01-01 21:50:56 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-01-01 21:50:56 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-01-01 19:30:27 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-22 23:30:15 -------- d-----w- C:\BurnInTest test files
2011-12-21 18:33:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-21 18:33:38 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-21 18:10:18 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-21 18:00:56 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-21 18:00:52 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-21 18:00:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-21 17:59:10 -------- d-----w- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-12-20 14:08:06 -------- d-----w- C:\Users\Susan\AppData\Local\CyberLink
2011-12-20 14:02:53 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2011-12-20 14:02:31 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll
2011-12-14 20:01:58 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-13 17:34:41 -------- d-----w- C:\Program Files\iPod
2011-12-13 17:34:40 -------- d-----w- C:\Program Files\iTunes
2011-12-13 17:34:40 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-13 17:00:49 -------- d-----w- C:\Users\Susan\AppData\Roaming\Malwarebytes
2011-12-13 17:00:43 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-13 17:00:40 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
==================== Find3M ====================
.
2011-11-30 04:31:25 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-11-26 03:33:17 1145960 ----a-w- C:\Windows\System32\drivers\rtl8192ce.sys
2011-11-24 21:54:44 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:00:38.08 ===============

Attached Files


Edited by silvershadowstalker, 10 January 2012 - 08:52 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 AM

Posted 10 January 2012 - 11:36 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 silvershadowstalker

silvershadowstalker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2012 - 12:16 PM

Combofix ran rather slow (took about 3 hours or so). Avast still alerts about iexplorer.exe, and and browser I start. For now, I am able to get on IE, and FF, but Safari is now the one that keeps crashing. This will probably change later today making Safari the working browser and FF/IE unusable.

I did get the "Illegal operation attempted on a registry key that has been marked for deletion." error, restarted and it went away.

Btw, thanks for helping me out Gringo! Really appreciate it.





ComboFix 12-01-10.02 - Susan 01/11/2012 9:51.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1706 [GMT -5:00]
Running from: c:\users\Susan\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\cvpobaa.tmp
c:\programdata\dbplbaa.tmp
c:\programdata\ebplbaa.tmp
c:\programdata\gjopeaa.tmp
c:\programdata\hjopeaa.tmp
c:\programdata\odfwaaa.tmp
c:\programdata\rkblbaa.tmp
c:\programdata\sjdxaaa.tmp
c:\programdata\skblbaa.tmp
c:\programdata\tkblbaa.tmp
c:\programdata\umlhbaa.tmp
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 16:37 . 2012-01-11 16:37 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C19D2D5-4144-45BE-9B11-102E603FE7EA}\offreg.dll
2012-01-11 16:32 . 2012-01-11 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 00:47 . 2012-01-11 00:47 -------- d-----w- c:\users\Susan\AppData\Roaming\IDT
2012-01-10 14:46 . 2011-11-30 07:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C19D2D5-4144-45BE-9B11-102E603FE7EA}\mpengine.dll
2012-01-08 00:38 . 2012-01-08 00:38 -------- d-----w- c:\users\Susan\AppData\Local\Diagnostics
2012-01-07 01:06 . 2012-01-07 01:06 -------- d-----w- c:\users\Susan\AppData\Roaming\SUPERAntiSpyware.com
2012-01-07 01:06 . 2012-01-07 01:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-07 01:06 . 2012-01-07 01:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-06 23:12 . 2012-01-06 23:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-05 01:02 . 2012-01-05 01:02 -------- d-----w- c:\users\Susan\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2012-01-05 01:01 . 2012-01-05 01:01 -------- d-----w- c:\users\Susan\AppData\Roaming\Wacom
2012-01-05 01:01 . 2012-01-05 01:02 -------- d-----w- c:\programdata\Wacom
2012-01-05 01:01 . 2012-01-05 01:01 -------- d-----w- c:\program files (x86)\Bamboo Dock
2012-01-04 17:19 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-04 17:19 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-04 17:19 . 2011-11-28 17:54 140120 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-01-04 17:19 . 2011-11-28 17:53 258392 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-01-04 17:19 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-04 17:19 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-04 17:19 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-04 17:19 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-04 17:18 . 2011-11-28 17:26 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-01-04 17:18 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-04 17:18 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-01-04 14:13 . 2012-01-04 14:13 -------- d-----w- c:\windows\Sun
2012-01-01 21:50 . 2011-11-04 01:53 2309120 ----a-w- c:\windows\system32\jscript9.dll
2012-01-01 21:50 . 2011-11-04 01:44 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-01-01 21:50 . 2011-11-03 22:47 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-01-01 21:50 . 2011-11-04 01:48 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-01-01 21:50 . 2011-11-03 22:42 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2011-12-22 23:30 . 2011-12-22 23:37 -------- d-----w- C:\BurnInTest test files
2011-12-22 19:22 . 2011-12-22 19:22 -------- d-----w- c:\programdata\CyberLink
2011-12-22 19:22 . 2011-12-22 19:22 -------- d-----w- c:\users\Public\CyberLink
2011-12-21 18:33 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-21 18:33 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-21 18:10 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-21 18:00 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-21 18:00 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-21 18:00 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-21 17:59 . 2011-12-21 17:59 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-12-20 14:08 . 2011-12-20 14:08 -------- d-----w- c:\users\Susan\AppData\Roaming\CyberLink
2011-12-20 14:08 . 2011-12-20 14:08 -------- d-----w- c:\users\Susan\AppData\Local\CyberLink
2011-12-20 14:02 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2011-12-20 14:02 . 2009-03-09 20:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-12-14 20:01 . 2011-12-14 20:01 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-13 17:34 . 2011-12-13 17:34 -------- d-----w- c:\program files\iPod
2011-12-13 17:34 . 2011-12-13 17:35 -------- d-----w- c:\program files\iTunes
2011-12-13 17:34 . 2011-12-13 17:35 -------- d-----w- c:\program files (x86)\iTunes
2011-12-13 17:31 . 2011-12-13 17:31 -------- d-----w- c:\program files (x86)\Safari
2011-12-13 17:00 . 2011-12-13 17:00 -------- d-----w- c:\users\Susan\AppData\Roaming\Malwarebytes
2011-12-13 17:00 . 2011-12-13 17:00 -------- d-----w- c:\programdata\Malwarebytes
2011-12-13 17:00 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 04:31 . 2011-11-30 04:31 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-28 18:01 . 2011-11-24 21:53 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-26 03:36 . 2011-11-26 03:36 528384 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2011-11-26 03:36 . 2011-06-27 16:23 4779520 ----a-w- c:\windows\system32\stlang64.dll
2011-11-26 03:36 . 2011-06-27 16:23 1128448 ----a-w- c:\windows\sttray64.exe
2011-11-26 03:36 . 2011-11-26 03:36 431616 ----a-w- c:\windows\system32\stcplx64.dll
2011-11-26 03:36 . 2011-11-26 03:36 654336 ------w- c:\windows\system32\stapi64.dll
2011-11-26 03:36 . 2011-11-26 03:36 1965056 ----a-w- c:\windows\system32\stapo64.dll
2011-11-26 03:36 . 2011-06-27 16:22 224256 ----a-w- c:\windows\system32\staco64.dll
2011-11-26 03:36 . 2011-06-27 16:23 6382080 ----a-w- c:\windows\system32\IDTNGUI.exe
2011-11-26 03:36 . 2011-06-27 16:23 4933120 ----a-w- c:\windows\system32\IDTNHP.dll
2011-11-26 03:36 . 2011-06-27 16:23 212480 ----a-w- c:\windows\system32\IDTNJ.exe
2011-11-26 03:36 . 2011-06-27 16:23 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2011-11-26 03:36 . 2011-06-27 16:23 1029120 ----a-w- c:\windows\system32\IDTNX.dll
2011-11-26 03:36 . 2011-06-27 16:23 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2011-11-26 03:36 . 2011-06-27 16:23 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2011-11-26 03:36 . 2011-06-27 16:23 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2011-11-26 03:36 . 2011-06-27 16:23 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2011-11-26 03:36 . 2011-06-27 16:23 90624 ----a-w- c:\windows\system32\AESTCo64.dll
2011-11-26 03:33 . 2011-06-27 16:26 1145960 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys
2011-11-24 21:54 . 2011-11-24 21:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 18:13 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-15 19:29 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-21 . BD7E252E0DBD06FD5B4463533603D0E7 . 858112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 ALSysIO;ALSysIO;c:\users\Susan\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-11-26 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\HPCeeScheduleForSusan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-26 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
FF - ProfilePath - c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ehzy69ag.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:57,7b,f8,35,05,cb,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,16,87,47,84,5f,52,4e,81,52,29,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,16,87,47,84,5f,52,4e,81,52,29,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\HP SimplePass 2011\TouchControl.exe
c:\program files (x86)\HP SimplePass 2011\BioMonitor.exe
.
**************************************************************************
.
Completion time: 2012-01-11 12:00:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-11 17:00
.
Pre-Run: 568,356,859,904 bytes free
Post-Run: 569,733,115,904 bytes free
.
- - End Of File - - 02AFC6F223FCB4BA47482CC3BF9C90F8

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 AM

Posted 11 January 2012 - 01:40 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 silvershadowstalker

silvershadowstalker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2012 - 01:54 PM

13:42:54.0433 0924 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
13:42:56.0440 0924 ============================================================
13:42:56.0440 0924 Current date / time: 2012/01/11 13:42:56.0440
13:42:56.0440 0924 SystemInfo:
13:42:56.0440 0924
13:42:56.0440 0924 OS Version: 6.1.7601 ServicePack: 1.0
13:42:56.0440 0924 Product type: Workstation
13:42:56.0440 0924 ComputerName: GLADOS
13:42:56.0440 0924 UserName: Susan
13:42:56.0440 0924 Windows directory: C:\Windows
13:42:56.0440 0924 System windows directory: C:\Windows
13:42:56.0440 0924 Running under WOW64
13:42:56.0440 0924 Processor architecture: Intel x64
13:42:56.0440 0924 Number of processors: 4
13:42:56.0440 0924 Page size: 0x1000
13:42:56.0441 0924 Boot type: Normal boot
13:42:56.0441 0924 ============================================================
13:42:57.0013 0924 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000, SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
13:42:57.0192 0924 Initialize success
13:43:07.0906 7716 ============================================================
13:43:07.0906 7716 Scan started
13:43:07.0906 7716 Mode: Manual;
13:43:07.0906 7716 ============================================================
13:43:08.0936 7716 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:43:08.0936 7716 1394ohci - ok
13:43:09.0107 7716 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
13:43:09.0107 7716 Accelerometer - ok
13:43:09.0279 7716 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:43:09.0295 7716 ACPI - ok
13:43:09.0466 7716 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:43:09.0466 7716 AcpiPmi - ok
13:43:09.0653 7716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:43:09.0685 7716 adp94xx - ok
13:43:09.0856 7716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:43:09.0856 7716 adpahci - ok
13:43:10.0043 7716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:43:10.0059 7716 adpu320 - ok
13:43:10.0293 7716 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
13:43:10.0324 7716 AFD - ok
13:43:10.0480 7716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:43:10.0480 7716 agp440 - ok
13:43:10.0652 7716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:43:10.0652 7716 aliide - ok
13:43:10.0792 7716 ALSysIO - ok
13:43:10.0979 7716 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\DRIVERS\amdhub30.sys
13:43:10.0979 7716 amdhub30 - ok
13:43:11.0151 7716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:43:11.0151 7716 amdide - ok
13:43:11.0323 7716 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
13:43:11.0323 7716 amdiox64 - ok
13:43:11.0557 7716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:43:11.0557 7716 AmdK8 - ok
13:43:11.0962 7716 amdkmdag (69bc235b7983d67b8967ce634023ced1) C:\Windows\system32\DRIVERS\atikmdag.sys
13:43:12.0165 7716 amdkmdag - ok
13:43:12.0415 7716 amdkmdap (2a8496af669f282777f9e17d04d0aa22) C:\Windows\system32\DRIVERS\atikmpag.sys
13:43:12.0430 7716 amdkmdap - ok
13:43:12.0586 7716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:43:12.0602 7716 AmdPPM - ok
13:43:12.0758 7716 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:43:12.0773 7716 amdsata - ok
13:43:12.0945 7716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:43:12.0945 7716 amdsbs - ok
13:43:13.0101 7716 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:43:13.0117 7716 amdxata - ok
13:43:13.0273 7716 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\DRIVERS\amdxhc.sys
13:43:13.0273 7716 amdxhc - ok
13:43:13.0397 7716 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys
13:43:13.0397 7716 amd_sata - ok
13:43:13.0522 7716 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys
13:43:13.0522 7716 amd_xata - ok
13:43:13.0725 7716 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:43:13.0725 7716 AppID - ok
13:43:13.0943 7716 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:43:13.0959 7716 arc - ok
13:43:14.0131 7716 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:43:14.0131 7716 arcsas - ok
13:43:14.0302 7716 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
13:43:14.0302 7716 aswFsBlk - ok
13:43:14.0474 7716 aswFW (78c8f46f4bd5f9dcfe2af5dfea33f334) C:\Windows\system32\drivers\aswFW.sys
13:43:14.0489 7716 aswFW - ok
13:43:14.0661 7716 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
13:43:14.0661 7716 aswMonFlt - ok
13:43:14.0817 7716 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
13:43:14.0817 7716 aswNdis - ok
13:43:15.0004 7716 aswNdis2 (a985fa77a3262bc119e6e520cda645b0) C:\Windows\system32\drivers\aswNdis2.sys
13:43:15.0004 7716 aswNdis2 - ok
13:43:15.0176 7716 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
13:43:15.0176 7716 aswRdr - ok
13:43:15.0316 7716 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
13:43:15.0347 7716 aswSnx - ok
13:43:15.0488 7716 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
13:43:15.0503 7716 aswSP - ok
13:43:15.0644 7716 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
13:43:15.0644 7716 aswTdi - ok
13:43:15.0815 7716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:43:15.0815 7716 AsyncMac - ok
13:43:15.0956 7716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:43:15.0971 7716 atapi - ok
13:43:16.0174 7716 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
13:43:16.0174 7716 AtiHDAudioService - ok
13:43:16.0393 7716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:43:16.0408 7716 b06bdrv - ok
13:43:16.0595 7716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:43:16.0611 7716 b57nd60a - ok
13:43:16.0829 7716 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:43:16.0861 7716 BCM43XX - ok
13:43:17.0048 7716 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:43:17.0048 7716 Beep - ok
13:43:17.0219 7716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
13:43:17.0235 7716 blbdrive - ok
13:43:17.0407 7716 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:43:17.0407 7716 bowser - ok
13:43:17.0578 7716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:43:17.0578 7716 BrFiltLo - ok
13:43:17.0672 7716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:43:17.0687 7716 BrFiltUp - ok
13:43:17.0843 7716 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:43:17.0843 7716 BridgeMP - ok
13:43:18.0015 7716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:43:18.0015 7716 Brserid - ok
13:43:18.0187 7716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:43:18.0202 7716 BrSerWdm - ok
13:43:18.0358 7716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:43:18.0374 7716 BrUsbMdm - ok
13:43:18.0514 7716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:43:18.0530 7716 BrUsbSer - ok
13:43:18.0701 7716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:43:18.0701 7716 BTHMODEM - ok
13:43:18.0811 7716 catchme - ok
13:43:18.0982 7716 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:43:18.0982 7716 cdfs - ok
13:43:19.0138 7716 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:43:19.0138 7716 cdrom - ok
13:43:19.0325 7716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:43:19.0341 7716 circlass - ok
13:43:19.0497 7716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:43:19.0513 7716 CLFS - ok
13:43:19.0700 7716 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
13:43:19.0700 7716 clwvd - ok
13:43:19.0856 7716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:43:19.0871 7716 CmBatt - ok
13:43:19.0981 7716 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:43:19.0981 7716 cmdide - ok
13:43:20.0152 7716 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
13:43:20.0168 7716 CNG - ok
13:43:20.0339 7716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:43:20.0355 7716 Compbatt - ok
13:43:20.0542 7716 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:43:20.0558 7716 CompositeBus - ok
13:43:20.0698 7716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:43:20.0714 7716 crcdisk - ok
13:43:20.0901 7716 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:43:20.0901 7716 DfsC - ok
13:43:21.0057 7716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:43:21.0073 7716 discache - ok
13:43:21.0229 7716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:43:21.0244 7716 Disk - ok
13:43:21.0416 7716 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:43:21.0416 7716 drmkaud - ok
13:43:21.0572 7716 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:43:21.0572 7716 dtsoftbus01 - ok
13:43:21.0728 7716 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:43:21.0775 7716 DXGKrnl - ok
13:43:21.0977 7716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:43:22.0087 7716 ebdrv - ok
13:43:22.0274 7716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:43:22.0305 7716 elxstor - ok
13:43:22.0430 7716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:43:22.0430 7716 ErrDev - ok
13:43:22.0633 7716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:43:22.0648 7716 exfat - ok
13:43:22.0789 7716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:43:22.0804 7716 fastfat - ok
13:43:22.0960 7716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:43:22.0976 7716 fdc - ok
13:43:23.0116 7716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:43:23.0116 7716 FileInfo - ok
13:43:23.0179 7716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:43:23.0179 7716 Filetrace - ok
13:43:23.0335 7716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:43:23.0335 7716 flpydisk - ok
13:43:23.0459 7716 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:43:23.0475 7716 FltMgr - ok
13:43:23.0631 7716 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:43:23.0631 7716 FsDepends - ok
13:43:23.0662 7716 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:43:23.0662 7716 Fs_Rec - ok
13:43:23.0803 7716 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:43:23.0803 7716 fvevol - ok
13:43:23.0943 7716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:43:23.0959 7716 gagp30kx - ok
13:43:24.0115 7716 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:43:24.0115 7716 GEARAspiWDM - ok
13:43:24.0271 7716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:43:24.0271 7716 hcw85cir - ok
13:43:24.0411 7716 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:43:24.0427 7716 HdAudAddService - ok
13:43:24.0551 7716 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:43:24.0567 7716 HDAudBus - ok
13:43:24.0629 7716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:43:24.0645 7716 HidBatt - ok
13:43:24.0707 7716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:43:24.0723 7716 HidBth - ok
13:43:24.0848 7716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:43:24.0863 7716 HidIr - ok
13:43:25.0004 7716 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:43:25.0004 7716 HidUsb - ok
13:43:25.0253 7716 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
13:43:25.0253 7716 hpdskflt - ok
13:43:25.0425 7716 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:43:25.0425 7716 HpSAMD - ok
13:43:25.0784 7716 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:43:25.0815 7716 HTTP - ok
13:43:25.0924 7716 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:43:25.0940 7716 hwpolicy - ok
13:43:26.0080 7716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:43:26.0080 7716 i8042prt - ok
13:43:26.0252 7716 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:43:26.0267 7716 iaStorV - ok
13:43:26.0423 7716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:43:26.0423 7716 iirsp - ok
13:43:26.0517 7716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:43:26.0517 7716 intelide - ok
13:43:26.0657 7716 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
13:43:26.0657 7716 intelppm - ok
13:43:26.0689 7716 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:43:26.0704 7716 IpFilterDriver - ok
13:43:26.0767 7716 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:43:26.0767 7716 IPMIDRV - ok
13:43:26.0845 7716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:43:26.0845 7716 IPNAT - ok
13:43:27.0001 7716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:43:27.0001 7716 IRENUM - ok
13:43:27.0141 7716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:43:27.0141 7716 isapnp - ok
13:43:27.0219 7716 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:43:27.0235 7716 iScsiPrt - ok
13:43:27.0391 7716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:43:27.0406 7716 kbdclass - ok
13:43:27.0531 7716 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:43:27.0547 7716 kbdhid - ok
13:43:27.0687 7716 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
13:43:27.0703 7716 KSecDD - ok
13:43:27.0781 7716 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
13:43:27.0796 7716 KSecPkg - ok
13:43:27.0937 7716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:43:27.0937 7716 ksthunk - ok
13:43:28.0139 7716 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:43:28.0139 7716 lltdio - ok
13:43:28.0327 7716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:43:28.0327 7716 LSI_FC - ok
13:43:28.0420 7716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:43:28.0420 7716 LSI_SAS - ok
13:43:28.0623 7716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:43:28.0623 7716 LSI_SAS2 - ok
13:43:28.0779 7716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:43:28.0779 7716 LSI_SCSI - ok
13:43:28.0888 7716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:43:28.0888 7716 luafv - ok
13:43:29.0029 7716 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
13:43:29.0029 7716 MBAMProtector - ok
13:43:29.0185 7716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:43:29.0185 7716 megasas - ok
13:43:29.0356 7716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:43:29.0372 7716 MegaSR - ok
13:43:29.0497 7716 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:43:29.0497 7716 Modem - ok
13:43:29.0653 7716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:43:29.0653 7716 monitor - ok
13:43:29.0809 7716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:43:29.0809 7716 mouclass - ok
13:43:29.0980 7716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:43:29.0980 7716 mouhid - ok
13:43:30.0121 7716 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:43:30.0121 7716 mountmgr - ok
13:43:30.0230 7716 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:43:30.0245 7716 mpio - ok
13:43:30.0339 7716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:43:30.0355 7716 mpsdrv - ok
13:43:30.0417 7716 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:43:30.0433 7716 MRxDAV - ok
13:43:30.0542 7716 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:43:30.0557 7716 mrxsmb - ok
13:43:30.0651 7716 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:43:30.0667 7716 mrxsmb10 - ok
13:43:30.0760 7716 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:43:30.0776 7716 mrxsmb20 - ok
13:43:30.0885 7716 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:43:30.0885 7716 msahci - ok
13:43:30.0947 7716 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:43:30.0963 7716 msdsm - ok
13:43:31.0119 7716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:43:31.0119 7716 Msfs - ok
13:43:31.0259 7716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:43:31.0259 7716 mshidkmdf - ok
13:43:31.0384 7716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:43:31.0384 7716 msisadrv - ok
13:43:31.0556 7716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:43:31.0571 7716 MSKSSRV - ok
13:43:31.0712 7716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:43:31.0727 7716 MSPCLOCK - ok
13:43:31.0759 7716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:43:31.0759 7716 MSPQM - ok
13:43:31.0821 7716 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:43:31.0837 7716 MsRPC - ok
13:43:31.0946 7716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:43:31.0961 7716 mssmbios - ok
13:43:32.0117 7716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:43:32.0117 7716 MSTEE - ok
13:43:32.0227 7716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:43:32.0242 7716 MTConfig - ok
13:43:32.0351 7716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:43:32.0351 7716 Mup - ok
13:43:32.0539 7716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:43:32.0539 7716 NativeWifiP - ok
13:43:32.0726 7716 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:43:32.0757 7716 NDIS - ok
13:43:32.0913 7716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:43:32.0929 7716 NdisCap - ok
13:43:33.0069 7716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:43:33.0069 7716 NdisTapi - ok
13:43:33.0225 7716 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:43:33.0225 7716 Ndisuio - ok
13:43:33.0334 7716 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:43:33.0350 7716 NdisWan - ok
13:43:33.0459 7716 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:43:33.0459 7716 NDProxy - ok
13:43:33.0615 7716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:43:33.0615 7716 NetBIOS - ok
13:43:33.0724 7716 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:43:33.0740 7716 NetBT - ok
13:43:33.0958 7716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:43:33.0958 7716 nfrd960 - ok
13:43:34.0114 7716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:43:34.0130 7716 Npfs - ok
13:43:34.0161 7716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:43:34.0161 7716 nsiproxy - ok
13:43:34.0239 7716 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:43:34.0301 7716 Ntfs - ok
13:43:34.0395 7716 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:43:34.0411 7716 Null - ok
13:43:34.0567 7716 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
13:43:34.0598 7716 NVENETFD - ok
13:43:34.0754 7716 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:43:34.0754 7716 nvraid - ok
13:43:34.0925 7716 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:43:34.0941 7716 nvstor - ok
13:43:35.0066 7716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:43:35.0081 7716 nv_agp - ok
13:43:35.0191 7716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:43:35.0191 7716 ohci1394 - ok
13:43:35.0300 7716 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:43:35.0300 7716 Parport - ok
13:43:35.0409 7716 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:43:35.0409 7716 partmgr - ok
13:43:35.0456 7716 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:43:35.0471 7716 pci - ok
13:43:35.0503 7716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:43:35.0503 7716 pciide - ok
13:43:35.0549 7716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:43:35.0565 7716 pcmcia - ok
13:43:35.0596 7716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:43:35.0612 7716 pcw - ok
13:43:35.0659 7716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:43:35.0690 7716 PEAUTH - ok
13:43:35.0955 7716 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:43:35.0971 7716 PptpMiniport - ok
13:43:36.0049 7716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:43:36.0049 7716 Processor - ok
13:43:36.0173 7716 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:43:36.0173 7716 Psched - ok
13:43:36.0314 7716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:43:36.0361 7716 ql2300 - ok
13:43:36.0454 7716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:43:36.0470 7716 ql40xx - ok
13:43:36.0532 7716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:43:36.0532 7716 QWAVEdrv - ok
13:43:36.0626 7716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:43:36.0626 7716 RasAcd - ok
13:43:36.0782 7716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:43:36.0782 7716 RasAgileVpn - ok
13:43:36.0907 7716 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:43:36.0907 7716 Rasl2tp - ok
13:43:37.0078 7716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:43:37.0078 7716 RasPppoe - ok
13:43:37.0234 7716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:43:37.0234 7716 RasSstp - ok
13:43:37.0312 7716 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:43:37.0328 7716 rdbss - ok
13:43:37.0437 7716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:43:37.0453 7716 rdpbus - ok
13:43:37.0609 7716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:43:37.0609 7716 RDPCDD - ok
13:43:37.0749 7716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:43:37.0749 7716 RDPENCDD - ok
13:43:37.0921 7716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:43:37.0921 7716 RDPREFMP - ok
13:43:38.0092 7716 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:43:38.0108 7716 RDPWD - ok
13:43:38.0264 7716 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:43:38.0264 7716 rdyboost - ok
13:43:38.0467 7716 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys
13:43:38.0482 7716 RSPCIESTOR - ok
13:43:38.0623 7716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:43:38.0638 7716 rspndr - ok
13:43:38.0794 7716 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:43:38.0825 7716 RTL8167 - ok
13:43:38.0997 7716 RTL8192Ce (177963a6eebaa9ef3b56a2dbe9d5d0fc) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
13:43:39.0028 7716 RTL8192Ce - ok
13:43:39.0122 7716 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:43:39.0137 7716 SASDIFSV - ok
13:43:39.0247 7716 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:43:39.0247 7716 SASKUTIL - ok
13:43:39.0371 7716 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:43:39.0371 7716 sbp2port - ok
13:43:39.0496 7716 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:43:39.0496 7716 scfilter - ok
13:43:39.0668 7716 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
13:43:39.0668 7716 sdbus - ok
13:43:39.0824 7716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:43:39.0839 7716 secdrv - ok
13:43:40.0011 7716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:43:40.0027 7716 Serenum - ok
13:43:40.0183 7716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:43:40.0198 7716 Serial - ok
13:43:40.0354 7716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:43:40.0370 7716 sermouse - ok
13:43:40.0510 7716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:43:40.0510 7716 sffdisk - ok
13:43:40.0635 7716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:43:40.0635 7716 sffp_mmc - ok
13:43:40.0760 7716 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:43:40.0760 7716 sffp_sd - ok
13:43:40.0885 7716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:43:40.0885 7716 sfloppy - ok
13:43:41.0181 7716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:43:41.0181 7716 SiSRaid2 - ok
13:43:41.0399 7716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:43:41.0399 7716 SiSRaid4 - ok
13:43:41.0555 7716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:43:41.0555 7716 Smb - ok
13:43:41.0743 7716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:43:41.0743 7716 spldr - ok
13:43:41.0883 7716 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:43:41.0899 7716 srv - ok
13:43:42.0023 7716 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:43:42.0039 7716 srv2 - ok
13:43:42.0211 7716 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:43:42.0211 7716 SrvHsfHDA - ok
13:43:42.0367 7716 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:43:42.0445 7716 SrvHsfV92 - ok
13:43:42.0601 7716 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:43:42.0632 7716 SrvHsfWinac - ok
13:43:42.0803 7716 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:43:42.0819 7716 srvnet - ok
13:43:43.0006 7716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:43:43.0022 7716 stexstor - ok
13:43:43.0178 7716 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys
13:43:43.0193 7716 STHDA - ok
13:43:43.0349 7716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:43:43.0349 7716 swenum - ok
13:43:43.0552 7716 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
13:43:43.0599 7716 SynTP - ok
13:43:43.0849 7716 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:43:43.0927 7716 Tcpip - ok
13:43:44.0130 7716 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:43:44.0145 7716 TCPIP6 - ok
13:43:44.0270 7716 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:43:44.0270 7716 tcpipreg - ok
13:43:44.0317 7716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:43:44.0317 7716 TDPIPE - ok
13:43:44.0426 7716 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:43:44.0426 7716 TDTCP - ok
13:43:44.0535 7716 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:43:44.0551 7716 tdx - ok
13:43:44.0707 7716 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:43:44.0722 7716 TermDD - ok
13:43:44.0910 7716 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:43:44.0910 7716 tssecsrv - ok
13:43:45.0050 7716 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:43:45.0066 7716 TsUsbFlt - ok
13:43:45.0144 7716 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:43:45.0144 7716 TsUsbGD - ok
13:43:45.0315 7716 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:43:45.0315 7716 tunnel - ok
13:43:45.0440 7716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:43:45.0456 7716 uagp35 - ok
13:43:45.0580 7716 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:43:45.0596 7716 udfs - ok
13:43:45.0768 7716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:43:45.0768 7716 uliagpkx - ok
13:43:45.0908 7716 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:43:45.0924 7716 umbus - ok
13:43:46.0017 7716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:43:46.0033 7716 UmPass - ok
13:43:46.0189 7716 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:43:46.0189 7716 USBAAPL64 - ok
13:43:46.0314 7716 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:43:46.0314 7716 usbccgp - ok
13:43:46.0470 7716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:43:46.0470 7716 usbcir - ok
13:43:46.0579 7716 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:43:46.0594 7716 usbehci - ok
13:43:46.0735 7716 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\DRIVERS\usbfilter.sys
13:43:46.0750 7716 usbfilter - ok
13:43:46.0891 7716 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:43:46.0906 7716 usbhub - ok
13:43:47.0016 7716 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:43:47.0016 7716 usbohci - ok
13:43:47.0140 7716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:43:47.0140 7716 usbprint - ok
13:43:47.0281 7716 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:43:47.0281 7716 USBSTOR - ok
13:43:47.0328 7716 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:43:47.0328 7716 usbuhci - ok
13:43:47.0484 7716 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
13:43:47.0484 7716 usbvideo - ok
13:43:47.0624 7716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:43:47.0624 7716 vdrvroot - ok
13:43:47.0796 7716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:43:47.0811 7716 vga - ok
13:43:47.0936 7716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:43:47.0936 7716 VgaSave - ok
13:43:48.0061 7716 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:43:48.0061 7716 vhdmp - ok
13:43:48.0186 7716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:43:48.0186 7716 viaide - ok
13:43:48.0295 7716 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:43:48.0295 7716 volmgr - ok
13:43:48.0404 7716 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:43:48.0420 7716 volmgrx - ok
13:43:48.0544 7716 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:43:48.0560 7716 volsnap - ok
13:43:48.0700 7716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:43:48.0716 7716 vsmraid - ok
13:43:48.0825 7716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:43:48.0825 7716 vwifibus - ok
13:43:49.0059 7716 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:43:49.0059 7716 vwififlt - ok
13:43:49.0246 7716 wacmoumonitor (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
13:43:49.0262 7716 wacmoumonitor - ok
13:43:49.0418 7716 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
13:43:49.0434 7716 wacommousefilter - ok
13:43:49.0558 7716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:43:49.0558 7716 WacomPen - ok
13:43:49.0730 7716 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
13:43:49.0730 7716 wacomvhid - ok
13:43:49.0886 7716 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:43:49.0886 7716 WANARP - ok
13:43:49.0917 7716 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:43:49.0917 7716 Wanarpv6 - ok
13:43:50.0089 7716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:43:50.0089 7716 Wd - ok
13:43:50.0229 7716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:43:50.0260 7716 Wdf01000 - ok
13:43:50.0463 7716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:43:50.0463 7716 WfpLwf - ok
13:43:50.0588 7716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:43:50.0588 7716 WIMMount - ok
13:43:50.0775 7716 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
13:43:50.0791 7716 WinUsb - ok
13:43:50.0947 7716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:43:50.0947 7716 WmiAcpi - ok
13:43:51.0134 7716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:43:51.0134 7716 ws2ifsl - ok
13:43:51.0274 7716 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:43:51.0274 7716 WudfPf - ok
13:43:51.0384 7716 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:43:51.0399 7716 WUDFRd - ok
13:43:51.0462 7716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:43:51.0540 7716 \Device\Harddisk0\DR0 - ok
13:43:51.0555 7716 Boot (0x1200) (2206c4b6a5f05433e6f14e00f6552755) \Device\Harddisk0\DR0\Partition0
13:43:51.0555 7716 \Device\Harddisk0\DR0\Partition0 - ok
13:43:51.0571 7716 Boot (0x1200) (5ba1cec1548ef1b1d4508205d4bfa17c) \Device\Harddisk0\DR0\Partition1
13:43:51.0571 7716 \Device\Harddisk0\DR0\Partition1 - ok
13:43:51.0618 7716 Boot (0x1200) (dcd8b14e4221f0e2495c3ac536e1a790) \Device\Harddisk0\DR0\Partition2
13:43:51.0618 7716 \Device\Harddisk0\DR0\Partition2 - ok
13:43:51.0664 7716 Boot (0x1200) (e1d781e8d4187b9595fc9ee4284983f6) \Device\Harddisk0\DR0\Partition3
13:43:51.0664 7716 \Device\Harddisk0\DR0\Partition3 - ok
13:43:51.0664 7716 ============================================================
13:43:51.0664 7716 Scan finished
13:43:51.0664 7716 ============================================================
13:43:51.0680 8024 Detected object count: 0
13:43:51.0680 8024 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 AM

Posted 11 January 2012 - 02:26 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 silvershadowstalker

silvershadowstalker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2012 - 03:16 PM

It caused Windows to crash and Blue Screen on me. Should I try it one more time?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 AM

Posted 11 January 2012 - 03:28 PM

yes try it once more


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 silvershadowstalker

silvershadowstalker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2012 - 05:07 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-11 15:36:16
-----------------------------
15:36:16.884 OS Version: Windows x64 6.1.7601 Service Pack 1
15:36:16.884 Number of processors: 4 586 0x100
15:36:16.884 ComputerName: GLADOS UserName: Susan
15:36:26.602 Initialize success
15:36:26.790 AVAST engine defs: 12011101
15:36:39.285 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000072
15:36:39.285 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 11
15:36:39.332 Disk 0 MBR read successfully
15:36:39.348 Disk 0 MBR scan
15:36:39.348 Disk 0 Windows 7 default MBR code
15:36:39.363 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
15:36:39.379 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595366 MB offset 409600
15:36:39.426 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14810 MB offset 1219719168
15:36:39.457 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
15:36:39.457 Service scanning
15:36:41.048 Modules scanning
15:36:41.048 Disk 0 trace - called modules:
15:36:41.110 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
15:36:41.126 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004634060]
15:36:41.142 3 CLASSPNP.SYS[fffff8800165b43f] -> nt!IofCallDriver -> [0xfffffa8004308b10]
15:36:41.157 5 hpdskflt.sys[fffff88001602189] -> nt!IofCallDriver -> [0xfffffa8004184040]
15:36:41.157 7 amd_xata.sys[fffff880011158f7] -> nt!IofCallDriver -> \Device\00000072[0xfffffa80041738f0]
15:36:46.024 AVAST engine scan C:\
17:01:34.142 Scan finished successfully
17:03:32.967 Disk 0 MBR has been saved successfully to "C:\Users\Susan\Desktop\MBR.dat"
17:03:32.983 The log file has been saved successfully to "C:\Users\Susan\Desktop\aswMBR.txt"
`

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 AM

Posted 11 January 2012 - 06:30 PM

Hello


How are things working now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 silvershadowstalker

silvershadowstalker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2012 - 06:58 PM

Malwarebytes is sometimes alerting about an IP, while Avast is alerting about malicious URLs. Not as frequent though. Safari also crashes upon loading. Search engines still redirect as well.

Edited by silvershadowstalker, 11 January 2012 - 07:08 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 AM

Posted 11 January 2012 - 09:07 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 silvershadowstalker

silvershadowstalker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 11 January 2012 - 09:50 PM

Would it be ok to delete the text documents that have been made with the other programs? My desktop is getting cluttered with programs and files and they are starting to get a bit confusing. ^.^'''





OTL logfile created on: 1/11/2012 9:33:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Susan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 32.62% Memory free
6.96 Gb Paging File | 3.84 Gb Available in Paging File | 55.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.41 Gb Total Space | 529.43 Gb Free Space | 91.06% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive F: | 99.34 Mb Total Space | 89.19 Mb Free Space | 89.79% Space Free | Partition Type: FAT32

Computer Name: GLADOS | User Name: Susan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Susan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\sdiagnhost.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\msdt.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooWinTab.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1153407955-723814322-1316728533-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1153407955-723814322-1316728533-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1153407955-723814322-1316728533-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/04 12:18:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/24 13:23:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/25 18:11:44 | 000,000,000 | ---D | M]

[2011/11/24 13:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susan\AppData\Roaming\Mozilla\Extensions
[2011/11/25 18:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ehzy69ag.default\extensions
[2011/11/24 17:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/24 17:11:13 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2012/01/04 12:18:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\SUSAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EHZY69AG.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/11 11:35:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1153407955-723814322-1316728533-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1153407955-723814322-1316728533-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1153407955-723814322-1316728533-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A24C0232-5717-4A6D-AEC2-797994F89920}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/11 15:14:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/11 12:05:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/11 12:01:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/11 09:48:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/11 09:48:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/11 09:48:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/11 09:48:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/11 09:48:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/11 09:48:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/11 09:41:06 | 004,377,322 | R--- | C] (Swearware) -- C:\Users\Susan\Desktop\ComboFix.exe
[2012/01/11 09:15:47 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 09:15:46 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 09:15:46 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 09:15:46 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 09:15:44 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 09:15:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 09:15:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/10 19:47:44 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\IDT
[2012/01/10 18:55:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Susan\Desktop\dds.scr
[2012/01/07 19:38:16 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\Diagnostics
[2012/01/06 20:06:52 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/06 20:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/06 20:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/06 20:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/06 18:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/06 18:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/04 20:02:34 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012/01/04 20:01:45 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Wacom
[2012/01/04 20:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom
[2012/01/04 20:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock
[2012/01/04 20:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Dock
[2012/01/04 19:58:56 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\WTablet
[2012/01/04 19:58:53 | 001,326,456 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Touch_Tablet.dll
[2012/01/04 19:58:53 | 001,107,832 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
[2012/01/04 19:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2012/01/04 19:58:44 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
[2012/01/04 19:58:39 | 000,013,312 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys
[2012/01/04 19:58:35 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys
[2012/01/04 19:58:20 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys
[2012/01/04 19:58:17 | 001,401,208 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll
[2012/01/04 19:58:17 | 001,392,504 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\WacomMT.dll
[2012/01/04 19:58:17 | 001,156,472 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll
[2012/01/04 19:58:17 | 001,152,888 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\WacomMT.dll
[2012/01/04 19:58:16 | 001,665,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.dll
[2012/01/04 19:58:16 | 001,369,464 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll
[2012/01/04 19:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2012/01/04 12:19:46 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/01/04 12:19:46 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/01/04 12:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/01/04 12:19:44 | 000,140,120 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/01/04 12:19:20 | 000,258,392 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/01/04 12:19:20 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/01/04 12:19:14 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/01/04 12:19:14 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/01/04 12:19:14 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/01/04 12:18:58 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012/01/04 12:18:57 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/01/04 12:18:57 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/04 09:13:04 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/01 16:51:04 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/01 16:51:04 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/01 16:51:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/01 16:51:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/01 16:51:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/01 16:51:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/01 16:51:01 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/01 16:50:57 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/01 16:50:57 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/01 16:50:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/01 16:50:56 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/23 14:52:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Susan\Desktop\TDSSKiller.exe
[2011/12/22 18:30:15 | 000,000,000 | ---D | C] -- C:\BurnInTest test files
[2011/12/22 14:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/12/21 13:10:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/21 13:00:52 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/21 13:00:52 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/21 12:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
[2011/12/20 09:08:07 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\CyberLink
[2011/12/20 09:08:06 | 000,000,000 | ---D | C] -- C:\Users\Susan\Documents\Youcam
[2011/12/20 09:08:06 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\CyberLink
[2011/12/20 09:02:53 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/12/20 09:02:31 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/12/14 15:01:58 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/12/13 12:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/13 12:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/13 12:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/13 12:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/13 12:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2011/12/13 12:00:49 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Malwarebytes
[2011/12/13 12:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/13 12:00:40 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/11 21:22:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/11 20:17:58 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 20:17:58 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 19:39:35 | 2801,979,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/11 17:03:32 | 000,000,512 | ---- | M] () -- C:\Users\Susan\Desktop\MBR.dat
[2012/01/11 15:13:56 | 647,516,898 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/11 11:35:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/11 09:41:18 | 004,377,322 | R--- | M] (Swearware) -- C:\Users\Susan\Desktop\ComboFix.exe
[2012/01/10 22:21:47 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/10 22:21:47 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/10 22:21:47 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/10 22:21:39 | 000,773,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/10 18:55:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Susan\Desktop\dds.scr
[2012/01/10 18:54:39 | 000,000,000 | ---- | M] () -- C:\Users\Susan\defogger_reenable
[2012/01/10 18:53:36 | 000,050,477 | ---- | M] () -- C:\Users\Susan\Desktop\Defogger.exe
[2012/01/07 13:55:41 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Susan\Desktop\TDSSKiller.exe
[2012/01/06 21:03:48 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSusan.job
[2012/01/06 20:06:38 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/06 18:12:13 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/04 20:01:37 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2012/01/04 12:19:46 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/01/04 12:19:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/21 13:46:12 | 000,276,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/21 13:01:10 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/12/20 09:01:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/12/14 15:01:58 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/12/13 16:37:40 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/12/13 12:35:14 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/13 12:31:58 | 000,002,515 | ---- | M] () -- C:\Users\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/13 12:31:58 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/13 12:31:29 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2011/12/13 11:38:21 | 000,007,024 | -HS- | M] () -- C:\Users\Susan\AppData\Local\tgklid5w7tcu5grf3ufs5g471m1f
[2011/12/13 11:38:21 | 000,007,024 | -HS- | M] () -- C:\ProgramData\tgklid5w7tcu5grf3ufs5g471m1f
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/11 17:03:32 | 000,000,512 | ---- | C] () -- C:\Users\Susan\Desktop\MBR.dat
[2012/01/11 15:13:56 | 647,516,898 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/11 09:48:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/11 09:48:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/11 09:48:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/11 09:48:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/11 09:48:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/10 18:54:39 | 000,000,000 | ---- | C] () -- C:\Users\Susan\defogger_reenable
[2012/01/10 18:53:34 | 000,050,477 | ---- | C] () -- C:\Users\Susan\Desktop\Defogger.exe
[2012/01/06 20:06:38 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/06 18:12:13 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/04 20:01:37 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2012/01/04 19:58:13 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTouchTabletUserDefaults.xml
[2012/01/04 19:58:13 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTabletUserDefaults.xml
[2012/01/04 12:19:46 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2011/12/27 14:20:23 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForSusan.job
[2011/12/21 13:01:10 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/12/20 09:01:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/12/13 16:37:40 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/12/13 12:35:14 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/13 12:31:58 | 000,002,515 | ---- | C] () -- C:\Users\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/13 12:31:58 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/12/13 12:31:58 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/13 12:31:29 | 000,000,628 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2011/12/13 11:33:26 | 000,007,024 | -HS- | C] () -- C:\Users\Susan\AppData\Local\tgklid5w7tcu5grf3ufs5g471m1f
[2011/12/13 11:33:26 | 000,007,024 | -HS- | C] () -- C:\ProgramData\tgklid5w7tcu5grf3ufs5g471m1f
[2011/11/28 12:29:50 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/06/27 11:29:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/27 11:25:59 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/06/27 11:21:59 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/27 11:10:48 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/08 14:35:06 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/21 21:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/01/13 01:03:20 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/16 21:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/11/20 22:24:20 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 AM

Posted 12 January 2012 - 05:53 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKU\S-1-5-21-1153407955-723814322-1316728533-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [2011/12/13 11:38:21 | 000,007,024 | -HS- | M] () -- C:\Users\Susan\AppData\Local\tgklid5w7tcu5grf3ufs5g471m1f
    [2011/12/13 11:38:21 | 000,007,024 | -HS- | M] () -- C:\ProgramData\tgklid5w7tcu5grf3ufs5g471m1f
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 silvershadowstalker

silvershadowstalker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 12 January 2012 - 07:38 AM

Pretty much the same. Malicious IP alert from Malwarebytes, URL warnings from Avast, Searches redirected, and Safari crashing.

I seem to be able to use Firefox and IE whenever I want to now. That is good :)


All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1153407955-723814322-1316728533-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Users\Susan\AppData\Local\tgklid5w7tcu5grf3ufs5g471m1f moved successfully.
C:\ProgramData\tgklid5w7tcu5grf3ufs5g471m1f moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Susan\Downloads\cmd.bat deleted successfully.
C:\Users\Susan\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Susan
->Temp folder emptied: 155873 bytes
->Temporary Internet Files folder emptied: 5929044 bytes
->Java cache emptied: 792787 bytes
->FireFox cache emptied: 55942452 bytes
->Apple Safari cache emptied: 127324160 bytes
->Flash cache emptied: 88525 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 107082178 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 284.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Susan
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Susan
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01122012_072953

Files\Folders moved on Reboot...
C:\Users\Susan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP000000475527FA5E50AB19D6 not found!

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users