Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS and system check


  • This topic is locked This topic is locked
15 replies to this topic

#1 joerob100

joerob100

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 21 January 2012 - 03:30 PM

Followed the guides to remove System Check and TLSS root kits.

The root kit and system check seems removed but now Google keeps redirecting and my browser is unstable.

MBAM and Eset scanner come up clean.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Joe at 16:33:33 on 2012-01-21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4095.3172 [GMT 0:00]
.
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {7z06E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\firefox.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://fairview.deadfrontier.com/onlinezombiemmo/index.php?topic=333518.msg2817512#msg2817512
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
mWinlogon: Userinit=C:\Windows\explorer.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
uRun: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
uRun: [Steam] "D:\Steam\steam.exe" -silent
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup
mRun: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [Google Update] "C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: Interfaces\{207CE866-3417-45C5-93B4-C05D2C26E7C3} : NameServer = 90.207.238.97,90.207.238.99
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL
SEH: N/A: {a5be62ca-de0f-4764-a0cb-4044816db174} - C:\PROGRA~1\tuEagles\EagleObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO-X64: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO-X64: flashget urlcatch - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun-x64: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
SEH-X64: : {A5BE62CA-DE0F-4764-A0CB-4044816DB174} - C:\PROGRA~1\tuEagles\EagleObj.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\xlc9z8ye.default\
FF - prefs.js: browser.startup.homepage - hxxp://tvcountdown.com/
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins\npbyond.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Joe\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\browser\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R3 ComproHID;VideoMate Root Enumerated Hid Device;C:\Windows\System32\drivers\ComproHID64.sys [2010-3-14 9088]
S2 CDMA Device Service;CDMA Device Service;C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-9-13 159232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-2-6 727720]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
S2 gupdate1c9e3cfe37a8f67;Google Update Service (gupdate1c9e3cfe37a8f67);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-2 133104]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-19 652872]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-9 2214504]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-7-28 1153368]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-14 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-7-27 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-2 133104]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2011-9-9 16616]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-1-11 19544]
S3 PS3 Media Server;PS3 Media Server;C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [2008-8-17 217088]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
.
=============== Created Last 30 ================
.
2012-01-21 16:07:53 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-21 14:45:43 -------- d-----w- C:\Program Files (x86)\ESET
2012-01-21 14:32:36 836 ----a-w- C:\ProgramData\gjuobaa.tmp
2012-01-21 14:31:55 834 ----a-w- C:\ProgramData\kjuobaa.tmp
2012-01-21 14:31:50 824 ----a-w- C:\ProgramData\jjuobaa.tmp
2012-01-21 14:31:45 849 ----a-w- C:\ProgramData\ijuobaa.tmp
2012-01-21 14:31:40 890 ----a-w- C:\ProgramData\hjuobaa.tmp
2012-01-21 14:06:34 208896 ----a-w- C:\Windows\MBR.exe
2012-01-21 14:06:33 98816 ----a-w- C:\Windows\sed.exe
2012-01-21 14:06:33 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-21 14:06:33 256000 ----a-w- C:\Windows\PEV.exe
2012-01-19 21:18:18 -------- d-----w- C:\Users\Joe\AppData\Roaming\Malwarebytes
2012-01-19 21:18:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-19 21:18:01 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-19 21:18:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-17 21:37:41 -------- d-----w- C:\Users\Joe\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2012-01-17 21:37:39 -------- d-----w- C:\Program Files (x86)\Balsamiq Mockups
2012-01-03 21:57:37 -------- d-----w- C:\Users\Joe\AppData\Roaming\Greyfirst
2012-01-03 21:57:37 -------- d-----w- C:\Users\Joe\AppData\Local\Greyfirst
2011-12-28 16:31:53 -------- d-----w- C:\Down
2011-12-28 16:31:38 -------- d-----w- C:\Perfect World Entertainment
2011-12-28 11:39:51 -------- d-----r- C:\Program Files (x86)\Skype
2011-12-25 22:09:10 -------- d-----w- C:\Users\Joe\AppData\Local\PAYDAY
2011-12-25 22:07:09 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-12-25 20:21:00 -------- d-----w- C:\Users\Joe\AppData\Local\ESN Sonar
2011-12-22 20:08:38 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2011-12-22 19:19:40 -------- d-----w- C:\Program Files (x86)\Common Files\EAInstaller
2011-12-22 18:28:48 -------- d-----w- C:\Users\Joe\AppData\Roaming\Origin
2011-12-22 18:28:46 -------- d-----w- C:\Users\Joe\AppData\Local\Origin
2011-12-22 18:27:56 -------- d-----w- C:\Program Files (x86)\Origin Games
.
==================== Find3M ====================
.
2012-01-11 18:06:38 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-25 21:33:05 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-12-25 21:33:05 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-12-25 21:05:04 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-22 20:04:38 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 16:35:38.58 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:32 PM

Posted 23 January 2012 - 02:44 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 joerob100

joerob100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 23 January 2012 - 01:44 PM

Thanks for the assistance.

Had to run Combofix twice as the first time it crashed when trying to remove something.

Still getting Google redirecting and crashing on Firefox. I think i have some kind of keylogger because facebook and msn have asked me to change my password due to access in Japan.


ComboFix 12-01-19.02 - Joe 23/01/2012 18:01:30.2.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4095.3441 [GMT 0:00]
Running from: c:\users\Joe\Desktop\New Folder (2)\ComboFix.exe
Command switches used :: c:\users\Joe\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\gjuobaa.tmp
c:\programdata\hjuobaa.tmp
c:\programdata\ijuobaa.tmp
c:\programdata\jjuobaa.tmp
c:\programdata\kjuobaa.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-22 16:13 . 2012-01-22 16:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-22 16:13 . 2012-01-22 16:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-22 16:13 . 2012-01-22 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-22 16:13 . 2012-01-22 16:13 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-01-21 14:45 . 2012-01-21 14:45 -------- d-----w- c:\program files (x86)\ESET
2012-01-19 21:18 . 2012-01-19 21:18 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes
2012-01-19 21:18 . 2012-01-19 21:18 -------- d-----w- c:\programdata\Malwarebytes
2012-01-19 21:18 . 2012-01-19 21:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-19 21:18 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-19 18:08 . 2012-01-19 18:08 -------- d-----w- c:\users\Guest\AppData\Roaming\Samsung
2012-01-19 18:08 . 2012-01-19 18:08 -------- d-----w- c:\users\Guest\AppData\Roaming\PC Suite
2012-01-17 21:37 . 2012-01-17 21:37 -------- d-----w- c:\users\Joe\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2012-01-17 21:37 . 2012-01-17 21:37 -------- d-----w- c:\program files (x86)\Balsamiq Mockups
2012-01-11 18:06 . 2012-01-11 18:06 -------- d-----w- c:\windows\system32\Macromed
2012-01-03 21:57 . 2012-01-03 21:57 -------- d-----w- c:\users\Joe\AppData\Roaming\Greyfirst
2012-01-03 21:57 . 2012-01-03 21:57 -------- d-----w- c:\users\Joe\AppData\Local\Greyfirst
2011-12-28 16:31 . 2011-12-28 16:31 -------- d-----w- C:\Down
2011-12-28 16:31 . 2011-12-28 16:31 -------- d-----w- C:\Perfect World Entertainment
2011-12-28 11:39 . 2011-12-29 00:36 -------- d-----w- c:\users\Joe\AppData\Roaming\Skype
2011-12-28 11:39 . 2011-12-28 11:39 -------- d-----r- c:\program files (x86)\Skype
2011-12-28 11:39 . 2011-12-28 11:39 -------- d-----w- c:\programdata\Skype
2011-12-25 22:09 . 2011-12-25 22:09 -------- d-----w- c:\users\Joe\AppData\Local\PAYDAY
2011-12-25 22:07 . 2011-12-25 22:07 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-12-25 20:21 . 2011-12-26 00:26 -------- d-----w- c:\users\Joe\AppData\Local\ESN Sonar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-11 18:06 . 2011-06-19 12:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-08 01:08 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-01-08 01:08 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-25 21:33 . 2009-05-14 20:03 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-25 21:33 . 2009-05-11 17:37 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-25 21:05 . 2009-05-11 17:37 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-22 20:04 . 2009-05-11 17:37 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 818E0728A162E1C617796E875BCBA3FD . 858112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-01-21_14.24.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-01-19 08:06 . 2012-01-21 14:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-19 08:06 . 2012-01-21 15:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-21 15:01 . 2012-01-21 15:04 10752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C7A02335-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:32 . 2012-01-21 14:38 60416 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3405FC1-443C-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:32 . 2012-01-21 14:37 12288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C2A5F485-443C-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:39 . 2012-01-21 14:46 33280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BE52F8A5-443D-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:53 . 2012-01-21 14:57 35328 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4434D00-443F-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:38 . 2012-01-21 14:44 88576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A3A0ED05-443D-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:36 . 2012-01-21 14:36 11264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4AA33001-443D-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:43 . 2012-01-21 14:48 33792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{48FFD365-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:43 . 2012-01-21 14:46 19968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3E49A362-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:57 . 2012-01-21 14:57 11264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3BF64AD0-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:49 . 2012-01-21 14:53 69120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0EC59DF0-443F-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:48 . 2012-01-21 14:49 19968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{08CB09D4-443F-11E1-B8E6-00044B1539A2}.dat
- 2012-01-19 08:06 . 2012-01-21 14:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-01-19 08:06 . 2012-01-21 15:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-01-19 08:06 . 2012-01-21 15:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
- 2012-01-19 08:06 . 2012-01-21 14:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2012-01-21 14:37 . 2011-10-21 15:43 21144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_zh-TW.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 20632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_zh-CN.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_vi.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_ur.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_uk.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_tr.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 26776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_th.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_te.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_ta.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_sw.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_sv.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_sr.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_sl.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_sk.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_ru.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_ro.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_pt-PT.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_pt-BR.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_pl.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_no.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 29336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_nl.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_ms.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_mr.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 30872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_ml.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_lv.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_lt.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 22680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_ko.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_kn.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 23704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_ja.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 24728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_iw.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 29848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_it.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_is.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_id.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_hu.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_hr.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_hi.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_gu.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 29848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_fr.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_fil.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_fi.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 26776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_fa.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 26776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_et.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 30360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_es.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_es-419.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 26776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_en.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 26776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_en-GB.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 29848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_el.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 30360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_de.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_da.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_cs.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_ca.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 27800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_bn.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 28824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_bg.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 25752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_ar.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 23704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdateres_am.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 59032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe
+ 2012-01-21 14:37 . 2011-10-21 15:43 25088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateHelper.msi
+ 2012-01-21 14:37 . 2011-10-21 15:43 59032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateBroker.exe
+ 2009-07-14 05:10 . 2012-01-22 14:03 39408 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-03-08 13:53 . 2012-01-19 10:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-08 13:53 . 2012-01-22 14:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-08 13:53 . 2012-01-22 14:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-08 13:53 . 2012-01-19 10:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-22 14:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-19 10:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-08 15:43 . 2012-01-22 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-08 15:43 . 2012-01-21 14:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-08 15:43 . 2012-01-22 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-08 15:43 . 2012-01-21 14:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-21 15:01 . 2012-01-21 15:01 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{DA540A59-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:01 . 2012-01-21 15:01 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{DA540A56-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:01 . 2012-01-21 15:01 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{DA540A53-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:01 . 2012-01-21 15:01 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{DA540A52-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:01 . 2012-01-21 15:03 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{DA540A51-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:01 . 2012-01-21 15:01 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{DA540A5A-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:01 . 2012-01-21 15:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{DA540A58-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:01 . 2012-01-21 15:01 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{DA540A57-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:01 . 2012-01-21 15:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{DA540A55-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:03 . 2012-01-21 15:03 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{0812CB70-4441-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:02 . 2012-01-21 15:02 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EC66CF74-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:47 . 2012-01-21 14:47 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E8AD3C94-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:01 . 2012-01-21 15:01 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DCC56814-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:01 . 2012-01-21 15:01 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C7A02334-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:32 . 2012-01-21 14:32 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C2A5F484-443C-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:39 . 2012-01-21 14:45 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BE52F8A4-443D-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:53 . 2012-01-21 15:00 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B39A9BA4-443F-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:00 . 2012-01-21 15:00 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AF57BCC4-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:31 . 2012-01-21 14:38 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AAA32A64-443C-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:31 . 2012-01-21 14:31 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A7D90DE4-443C-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:31 . 2012-01-21 14:36 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A4CEAC44-443C-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:38 . 2012-01-21 14:44 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A3A0ED04-443D-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:31 . 2012-01-21 14:38 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A34AAC23-443C-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:38 . 2012-01-21 14:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9F2334E4-443D-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:38 . 2012-01-21 14:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{86C903C4-443D-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:44 . 2012-01-21 14:44 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{711CE634-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:51 . 2012-01-21 14:51 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6CCC1504-443F-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:58 . 2012-01-21 15:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6886ADB4-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:37 . 2012-01-21 14:37 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{674459A4-443D-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:44 . 2012-01-21 14:48 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{62E54FD4-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:51 . 2012-01-21 14:57 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{550A62F4-443F-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:58 . 2012-01-21 15:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5371F334-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:58 . 2012-01-21 14:58 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{50EA5DF3-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:43 . 2012-01-21 14:48 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{48FFD364-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:03 . 2012-01-21 15:03 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0ABDF613-4441-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:48 . 2012-01-21 14:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{093FAD34-443F-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:48 . 2012-01-21 14:49 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{08CB09D3-443F-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:02 . 2012-01-21 15:02 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC66CF75-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:47 . 2012-01-21 14:48 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E8AD3C95-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:01 . 2012-01-21 15:02 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DCC56815-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:46 . 2012-01-21 14:48 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BD2DDC50-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:53 . 2012-01-21 15:00 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B39A9BA5-443F-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:31 . 2012-01-21 14:38 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AAA32A65-443C-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:31 . 2012-01-21 14:31 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7D90DE5-443C-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:53 . 2012-01-21 14:57 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4434D01-443F-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:38 . 2012-01-21 14:43 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9F2334E5-443D-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:38 . 2012-01-21 14:43 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{86C903C5-443D-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:45 . 2012-01-21 14:45 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{83EEEC40-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:44 . 2012-01-21 14:44 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7142FC31-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:44 . 2012-01-21 14:44 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7142FC30-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:44 . 2012-01-21 14:44 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{711CE635-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:51 . 2012-01-21 14:51 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CCC1505-443F-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:58 . 2012-01-21 15:03 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6886ADB5-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:37 . 2012-01-21 14:37 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{674459A5-443D-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:44 . 2012-01-21 14:48 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{62E54FD5-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:58 . 2012-01-21 15:01 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5371F335-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:43 . 2012-01-21 14:43 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3E49A360-443E-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:34 . 2012-01-21 14:38 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0F306060-443D-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 15:03 . 2012-01-21 15:03 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0ABDF614-4441-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:48 . 2012-01-21 14:53 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{093FAD35-443F-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:48 . 2012-01-21 14:48 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{000D7D50-443F-11E1-B8E6-00044B1539A2}.dat
- 2012-01-21 14:23 . 2012-01-21 14:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-22 15:47 . 2012-01-22 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-22 15:47 . 2012-01-22 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-21 14:23 . 2012-01-21 14:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-01-21 14:05 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-21 15:03 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-21 13:00 . 2012-01-21 15:03 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012012120120122\index.dat
+ 2009-07-14 04:54 . 2012-01-21 15:03 786432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-21 15:00 . 2012-01-21 15:02 164864 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF57BCC5-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:31 . 2012-01-21 14:36 232448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4CEAC45-443C-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:31 . 2012-01-21 14:38 368128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A34AAC24-443C-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:51 . 2012-01-21 14:57 395776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{550A62F5-443F-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:58 . 2012-01-21 15:01 166912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{50EA5DF4-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-21 14:37 . 2011-10-21 15:43 136176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
+ 2012-01-21 14:37 . 2011-10-21 15:43 157336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\psuser.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 157336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\psmachine.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 239256 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 815256 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\goopdate.dll
+ 2012-01-21 14:37 . 2011-10-21 15:43 136176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\GoogleUpdate.exe
+ 2012-01-21 14:37 . 2011-10-21 15:43 140952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
- 2009-07-14 02:36 . 2012-01-21 13:02 675336 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-22 15:58 675336 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-22 15:58 129270 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-21 13:02 129270 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2012-01-22 14:11 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-01-19 10:55 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-01-22 15:23 421716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-21 14:22 421716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-19 08:06 . 2012-01-21 15:03 1572864 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2009-07-14 04:54 . 2012-01-21 15:03 2785280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-21 14:05 2785280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-21 14:38 . 2012-01-21 14:38 24260080 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\Install\{37BE05DB-8B3F-4DCD-9A89-52D1C8935833}\chrome_installer.exe
+ 2012-01-21 14:38 . 2012-01-21 14:38 24260080 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\16.0.912.75\chrome_installer.exe
+ 2010-03-30 00:55 . 2012-01-22 15:23 37869400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3083856611-1580335890-2369480647-1000-12288.dat
- 2010-03-30 00:55 . 2012-01-21 14:22 37869400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3083856611-1580335890-2369480647-1000-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2009-10-05 2174976]
"nHancer"="c:\program files\nHancer\nHancer.exe" [2010-05-02 1384960]
"Steam"="d:\steam\steam.exe" [2011-08-02 1242448]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-08-22 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-04-10 1733120]
"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-08-22 958352]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-10-21 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5BE62CA-DE0F-4764-A0CB-4044816DB174}"= "c:\progra~1\tuEagles\EagleObj.dll" [2010-01-11 80896]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
R2 CDMA Device Service;CDMA Device Service;c:\program files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-08-02 159232]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-02-06 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-10 2223248]
R2 gupdate1c9e3cfe37a8f67;Google Update Service (gupdate1c9e3cfe37a8f67);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-02 133104]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-14 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-07-27 79360]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Joe\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-02 133104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\\OverwolfUpdater.exe [2011-08-31 16616]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [2008-08-17 217088]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-10-28 19952]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 X6va005;X6va005;c:\users\Joe\AppData\Local\Temp\005D742.tmp [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\DRIVERS\ComproHID64.sys [2007-10-01 9088]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 05:25]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-02 22:17]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-02 22:17]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
- c:\windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 15:43]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
- c:\windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 15:43]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3083856611-1580335890-2369480647-1000Core.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 21:10]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3083856611-1580335890-2369480647-1000UA.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 21:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2680696]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 2345848]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-08-22 3507088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://fairview.deadfrontier.com/onlinezombiemmo/index.php?topic=333518.msg2817512#msg2817512
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{207CE866-3417-45C5-93B4-C05D2C26E7C3}: NameServer = 90.207.238.97,90.207.238.99
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\xlc9z8ye.default\
FF - prefs.js: browser.startup.homepage - hxxp://tvcountdown.com/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Joe\AppData\Local\Temp\005D742.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,34,e7,8d,d6,ec,e0,4c,9a,3b,9e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,34,e7,8d,d6,ec,e0,4c,9a,3b,9e,\
.
[HKEY_USERS\S-1-5-21-3083856611-1580335890-2369480647-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,bd,c2,6d,7f,dc,50,c1,83,06,78,b0,83,2a,b8,39,fc,90,30,63,d1,
06,48,49,05,b9,bd,ff,6d,a5,49,01,16,1f,5b,a7,f3,03,84,2d,6e,22,91,04,02,f1,\
"rkeysecu"=hex:18,ba,b8,bf,97,79,03,88,7c,46,6c,1c,93,c9,cd,7e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-23 18:15:36
ComboFix-quarantined-files.txt 2012-01-23 18:15
ComboFix2.txt 2012-01-22 16:32
.
Pre-Run: 3,505,065,984 bytes free
Post-Run: 3,433,852,928 bytes free
.
- - End Of File - - B8AC761841F2951048E65ED105790341

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:32 PM

Posted 23 January 2012 - 06:15 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 joerob100

joerob100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 24 January 2012 - 01:28 PM

Ive ran TDSS killer a few times already. The first time i did it it removed this:


21:30:29.0728 0492 Detected object count: 1
21:30:29.0728 0492 Actual detected object count: 1
21:30:39.0680 0492 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
21:30:39.0680 0492 \Device\Harddisk0\DR0 - ok
21:30:39.0680 0492 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
21:41:47.0518 0488 Deinitialize success

Problems still persisted after this so heres a log of one ive done now.

18:24:45.0084 2724 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
18:24:45.0491 2724 ============================================================
18:24:45.0491 2724 Current date / time: 2012/01/24 18:24:45.0491
18:24:45.0491 2724 SystemInfo:
18:24:45.0491 2724
18:24:45.0491 2724 OS Version: 6.1.7600 ServicePack: 0.0
18:24:45.0491 2724 Product type: Workstation
18:24:45.0491 2724 ComputerName: JOE-PC
18:24:45.0491 2724 UserName: Joe
18:24:45.0491 2724 Windows directory: C:\Windows
18:24:45.0491 2724 System windows directory: C:\Windows
18:24:45.0491 2724 Running under WOW64
18:24:45.0491 2724 Processor architecture: Intel x64
18:24:45.0491 2724 Number of processors: 2
18:24:45.0491 2724 Page size: 0x1000
18:24:45.0491 2724 Boot type: Safe boot with network
18:24:45.0491 2724 ============================================================
18:24:46.0489 2724 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:24:46.0552 2724 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:24:46.0614 2724 Initialize success
18:24:47.0768 2772 ============================================================
18:24:47.0768 2772 Scan started
18:24:47.0768 2772 Mode: Manual;
18:24:47.0768 2772 ============================================================
18:24:48.0611 2772 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:24:48.0611 2772 1394ohci - ok
18:24:48.0658 2772 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:24:48.0658 2772 ACPI - ok
18:24:48.0689 2772 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:24:48.0689 2772 AcpiPmi - ok
18:24:48.0736 2772 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:24:48.0751 2772 adp94xx - ok
18:24:48.0782 2772 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:24:48.0782 2772 adpahci - ok
18:24:48.0829 2772 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:24:48.0829 2772 adpu320 - ok
18:24:48.0907 2772 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
18:24:48.0907 2772 AFD - ok
18:24:48.0954 2772 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:24:48.0954 2772 agp440 - ok
18:24:49.0001 2772 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:24:49.0001 2772 aliide - ok
18:24:49.0032 2772 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:24:49.0032 2772 amdide - ok
18:24:49.0063 2772 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:24:49.0079 2772 AmdK8 - ok
18:24:49.0094 2772 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:24:49.0094 2772 AmdPPM - ok
18:24:49.0141 2772 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
18:24:49.0141 2772 amdsata - ok
18:24:49.0172 2772 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:24:49.0172 2772 amdsbs - ok
18:24:49.0188 2772 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
18:24:49.0204 2772 amdxata - ok
18:24:49.0297 2772 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:24:49.0297 2772 AppID - ok
18:24:49.0469 2772 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:24:49.0469 2772 arc - ok
18:24:49.0500 2772 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:24:49.0500 2772 arcsas - ok
18:24:49.0566 2772 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:24:49.0567 2772 AsyncMac - ok
18:24:49.0603 2772 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:24:49.0607 2772 atapi - ok
18:24:49.0994 2772 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
18:24:50.0010 2772 atksgt - ok
18:24:50.0308 2772 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:24:50.0346 2772 b06bdrv - ok
18:24:50.0581 2772 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:24:50.0581 2772 b57nd60a - ok
18:24:50.0627 2772 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:24:50.0627 2772 Beep - ok
18:24:50.0659 2772 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:24:50.0659 2772 blbdrive - ok
18:24:50.0690 2772 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
18:24:50.0690 2772 bowser - ok
18:24:50.0721 2772 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:24:50.0721 2772 BrFiltLo - ok
18:24:50.0752 2772 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:24:50.0752 2772 BrFiltUp - ok
18:24:50.0783 2772 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:24:50.0783 2772 BridgeMP - ok
18:24:50.0815 2772 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:24:50.0830 2772 Brserid - ok
18:24:50.0846 2772 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:24:50.0846 2772 BrSerWdm - ok
18:24:50.0861 2772 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:24:50.0861 2772 BrUsbMdm - ok
18:24:50.0893 2772 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:24:50.0893 2772 BrUsbSer - ok
18:24:50.0939 2772 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
18:24:50.0939 2772 BthEnum - ok
18:24:50.0971 2772 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:24:50.0971 2772 BTHMODEM - ok
18:24:51.0002 2772 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:24:51.0002 2772 BthPan - ok
18:24:51.0064 2772 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
18:24:51.0080 2772 BTHPORT - ok
18:24:51.0111 2772 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
18:24:51.0111 2772 BTHUSB - ok
18:24:51.0251 2772 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
18:24:51.0251 2772 Cardex - ok
18:24:51.0267 2772 catchme - ok
18:24:51.0314 2772 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:24:51.0314 2772 cdfs - ok
18:24:51.0392 2772 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:24:51.0392 2772 cdrom - ok
18:24:51.0439 2772 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:24:51.0439 2772 circlass - ok
18:24:51.0485 2772 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:24:51.0485 2772 CLFS - ok
18:24:51.0579 2772 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:24:51.0579 2772 CmBatt - ok
18:24:51.0610 2772 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:24:51.0610 2772 cmdide - ok
18:24:51.0657 2772 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
18:24:51.0657 2772 CNG - ok
18:24:51.0688 2772 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:24:51.0688 2772 Compbatt - ok
18:24:51.0735 2772 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:24:51.0735 2772 CompositeBus - ok
18:24:51.0813 2772 ComproHID (3207b43eb71c5d6f29c77f909ee744f4) C:\Windows\system32\DRIVERS\ComproHID64.sys
18:24:51.0813 2772 ComproHID - ok
18:24:51.0844 2772 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:24:51.0844 2772 crcdisk - ok
18:24:51.0922 2772 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
18:24:51.0938 2772 CSC - ok
18:24:52.0016 2772 CT20XUT (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\system32\drivers\CT20XUT.SYS
18:24:52.0016 2772 CT20XUT - ok
18:24:52.0031 2772 CT20XUT.SYS (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\System32\drivers\CT20XUT.SYS
18:24:52.0031 2772 CT20XUT.SYS - ok
18:24:52.0078 2772 ctac32k (eb3843a91a10150c9e05607cbcb44090) C:\Windows\system32\drivers\ctac32k.sys
18:24:52.0078 2772 ctac32k - ok
18:24:52.0109 2772 ctaud2k (bc06efb59a2316537765462dfe40f764) C:\Windows\system32\drivers\ctaud2k.sys
18:24:52.0125 2772 ctaud2k - ok
18:24:52.0406 2772 CTEXFIFX (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\system32\drivers\CTEXFIFX.SYS
18:24:52.0437 2772 CTEXFIFX - ok
18:24:52.0484 2772 CTEXFIFX.SYS (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\System32\drivers\CTEXFIFX.SYS
18:24:52.0499 2772 CTEXFIFX.SYS - ok
18:24:52.0515 2772 CTHWIUT (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\system32\drivers\CTHWIUT.SYS
18:24:52.0515 2772 CTHWIUT - ok
18:24:52.0531 2772 CTHWIUT.SYS (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\System32\drivers\CTHWIUT.SYS
18:24:52.0531 2772 CTHWIUT.SYS - ok
18:24:52.0546 2772 ctprxy2k (ebc9548ef5838cb5aa8f18b3ac28af12) C:\Windows\system32\drivers\ctprxy2k.sys
18:24:52.0546 2772 ctprxy2k - ok
18:24:52.0577 2772 ctsfm2k (459bee1682121842285c162e2d98d81a) C:\Windows\system32\drivers\ctsfm2k.sys
18:24:52.0593 2772 ctsfm2k - ok
18:24:52.0640 2772 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
18:24:52.0655 2772 DfsC - ok
18:24:52.0702 2772 dg_ssudbus (7156833e6dfe0a804ea5cf7b8876ab7c) C:\Windows\system32\DRIVERS\ssudbus.sys
18:24:52.0718 2772 dg_ssudbus - ok
18:24:52.0749 2772 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:24:52.0749 2772 discache - ok
18:24:52.0765 2772 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:24:52.0765 2772 Disk - ok
18:24:52.0811 2772 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:24:52.0811 2772 drmkaud - ok
18:24:52.0874 2772 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
18:24:52.0905 2772 DXGKrnl - ok
18:24:52.0983 2772 eamon (6a6bdaec4df4725d22731f2736880283) C:\Windows\system32\DRIVERS\eamon.sys
18:24:52.0983 2772 eamon - ok
18:24:53.0108 2772 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:24:53.0201 2772 ebdrv - ok
18:24:53.0233 2772 ehdrv (00bdd2b658b8f6f35a7374cdb41efd5c) C:\Windows\system32\DRIVERS\ehdrv.sys
18:24:53.0248 2772 ehdrv - ok
18:24:53.0279 2772 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:24:53.0279 2772 elxstor - ok
18:24:53.0326 2772 emupia (c26133b6165928fbd156c6fe570f9ed2) C:\Windows\system32\drivers\emupia2k.sys
18:24:53.0326 2772 emupia - ok
18:24:53.0357 2772 epfwwfpr (d1449f7c44beeba971324fea295747d3) C:\Windows\system32\DRIVERS\epfwwfpr.sys
18:24:53.0373 2772 epfwwfpr - ok
18:24:53.0389 2772 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:24:53.0389 2772 ErrDev - ok
18:24:53.0420 2772 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:24:53.0435 2772 exfat - ok
18:24:53.0451 2772 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:24:53.0451 2772 fastfat - ok
18:24:53.0498 2772 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:24:53.0498 2772 fdc - ok
18:24:53.0529 2772 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:24:53.0529 2772 FileInfo - ok
18:24:53.0560 2772 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:24:53.0560 2772 Filetrace - ok
18:24:53.0623 2772 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:24:53.0623 2772 flpydisk - ok
18:24:53.0654 2772 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:24:53.0654 2772 FltMgr - ok
18:24:53.0685 2772 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:24:53.0685 2772 FsDepends - ok
18:24:53.0716 2772 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:24:53.0716 2772 Fs_Rec - ok
18:24:53.0747 2772 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
18:24:53.0763 2772 fvevol - ok
18:24:53.0794 2772 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:24:53.0794 2772 gagp30kx - ok
18:24:53.0997 2772 GPU-Z - ok
18:24:54.0215 2772 ha20x2k (a3f010d5dbfb589a3b3288c05c2ea3f9) C:\Windows\system32\drivers\ha20x2k.sys
18:24:54.0278 2772 ha20x2k - ok
18:24:54.0325 2772 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:24:54.0325 2772 hcw85cir - ok
18:24:54.0403 2772 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:24:54.0418 2772 HdAudAddService - ok
18:24:54.0449 2772 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:24:54.0449 2772 HDAudBus - ok
18:24:54.0481 2772 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:24:54.0481 2772 HidBatt - ok
18:24:54.0512 2772 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:24:54.0512 2772 HidBth - ok
18:24:54.0543 2772 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:24:54.0543 2772 HidIr - ok
18:24:54.0590 2772 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:24:54.0590 2772 HidUsb - ok
18:24:54.0637 2772 hitmanpro35 (c6ff685e2ea55c3ac5c90b9e7d6930c0) C:\Windows\system32\drivers\hitmanpro36.sys
18:24:54.0637 2772 hitmanpro35 - ok
18:24:54.0668 2772 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:24:54.0668 2772 HpSAMD - ok
18:24:54.0699 2772 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:24:54.0730 2772 HTTP - ok
18:24:54.0761 2772 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:24:54.0761 2772 hwpolicy - ok
18:24:54.0808 2772 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:24:54.0808 2772 i8042prt - ok
18:24:54.0855 2772 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
18:24:54.0855 2772 iaStorV - ok
18:24:54.0886 2772 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:24:54.0886 2772 iirsp - ok
18:24:54.0917 2772 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:24:54.0917 2772 intelide - ok
18:24:54.0933 2772 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:24:54.0949 2772 intelppm - ok
18:24:54.0964 2772 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:24:54.0964 2772 IpFilterDriver - ok
18:24:54.0995 2772 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:24:54.0995 2772 IPMIDRV - ok
18:24:55.0011 2772 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:24:55.0027 2772 IPNAT - ok
18:24:55.0058 2772 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:24:55.0058 2772 IRENUM - ok
18:24:55.0073 2772 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:24:55.0073 2772 isapnp - ok
18:24:55.0120 2772 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:24:55.0120 2772 iScsiPrt - ok
18:24:55.0151 2772 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:24:55.0151 2772 kbdclass - ok
18:24:55.0198 2772 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:24:55.0198 2772 kbdhid - ok
18:24:55.0229 2772 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
18:24:55.0229 2772 KSecDD - ok
18:24:55.0245 2772 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
18:24:55.0245 2772 KSecPkg - ok
18:24:55.0276 2772 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:24:55.0276 2772 ksthunk - ok
18:24:55.0323 2772 LHidFilt (83e05435f4d2c0f0a1fd74c41ded44e5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:24:55.0339 2772 LHidFilt - ok
18:24:55.0370 2772 libusb0 - ok
18:24:55.0417 2772 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
18:24:55.0417 2772 lirsgt - ok
18:24:55.0463 2772 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:24:55.0463 2772 lltdio - ok
18:24:55.0526 2772 LMouFilt (abcbc7271c33567d686c91cf690cf2eb) C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:24:55.0526 2772 LMouFilt - ok
18:24:55.0557 2772 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:24:55.0557 2772 LSI_FC - ok
18:24:55.0588 2772 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:24:55.0604 2772 LSI_SAS - ok
18:24:55.0619 2772 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:24:55.0619 2772 LSI_SAS2 - ok
18:24:55.0651 2772 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:24:55.0651 2772 LSI_SCSI - ok
18:24:55.0697 2772 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:24:55.0697 2772 luafv - ok
18:24:55.0760 2772 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:24:55.0760 2772 MBAMProtector - ok
18:24:55.0838 2772 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
18:24:55.0838 2772 mcdbus - ok
18:24:55.0853 2772 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:24:55.0853 2772 megasas - ok
18:24:55.0885 2772 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:24:55.0885 2772 MegaSR - ok
18:24:55.0931 2772 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:24:55.0947 2772 Modem - ok
18:24:55.0978 2772 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:24:55.0978 2772 monitor - ok
18:24:56.0041 2772 MotioninJoyXFilter (eb03d4164e7f10b601d280413655ade4) C:\Windows\system32\DRIVERS\MijXfilt.sys
18:24:56.0041 2772 MotioninJoyXFilter - ok
18:24:56.0087 2772 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:24:56.0087 2772 mouclass - ok
18:24:56.0119 2772 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:24:56.0134 2772 mouhid - ok
18:24:56.0150 2772 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:24:56.0150 2772 mountmgr - ok
18:24:56.0181 2772 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:24:56.0181 2772 mpio - ok
18:24:56.0212 2772 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:24:56.0212 2772 mpsdrv - ok
18:24:56.0243 2772 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:24:56.0243 2772 MRxDAV - ok
18:24:56.0275 2772 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:24:56.0275 2772 mrxsmb - ok
18:24:56.0290 2772 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:24:56.0290 2772 mrxsmb10 - ok
18:24:56.0321 2772 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:24:56.0321 2772 mrxsmb20 - ok
18:24:56.0337 2772 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:24:56.0337 2772 msahci - ok
18:24:56.0368 2772 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:24:56.0368 2772 msdsm - ok
18:24:56.0399 2772 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:24:56.0399 2772 Msfs - ok
18:24:56.0431 2772 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:24:56.0431 2772 mshidkmdf - ok
18:24:56.0446 2772 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:24:56.0446 2772 msisadrv - ok
18:24:56.0477 2772 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:24:56.0477 2772 MSKSSRV - ok
18:24:56.0493 2772 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:24:56.0493 2772 MSPCLOCK - ok
18:24:56.0509 2772 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:24:56.0509 2772 MSPQM - ok
18:24:56.0524 2772 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:24:56.0540 2772 MsRPC - ok
18:24:56.0555 2772 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:24:56.0555 2772 mssmbios - ok
18:24:56.0571 2772 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:24:56.0587 2772 MSTEE - ok
18:24:56.0602 2772 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:24:56.0602 2772 MTConfig - ok
18:24:56.0633 2772 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:24:56.0633 2772 Mup - ok
18:24:56.0727 2772 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:24:56.0743 2772 NativeWifiP - ok
18:24:56.0774 2772 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:24:56.0836 2772 NDIS - ok
18:24:56.0852 2772 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:24:56.0852 2772 NdisCap - ok
18:24:56.0899 2772 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:24:56.0899 2772 NdisTapi - ok
18:24:56.0945 2772 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:24:56.0945 2772 Ndisuio - ok
18:24:56.0977 2772 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:24:56.0977 2772 NdisWan - ok
18:24:57.0008 2772 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:24:57.0008 2772 NDProxy - ok
18:24:57.0070 2772 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:24:57.0070 2772 NetBIOS - ok
18:24:57.0117 2772 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:24:57.0117 2772 NetBT - ok
18:24:57.0195 2772 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:24:57.0195 2772 nfrd960 - ok
18:24:57.0273 2772 nmwcdcx64 (02c1198276c0d4f39e54eb5148af1e2a) C:\Windows\system32\drivers\ccdcmbox64.sys
18:24:57.0273 2772 nmwcdcx64 - ok
18:24:57.0335 2772 nmwcdnsucx64 (76292103c5149eb140419f36dcf26c1b) C:\Windows\system32\drivers\nmwcdnsucx64.sys
18:24:57.0335 2772 nmwcdnsucx64 - ok
18:24:57.0398 2772 nmwcdnsux64 (2974296da6296b4fea3e313bf98c693d) C:\Windows\system32\drivers\nmwcdnsux64.sys
18:24:57.0398 2772 nmwcdnsux64 - ok
18:24:57.0460 2772 nmwcdx64 (d8f00fcc82451bdaa3db93bb62ae6ac3) C:\Windows\system32\drivers\ccdcmbx64.sys
18:24:57.0460 2772 nmwcdx64 - ok
18:24:57.0647 2772 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:24:57.0647 2772 Npfs - ok
18:24:57.0679 2772 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:24:57.0679 2772 nsiproxy - ok
18:24:57.0741 2772 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
18:24:57.0788 2772 Ntfs - ok
18:24:57.0803 2772 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:24:57.0803 2772 Null - ok
18:24:57.0881 2772 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
18:24:57.0881 2772 NVENETFD - ok
18:24:58.0318 2772 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:24:58.0739 2772 nvlddmkm - ok
18:24:58.0771 2772 NVR0Dev (cceb3a7e3bd0203c807168b393a65a74) C:\Windows\nvoclk64.sys
18:24:58.0771 2772 NVR0Dev - ok
18:24:58.0802 2772 NVR0FLASHDev (34e55ccceec34a8567c8b95d662ba886) C:\Windows\nvflsh64.sys
18:24:58.0802 2772 NVR0FLASHDev - ok
18:24:58.0864 2772 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
18:24:58.0864 2772 nvraid - ok
18:24:58.0895 2772 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
18:24:58.0895 2772 nvstor - ok
18:24:58.0942 2772 nvstor64 (e87e17e9fd94ee9f0dbde4b6ad882f26) C:\Windows\system32\DRIVERS\nvstor64.sys
18:24:58.0942 2772 nvstor64 - ok
18:24:58.0989 2772 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:24:59.0005 2772 nv_agp - ok
18:24:59.0020 2772 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:24:59.0020 2772 ohci1394 - ok
18:24:59.0067 2772 OlmarikFixer (4d142b195f1c3fbcdb62183b1e31b207) C:\Windows\system32\drivers\OlmarikFixer.sys
18:24:59.0067 2772 OlmarikFixer - ok
18:24:59.0129 2772 ossrv (0e2de427ebe106e7e5b52869d5c99f68) C:\Windows\system32\drivers\ctoss2k.sys
18:24:59.0129 2772 ossrv - ok
18:24:59.0223 2772 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:24:59.0223 2772 Parport - ok
18:24:59.0239 2772 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:24:59.0239 2772 partmgr - ok
18:24:59.0348 2772 pbfilter (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
18:24:59.0348 2772 pbfilter - ok
18:24:59.0395 2772 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
18:24:59.0395 2772 pccsmcfd - ok
18:24:59.0426 2772 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:24:59.0457 2772 pci - ok
18:24:59.0473 2772 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:24:59.0473 2772 pciide - ok
18:24:59.0504 2772 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:24:59.0504 2772 pcmcia - ok
18:24:59.0535 2772 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:24:59.0535 2772 pcw - ok
18:24:59.0582 2772 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:24:59.0597 2772 PEAUTH - ok
18:24:59.0691 2772 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:24:59.0691 2772 PptpMiniport - ok
18:24:59.0707 2772 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:24:59.0707 2772 Processor - ok
18:24:59.0785 2772 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:24:59.0785 2772 Psched - ok
18:24:59.0863 2772 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:24:59.0909 2772 ql2300 - ok
18:24:59.0941 2772 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:24:59.0941 2772 ql40xx - ok
18:24:59.0956 2772 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:24:59.0956 2772 QWAVEdrv - ok
18:24:59.0987 2772 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:24:59.0987 2772 RasAcd - ok
18:25:00.0050 2772 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:25:00.0050 2772 RasAgileVpn - ok
18:25:00.0221 2772 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:25:00.0221 2772 Rasl2tp - ok
18:25:00.0331 2772 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:25:00.0331 2772 RasPppoe - ok
18:25:00.0362 2772 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:25:00.0362 2772 RasSstp - ok
18:25:00.0393 2772 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:25:00.0393 2772 rdbss - ok
18:25:00.0424 2772 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:25:00.0424 2772 rdpbus - ok
18:25:00.0455 2772 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:25:00.0455 2772 RDPCDD - ok
18:25:00.0502 2772 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
18:25:00.0502 2772 RDPDR - ok
18:25:00.0549 2772 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:25:00.0549 2772 RDPENCDD - ok
18:25:00.0565 2772 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:25:00.0565 2772 RDPREFMP - ok
18:25:00.0596 2772 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
18:25:00.0611 2772 RDPWD - ok
18:25:00.0643 2772 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:25:00.0658 2772 rdyboost - ok
18:25:00.0721 2772 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:25:00.0721 2772 RFCOMM - ok
18:25:00.0830 2772 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
18:25:00.0830 2772 RivaTuner64 - ok
18:25:00.0892 2772 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:25:00.0908 2772 rspndr - ok
18:25:00.0955 2772 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
18:25:00.0955 2772 s3cap - ok
18:25:00.0986 2772 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:25:00.0986 2772 sbp2port - ok
18:25:01.0048 2772 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
18:25:01.0048 2772 SCDEmu - ok
18:25:01.0079 2772 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:25:01.0079 2772 scfilter - ok
18:25:01.0142 2772 ScreamBAudioSvc (ef0c4a3bd1749684514ee871a355969e) C:\Windows\system32\drivers\ScreamingBAudio64.sys
18:25:01.0142 2772 ScreamBAudioSvc - ok
18:25:01.0189 2772 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:25:01.0189 2772 secdrv - ok
18:25:01.0220 2772 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:25:01.0220 2772 Serenum - ok
18:25:01.0267 2772 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:25:01.0267 2772 Serial - ok
18:25:01.0298 2772 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:25:01.0298 2772 sermouse - ok
18:25:01.0329 2772 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:25:01.0329 2772 sffdisk - ok
18:25:01.0345 2772 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:25:01.0345 2772 sffp_mmc - ok
18:25:01.0376 2772 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:25:01.0376 2772 sffp_sd - ok
18:25:01.0391 2772 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:25:01.0391 2772 sfloppy - ok
18:25:01.0423 2772 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:25:01.0423 2772 SiSRaid2 - ok
18:25:01.0454 2772 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:25:01.0469 2772 SiSRaid4 - ok
18:25:01.0485 2772 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:25:01.0485 2772 Smb - ok
18:25:01.0516 2772 speedfan - ok
18:25:01.0532 2772 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:25:01.0532 2772 spldr - ok
18:25:01.0610 2772 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
18:25:01.0641 2772 sptd - ok
18:25:01.0688 2772 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
18:25:01.0703 2772 srv - ok
18:25:01.0735 2772 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
18:25:01.0735 2772 srv2 - ok
18:25:01.0766 2772 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
18:25:01.0766 2772 srvnet - ok
18:25:01.0828 2772 ssudmdm (9e1bfa37fcf943c3b48f71f08019ea95) C:\Windows\system32\DRIVERS\ssudmdm.sys
18:25:01.0828 2772 ssudmdm - ok
18:25:01.0859 2772 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:25:01.0859 2772 stexstor - ok
18:25:01.0922 2772 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
18:25:01.0922 2772 storflt - ok
18:25:01.0969 2772 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
18:25:01.0969 2772 storvsc - ok
18:25:02.0000 2772 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:25:02.0000 2772 swenum - ok
18:25:02.0062 2772 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
18:25:02.0062 2772 taphss - ok
18:25:02.0140 2772 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
18:25:02.0187 2772 Tcpip - ok
18:25:02.0281 2772 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
18:25:02.0281 2772 TCPIP6 - ok
18:25:02.0312 2772 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:25:02.0312 2772 tcpipreg - ok
18:25:02.0343 2772 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:25:02.0343 2772 TDPIPE - ok
18:25:02.0374 2772 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:25:02.0374 2772 TDTCP - ok
18:25:02.0405 2772 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:25:02.0405 2772 tdx - ok
18:25:02.0421 2772 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:25:02.0421 2772 TermDD - ok
18:25:02.0468 2772 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:25:02.0468 2772 tssecsrv - ok
18:25:02.0515 2772 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:25:02.0515 2772 tunnel - ok
18:25:02.0546 2772 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:25:02.0546 2772 uagp35 - ok
18:25:02.0577 2772 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:25:02.0577 2772 udfs - ok
18:25:02.0608 2772 ULCDRHlp - ok
18:25:02.0655 2772 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:25:02.0655 2772 uliagpkx - ok
18:25:02.0686 2772 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:25:02.0686 2772 umbus - ok
18:25:02.0717 2772 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:25:02.0717 2772 UmPass - ok
18:25:02.0749 2772 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
18:25:02.0749 2772 usbccgp - ok
18:25:02.0780 2772 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:25:02.0780 2772 usbcir - ok
18:25:02.0811 2772 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
18:25:02.0811 2772 usbehci - ok
18:25:02.0873 2772 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
18:25:02.0873 2772 usbhub - ok
18:25:02.0920 2772 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
18:25:02.0920 2772 usbohci - ok
18:25:02.0951 2772 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:25:02.0951 2772 usbprint - ok
18:25:02.0967 2772 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:25:02.0967 2772 USBSTOR - ok
18:25:02.0998 2772 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:25:02.0998 2772 usbuhci - ok
18:25:03.0061 2772 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:25:03.0061 2772 vdrvroot - ok
18:25:03.0098 2772 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:25:03.0099 2772 vga - ok
18:25:03.0121 2772 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:25:03.0122 2772 VgaSave - ok
18:25:03.0153 2772 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:25:03.0157 2772 vhdmp - ok
18:25:03.0183 2772 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:25:03.0184 2772 viaide - ok
18:25:03.0260 2772 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
18:25:03.0263 2772 vmbus - ok
18:25:03.0292 2772 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
18:25:03.0293 2772 VMBusHID - ok
18:25:03.0323 2772 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:25:03.0324 2772 volmgr - ok
18:25:03.0347 2772 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:25:03.0352 2772 volmgrx - ok
18:25:03.0372 2772 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:25:03.0377 2772 volsnap - ok
18:25:03.0412 2772 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:25:03.0414 2772 vsmraid - ok
18:25:03.0441 2772 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:25:03.0442 2772 vwifibus - ok
18:25:03.0473 2772 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:25:03.0474 2772 WacomPen - ok
18:25:03.0516 2772 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:25:03.0518 2772 WANARP - ok
18:25:03.0530 2772 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:25:03.0530 2772 Wanarpv6 - ok
18:25:03.0606 2772 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:25:03.0607 2772 Wd - ok
18:25:03.0665 2772 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:25:03.0674 2772 Wdf01000 - ok
18:25:03.0723 2772 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:25:03.0724 2772 WfpLwf - ok
18:25:03.0746 2772 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:25:03.0747 2772 WIMMount - ok
18:25:03.0838 2772 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:25:03.0841 2772 WinUsb - ok
18:25:03.0919 2772 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:25:03.0920 2772 WmiAcpi - ok
18:25:03.0961 2772 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:25:03.0961 2772 ws2ifsl - ok
18:25:03.0998 2772 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:25:04.0000 2772 WudfPf - ok
18:25:04.0063 2772 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:25:04.0066 2772 WUDFRd - ok
18:25:04.0283 2772 X6va005 - ok
18:25:04.0478 2772 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
18:25:04.0544 2772 xusb21 - ok
18:25:04.0614 2772 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:25:04.0680 2772 \Device\Harddisk0\DR0 - ok
18:25:04.0684 2772 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:25:04.0958 2772 \Device\Harddisk1\DR1 - ok
18:25:04.0961 2772 Boot (0x1200) (1faf7f377180f03dd36488ac55477ca4) \Device\Harddisk0\DR0\Partition0
18:25:04.0962 2772 \Device\Harddisk0\DR0\Partition0 - ok
18:25:04.0980 2772 Boot (0x1200) (ccc1b95974d285b3d799b6fbb9c3e46b) \Device\Harddisk1\DR1\Partition0
18:25:04.0981 2772 \Device\Harddisk1\DR1\Partition0 - ok
18:25:04.0982 2772 ============================================================
18:25:04.0982 2772 Scan finished
18:25:04.0982 2772 ============================================================
18:25:04.0987 2764 Detected object count: 0
18:25:04.0987 2764 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:32 PM

Posted 25 January 2012 - 06:04 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::


Folder::
c:\program files (x86)\AskBarDis
c:\program files (x86)\Vuze_Remote

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 joerob100

joerob100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 25 January 2012 - 03:46 PM

Problems with Google redirecting still persist.

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joe\Downloads\cmd.bat deleted successfully.
C:\Users\Joe\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56509 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 10680297 bytes
->Flash cache emptied: 42271 bytes

User: Joe
->Temp folder emptied: 578704 bytes
->Temporary Internet Files folder emptied: 3176432 bytes
->Java cache emptied: 14780885 bytes
->FireFox cache emptied: 25677710 bytes
->Google Chrome cache emptied: 50546440 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 57088 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41085 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1114112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 827253 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 103.00 mb

Error creating restore point.

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Joe
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 01222012_202428

Files moved on Reboot...
C:\Users\Joe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...





ComboFix 12-01-23.02 - Joe 25/01/2012 20:19:23.3.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4095.3325 [GMT 0:00]
Running from: c:\users\Joe\Desktop\New Folder (2)\ComboFix.exe
Command switches used :: c:\users\Joe\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AskBarDis
c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
c:\program files (x86)\AskBarDis\bar\bin\askPopStp.dll
c:\program files (x86)\AskBarDis\bar\bin\psvince.dll
c:\program files (x86)\AskBarDis\bar\Settings\config.dat
c:\program files (x86)\AskBarDis\bar\Settings\config.dat.bak
c:\program files (x86)\AskBarDis\unins000.dat
c:\program files (x86)\AskBarDis\unins000.exe
c:\program files (x86)\Vuze_Remote
c:\program files (x86)\Vuze_Remote\INSTALL.LOG
c:\program files (x86)\Vuze_Remote\ldrtbVuz0.dll
c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
c:\program files (x86)\Vuze_Remote\tbVuz0.dll
c:\program files (x86)\Vuze_Remote\tbVuz1.dll
c:\program files (x86)\Vuze_Remote\tbVuze.dll
c:\program files (x86)\Vuze_Remote\toolbar.cfg
c:\program files (x86)\Vuze_Remote\uninstall.exe
c:\program files (x86)\Vuze_Remote\UNWISE.EXE
c:\program files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
c:\program files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper1.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 20:30 . 2012-01-25 20:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-25 20:30 . 2012-01-25 20:30 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-25 20:30 . 2012-01-25 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-25 20:30 . 2012-01-25 20:30 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-01-22 21:02 . 2012-01-22 21:02 22832 ----a-w- c:\windows\system32\drivers\OlmarikFixer.sys
2012-01-22 20:37 . 2012-01-22 20:37 -------- d-----w- c:\programdata\Kaspersky Lab
2012-01-22 20:24 . 2012-01-22 20:24 -------- d-----w- C:\_OTM
2012-01-22 20:08 . 2012-01-22 20:08 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-01-22 19:50 . 2012-01-22 20:08 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-22 19:50 . 2012-01-22 19:50 -------- d-----w- c:\program files\HitmanPro
2012-01-22 19:45 . 2012-01-22 20:08 -------- d-----w- c:\programdata\HitmanPro
2012-01-22 19:20 . 2012-01-22 19:20 388096 ----a-r- c:\users\Joe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-22 18:50 . 2012-01-22 18:50 -------- d-----w- c:\users\Joe\AppData\Roaming\PerformerSoft
2012-01-22 18:50 . 2012-01-03 19:11 16752 ----a-w- c:\windows\system32\roboot64.exe
2012-01-22 18:50 . 2012-01-22 18:50 -------- d-----w- c:\program files (x86)\PC Performer
2012-01-22 18:39 . 2012-01-22 18:39 -------- d-----w- c:\programdata\PC Tools
2012-01-21 14:45 . 2012-01-21 14:45 -------- d-----w- c:\program files (x86)\ESET
2012-01-19 21:18 . 2012-01-19 21:18 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes
2012-01-19 21:18 . 2012-01-19 21:18 -------- d-----w- c:\programdata\Malwarebytes
2012-01-19 21:18 . 2012-01-19 21:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-19 21:18 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-19 18:08 . 2012-01-19 18:08 -------- d-----w- c:\users\Guest\AppData\Roaming\Samsung
2012-01-19 18:08 . 2012-01-19 18:08 -------- d-----w- c:\users\Guest\AppData\Roaming\PC Suite
2012-01-17 21:37 . 2012-01-17 21:37 -------- d-----w- c:\users\Joe\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2012-01-17 21:37 . 2012-01-17 21:37 -------- d-----w- c:\program files (x86)\Balsamiq Mockups
2012-01-11 18:06 . 2012-01-11 18:06 -------- d-----w- c:\windows\system32\Macromed
2012-01-03 21:57 . 2012-01-03 21:57 -------- d-----w- c:\users\Joe\AppData\Roaming\Greyfirst
2012-01-03 21:57 . 2012-01-03 21:57 -------- d-----w- c:\users\Joe\AppData\Local\Greyfirst
2011-12-28 16:31 . 2011-12-28 16:31 -------- d-----w- C:\Down
2011-12-28 16:31 . 2011-12-28 16:31 -------- d-----w- C:\Perfect World Entertainment
2011-12-28 11:39 . 2011-12-29 00:36 -------- d-----w- c:\users\Joe\AppData\Roaming\Skype
2011-12-28 11:39 . 2011-12-28 11:39 -------- d-----r- c:\program files (x86)\Skype
2011-12-28 11:39 . 2011-12-28 11:39 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-25 20:38 . 2012-01-25 20:38 838 ----a-w- c:\programdata\vxitaaa.tmp
2012-01-25 20:38 . 2012-01-25 20:38 821 ----a-w- c:\programdata\uxitaaa.tmp
2012-01-25 20:37 . 2012-01-25 20:36 811 ----a-w- c:\programdata\txitaaa.tmp
2012-01-25 20:37 . 2012-01-25 20:37 818 ----a-w- c:\programdata\sxitaaa.tmp
2012-01-11 18:06 . 2011-06-19 12:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-08 01:08 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-01-08 01:08 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-25 21:33 . 2009-05-14 20:03 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-25 21:33 . 2009-05-11 17:37 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-25 21:05 . 2009-05-11 17:37 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-22 20:04 . 2009-05-11 17:37 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 818E0728A162E1C617796E875BCBA3FD . 858112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-01-22_16.13.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-01-19 08:06 . 2012-01-21 15:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-19 08:06 . 2012-01-25 20:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-25 20:37 . 2012-01-25 20:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012012520120126\index.dat
+ 2012-01-25 20:37 . 2012-01-25 20:38 22016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{62F1C045-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:37 . 2012-01-25 20:38 16896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5F15E5A4-4794-11E1-97F9-00044B1539A2}.dat
- 2012-01-19 08:06 . 2012-01-21 15:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2012-01-19 08:06 . 2012-01-25 20:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2010-03-12 19:10 . 2012-01-25 20:35 58724 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-25 20:36 40116 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-08 15:43 . 2012-01-25 20:36 24010 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3083856611-1580335890-2369480647-1000_UserData.bin
+ 2010-03-08 15:43 . 2012-01-25 20:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-08 15:43 . 2012-01-22 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-08 15:43 . 2012-01-25 20:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-08 15:43 . 2012-01-22 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-21 15:01 . 2012-01-25 20:38 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{DA540A51-4440-11E1-B8E6-00044B1539A2}.dat
- 2012-01-21 15:01 . 2012-01-21 15:03 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{DA540A51-4440-11E1-B8E6-00044B1539A2}.dat
+ 2012-01-25 20:38 . 2012-01-25 20:38 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{81BC4220-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:38 . 2012-01-25 20:38 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{88F10BC4-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:37 . 2012-01-25 20:37 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{65FC21E4-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:37 . 2012-01-25 20:37 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{62F1C044-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:37 . 2012-01-25 20:37 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5F15E5A3-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:37 . 2012-01-25 20:37 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55E77E80-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:37 . 2012-01-25 20:37 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55E75770-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:37 . 2012-01-25 20:37 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55E73060-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:37 . 2012-01-25 20:37 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55E4CF00-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:38 . 2012-01-25 20:38 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8BA35A85-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:38 . 2012-01-25 20:38 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{88F10BC5-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:37 . 2012-01-25 20:37 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{65FC21E5-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:37 . 2012-01-25 20:37 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{55E77E81-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:37 . 2012-01-25 20:37 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{55E75771-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:37 . 2012-01-25 20:37 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{55E73061-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:37 . 2012-01-25 20:37 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{55E4CF01-4794-11E1-97F9-00044B1539A2}.dat
+ 2012-01-25 20:32 . 2012-01-25 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-22 15:47 . 2012-01-22 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-22 15:47 . 2012-01-22 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-25 20:32 . 2012-01-25 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-01-25 20:38 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-21 15:03 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-25 20:37 . 2012-01-25 20:37 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012011620120123\index.dat
+ 2009-07-14 04:54 . 2012-01-25 20:38 802816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2012-01-22 15:58 675336 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-22 19:20 675336 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-22 15:58 129270 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-22 19:20 129270 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-01-22 19:23 421716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-22 15:23 421716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-19 08:06 . 2012-01-25 20:37 1589248 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2009-07-14 04:54 . 2012-01-25 20:38 2785280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-21 15:03 2785280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-29 04:40 . 2012-01-21 14:22 2249464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-10-29 04:40 . 2012-01-22 19:23 2249464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-22 18:45 . 2012-01-22 18:45 1402880 c:\windows\Installer\47320.msi
+ 2012-01-22 21:03 . 2012-01-04 17:15 52128560 c:\windows\SysWOW64\MRT.exe
+ 2010-03-30 00:55 . 2012-01-22 19:23 37869400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3083856611-1580335890-2369480647-1000-12288.dat
- 2010-03-30 00:55 . 2012-01-22 15:23 37869400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3083856611-1580335890-2369480647-1000-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2009-10-05 2174976]
"nHancer"="c:\program files\nHancer\nHancer.exe" [2010-05-02 1384960]
"Steam"="d:\steam\steam.exe" [2011-08-02 1242448]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-08-22 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-04-10 1733120]
"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-08-22 958352]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-10-21 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5BE62CA-DE0F-4764-A0CB-4044816DB174}"= "c:\progra~1\tuEagles\EagleObj.dll" [2010-01-11 80896]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c9e3cfe37a8f67;Google Update Service (gupdate1c9e3cfe37a8f67);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-02 133104]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-14 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-07-27 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Joe\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-02 133104]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 OlmarikFixer;Olmarik fixer kernel-mode driver;c:\windows\system32\drivers\OlmarikFixer.sys [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\\OverwolfUpdater.exe [2011-08-31 16616]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [2008-08-17 217088]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 X6va005;X6va005;c:\users\Joe\AppData\Local\Temp\005D742.tmp [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 CDMA Device Service;CDMA Device Service;c:\program files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-08-02 159232]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-10 2223248]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\DRIVERS\ComproHID64.sys [2007-10-01 9088]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-10-28 19952]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Cardex
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 05:25]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-02 22:17]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-02 22:17]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
- c:\windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 15:43]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
- c:\windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 15:43]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3083856611-1580335890-2369480647-1000Core.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 21:10]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3083856611-1580335890-2369480647-1000UA.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 21:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2680696]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 2345848]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-08-22 3507088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://fairview.deadfrontier.com/onlinezombiemmo/index.php?topic=333518.msg2817512#msg2817512
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{207CE866-3417-45C5-93B4-C05D2C26E7C3}: NameServer = 90.207.238.97,90.207.238.99
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\xlc9z8ye.default\
FF - prefs.js: browser.startup.homepage - hxxp://tvcountdown.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Minefield\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: ipbleep: ipbleep@p4ul.info - %profile%\extensions\ipbleep@p4ul.info
FF - Ext: CookieCuller: {99B98C2C-7274-45a3-A640-D9DF1A1C8460} - %profile%\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - %profile%\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files (x86)\AskBarDis\unins000.exe
AddRemove-Vuze_Remote Toolbar - c:\program files (x86)\Vuze_Remote\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Joe\AppData\Local\Temp\005D742.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,34,e7,8d,d6,ec,e0,4c,9a,3b,9e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,34,e7,8d,d6,ec,e0,4c,9a,3b,9e,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3083856611-1580335890-2369480647-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,bd,c2,6d,7f,dc,50,c1,83,06,78,b0,83,2a,b8,39,fc,90,30,63,d1,
06,48,49,05,b9,bd,ff,6d,a5,49,01,16,1f,5b,a7,f3,03,84,2d,6e,22,91,04,02,f1,\
"rkeysecu"=hex:18,ba,b8,bf,97,79,03,88,7c,46,6c,1c,93,c9,cd,7e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\windows\SysWOW64\msdt.exe
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\windows\SysWOW64\sdiagnhost.exe
.
**************************************************************************
.
Completion time: 2012-01-25 20:43:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-25 20:43
ComboFix2.txt 2012-01-23 18:39
ComboFix3.txt 2012-01-21 14:32
.
Pre-Run: 3,752,058,880 bytes free
Post-Run: 4,062,453,760 bytes free
.
- - End Of File - - 1CB8B0C3D8AEDDAB84B4F0E711B0C2EE

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:32 PM

Posted 25 January 2012 - 06:38 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 joerob100

joerob100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 26 January 2012 - 02:11 PM

Combofix caused my computer to boot out of safe mode causing the virus to do further damage. It seems it has deleted my menu items and made certain files and settings unaccessable.

I tried running answerMBR in safe mode but it doesnt work properly.

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-26 18:44:28
-----------------------------
18:44:28.414 OS Version: Windows x64 6.1.7600
18:44:28.414 Number of processors: 2 586 0x1706
18:44:28.414 ComputerName: JOE-PC UserName: Joe
18:44:28.616 Initialze error C000003A - driver not loaded
18:44:31.582 Service scanning
18:44:32.877 Modules scanning
18:44:32.878 Disk 0 trace - called modules:
18:44:32.878
18:44:32.879 Scan finished successfully
18:45:09.968 The log file has been saved successfully to "C:\Windows\system32\config\systemprofile\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-26 18:44:28
-----------------------------
18:44:28.414 OS Version: Windows x64 6.1.7600
18:44:28.414 Number of processors: 2 586 0x1706
18:44:28.414 ComputerName: JOE-PC UserName: Joe
18:44:28.616 Initialze error C000003A - driver not loaded
18:44:31.582 Service scanning
18:44:32.877 Modules scanning
18:44:32.878 Disk 0 trace - called modules:
18:44:32.878
18:44:32.879 Scan finished successfully
18:45:09.968 The log file has been saved successfully to "C:\Windows\system32\config\systemprofile\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-26 18:44:28
-----------------------------
18:44:28.414 OS Version: Windows x64 6.1.7600
18:44:28.414 Number of processors: 2 586 0x1706
18:44:28.414 ComputerName: JOE-PC UserName: Joe
18:44:28.616 Initialze error C000003A - driver not loaded
18:44:31.582 Service scanning
18:44:32.877 Modules scanning
18:44:32.878 Disk 0 trace - called modules:
18:44:32.878
18:44:32.879 Scan finished successfully
18:45:09.968 The log file has been saved successfully to "C:\Windows\system32\config\systemprofile\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:32 PM

Posted 26 January 2012 - 04:06 PM

The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 joerob100

joerob100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 28 January 2012 - 06:08 AM

The files are not hidden the desktop has been duplicated and my favourites its like a guest account has been made over my current account to hide my files then the locations windows is shown are the dummy ones.

OTL logfile created on: 28/01/2012 10:53:46 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Windows\SysWOW64\config\systemprofile\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.23 Gb Available Physical Memory | 80.74% Memory free
8.00 Gb Paging File | 7.33 Gb Available in Paging File | 91.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 3.78 Gb Free Space | 5.08% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 6.11 Gb Free Space | 2.05% Space Free | Partition Type: NTFS

Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWOW64\config\systemprofile\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Joe\Desktop\Joes stuff\unhide.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\attrib.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Joe\Desktop\Joes stuff\unhide.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (nHancer) -- C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM)) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (CDMA Device Service) -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (UpdateCenterService) -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (PS3 Media Server) -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe ()
SRV - (libusbd) -- C:\Windows\SysWOW64\libusbd-nt.exe (http://libusb-win32.sourceforge.net)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (hitmanpro35) -- C:\Windows\SysNative\drivers\hitmanpro36.sys ()
DRV:64bit: - (OlmarikFixer) -- C:\Windows\SysNative\drivers\OlmarikFixer.sys (ESET)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (ComproHID) -- C:\Windows\SysNative\drivers\ComproHID64.sys (Compro Tech., Inc.)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (NVR0FLASHDev) -- C:\Windows\nvflsh64.sys (NVIDIA Corp.)
DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVIDIA Corp.)
DRV - (ComproHID) -- C:\Windows\SysWOW64\drivers\ComproHID64.sys (Compro Tech., Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows ® Server 2003 DDK provider)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()
DRV - (ULCDRHlp) -- C:\Windows\SysWOW64\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 4.0b10pre\extensions\\Components: C:\PROGRAM FILES\MINEFIELD\COMPONENTS [2011/01/16 04:20:28 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 4.0b10pre\extensions\\Plugins: C:\PROGRAM FILES\MINEFIELD\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/03/08 13:57:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/02/17 02:09:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\components [2012/01/16 18:11:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins [2011/02/22 14:39:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/18 01:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/22 14:39:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/09/24 12:57:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/08 13:55:58 | 000,000,000 | ---D | M]

[2010/09/27 17:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/27 15:02:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012/01/03 21:49:46 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- D:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2012/01/03 21:49:45 | 000,000,000 | ---D | M] (Default Shot Palette) -- D:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2012/01/03 21:49:45 | 000,000,000 | ---D | M] (MSN-Smileys) -- D:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2012/01/03 21:49:45 | 000,000,000 | ---D | M] (DOM Inspector) -- D:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2012/01/03 21:49:45 | 000,000,000 | ---D | M] (Blackened) -- D:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2012/01/03 21:49:45 | 000,000,000 | ---D | M] (Depth) -- D:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2012/01/03 21:49:45 | 000,000,000 | ---D | M] (Minimal) -- D:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2009/12/31 09:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll
[2010/07/27 15:02:11 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/16 23:03:36 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/03/11 22:00:37 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/03/11 22:00:37 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/03/11 22:00:37 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/03/11 22:00:38 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joe\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joe\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Joe\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Disabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Disabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: BYOND stub plugin for Mozilla (Disabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins\npbyond.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Disabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/01/25 20:33:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll File not found
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll File not found
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Olympus ib] C:\Program Files (x86)\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\.DEFAULT..\Run: [CflQpwgb] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tytefwwo\cflqpwgb.exe ()
O4 - HKU\S-1-5-18..\Run: [CflQpwgb] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tytefwwo\cflqpwgb.exe ()
O4 - Startup: C:\Windows\SysWOW64\config\AppData\LocalLow [2012/01/19 08:05:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\AppData [2009/07/14 04:55:33 | 000,000,000 | --SD | M]
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\Desktop [2012/01/28 10:52:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Windows\SysWow64\config\systemprofile\Documents [2012/01/25 21:00:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Windows\SysWOW64\config\systemprofile\Favorites [2012/01/19 08:05:52 | 000,000,000 | R--D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{207CE866-3417-45C5-93B4-C05D2C26E7C3}: NameServer = 90.207.238.97,90.207.238.99
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\config\systemprofile\AppData\Local\tytefwwo\cflqpwgb.exe) -C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tytefwwo\cflqpwgb.exe ()
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {A5BE62CA-DE0F-4764-A0CB-4044816DB174} - C:\Program Files\tuEagles\EagleObj.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/25 20:18:22 | 000,000,539 | ---- | M] () - D:\autoexec.cfg -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 21:00:29 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Documents
[2012/01/25 20:34:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/25 20:34:08 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2012/01/25 20:30:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/22 21:03:58 | 052,128,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/01/22 21:02:58 | 000,022,832 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\OlmarikFixer.sys
[2012/01/22 20:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/22 20:24:28 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/01/22 20:24:28 | 000,000,000 | ---D | C] -- \_OTM
[2012/01/22 20:08:33 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/01/22 19:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/01/22 19:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/01/22 18:50:41 | 000,016,752 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2012/01/22 18:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
[2012/01/22 18:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/01/22 18:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/21 14:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/21 14:06:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/21 14:06:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/21 14:06:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/21 14:06:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/21 14:05:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/21 14:05:51 | 000,000,000 | ---D | C] -- \Qoobox
[2012/01/19 21:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/19 21:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/19 21:18:01 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/19 21:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/19 08:05:51 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Favorites
[2012/01/17 21:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Balsamiq Mockups
[2012/01/11 18:06:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/03 21:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celtx
[2010/05/05 18:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/05/05 18:38:18 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/28 10:43:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/28 10:43:05 | 3220,074,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/25 21:05:37 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/01/25 20:55:39 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\PC Performer.job
[2012/01/25 20:52:57 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-0000000A-00001102-00000005-002C1102}.rfx
[2012/01/25 20:52:57 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-0000000A-00001102-00000005-002C1102}.rfx
[2012/01/25 20:52:57 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-0000000A-00001102-00000005-002C1102}.rfx
[2012/01/25 20:48:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/25 20:45:37 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 20:45:37 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 20:42:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2012/01/25 20:40:06 | 000,795,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/25 20:40:06 | 000,675,336 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/25 20:40:06 | 000,129,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/25 20:33:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/25 20:32:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/22 21:02:58 | 000,022,832 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\OlmarikFixer.sys
[2012/01/22 20:08:33 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/01/22 19:50:31 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/01/22 19:22:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3083856611-1580335890-2369480647-1000UA.job
[2012/01/22 18:50:52 | 000,002,034 | ---- | M] () -- C:\ProgramData\repository.xml
[2012/01/22 18:50:40 | 000,001,054 | R--- | M] () -- C:\Users\Public\Desktop\PC Performer.lnk
[2012/01/22 18:46:15 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/22 14:42:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2012/01/21 13:44:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/19 21:49:54 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/17 21:37:39 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Balsamiq Mockups.lnk
[2012/01/11 18:06:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/04 17:15:16 | 052,128,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/01/03 21:49:47 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\Celtx.lnk
[2012/01/03 19:11:48 | 000,016,752 | ---- | M] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2012/01/03 06:22:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3083856611-1580335890-2369480647-1000Core.job
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/25 20:55:39 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\PC Performer.job
[2012/01/22 19:50:31 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/01/22 19:50:31 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/01/22 18:50:52 | 000,002,034 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/01/22 18:50:40 | 000,001,054 | R--- | C] () -- C:\Users\Public\Desktop\PC Performer.lnk
[2012/01/22 18:46:15 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/21 14:37:57 | 000,000,962 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2012/01/21 14:37:56 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2012/01/21 14:06:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/21 14:06:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/21 14:06:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/21 14:06:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/21 14:06:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/21 13:38:55 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/21 13:38:55 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/01/21 13:38:55 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/01/21 13:38:55 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/01/21 13:38:55 | 000,001,751 | ---- | C] () -- C:\Users\Public\Desktop\DiRT 3.lnk
[2012/01/21 13:38:55 | 000,001,712 | ---- | C] () -- C:\Users\Public\Desktop\WoT Social Hub.lnk
[2012/01/21 13:38:55 | 000,001,314 | ---- | C] () -- C:\Users\Public\Desktop\Get More FREE Screensavers.lnk
[2012/01/21 13:38:55 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012/01/21 13:38:55 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Exact Audio Copy.lnk
[2012/01/21 13:38:55 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\OverTargetMarkersEditor.lnk
[2012/01/21 13:38:55 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2012/01/21 13:38:55 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Balsamiq Mockups.lnk
[2012/01/21 13:38:55 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2012/01/21 13:38:55 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/01/21 13:38:55 | 000,000,758 | ---- | C] () -- C:\Users\Public\Desktop\Celtx.lnk
[2012/01/21 13:38:55 | 000,000,692 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/01/21 13:38:55 | 000,000,677 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2012/01/21 13:38:55 | 000,000,559 | ---- | C] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
[2012/01/21 13:38:15 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/21 13:38:15 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/01/21 13:38:14 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/01/21 13:38:14 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/01/21 13:38:14 | 000,002,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 10.lnk
[2012/01/21 13:38:14 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/01/21 13:38:14 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/01/21 13:38:14 | 000,001,863 | R--- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATMA V.lnk
[2012/01/21 13:38:14 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/01/21 13:38:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/21 13:38:14 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/01/21 13:38:14 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012/01/21 13:38:14 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2012/01/21 13:38:14 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2012/01/21 13:38:14 | 000,001,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverTargetMarkersEditor.lnk
[2012/01/21 13:38:14 | 000,000,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Balsamiq Mockups.lnk
[2012/01/21 13:38:14 | 000,000,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/01/21 13:38:14 | 000,000,711 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2012/01/21 13:38:14 | 000,000,697 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Reader.lnk
[2012/01/19 21:49:54 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 23:16:14 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/09/03 19:15:24 | 000,194,460 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/07/26 16:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/07/26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/07/26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/07/26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/07/26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/04/15 11:48:08 | 000,000,056 | ---- | C] () -- C:\Windows\SpeedGear.INI
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/18 14:12:18 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/29 04:00:05 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2011/01/29 04:00:05 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2011/01/29 04:00:05 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe
[2010/10/20 22:33:40 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2010/10/20 22:15:59 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/10/13 18:46:10 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/09/13 16:28:13 | 000,027,041 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/06/18 19:38:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/06/18 18:19:26 | 000,000,040 | ---- | C] () -- C:\Windows\RSoftInfo.dat
[2010/06/15 22:59:27 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/05 19:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/05/05 18:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/05/05 18:46:30 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/05/05 18:46:30 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/05/05 18:38:22 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010/04/19 22:57:25 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010/04/05 22:36:13 | 000,000,088 | ---- | C] () -- C:\Windows\QTW.INI
[2010/04/04 15:47:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/09 21:36:02 | 000,000,071 | ---- | C] () -- C:\Windows\NARBACULARDROP.INI
[2010/03/08 15:37:37 | 000,203,316 | RHS- | C] () -- \grldr
[2010/03/08 15:37:37 | 000,000,003 | RHS- | C] () -- \win7ldr
[2010/03/08 14:28:51 | 3220,074,496 | -HS- | C] () -- \hiberfil.sys
[2010/03/08 13:52:33 | 000,781,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/08 13:49:22 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/03/08 13:49:22 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/02/05 20:28:38 | 000,978,715 | ---- | C] () -- C:\Windows\SysWow64\spacesav.dat
[2010/01/20 17:26:06 | 002,395,944 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2009/10/31 03:07:27 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/09/11 11:09:44 | 000,117,760 | ---- | C] () -- C:\Windows\SysWow64\jacob-1.14.3-x64.dll
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:24:58 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/04 00:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/05/28 01:05:31 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009/05/27 08:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/05/11 23:06:42 | 000,240,173 | ---- | C] () -- \AnalysisLog.sr0
[2009/05/11 22:01:26 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009/05/11 22:01:25 | 000,383,562 | RHS- | C] () -- \bootmgr
[2009/05/11 21:39:01 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/05/11 17:37:37 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/05/11 17:37:36 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/05/11 17:37:35 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/05/11 13:51:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/02/19 09:26:38 | 000,007,237 | ---- | C] () -- C:\Windows\cadx2.ini

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DBC416F8

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:32 PM

Posted 30 January 2012 - 01:46 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
    [2010/03/11 22:00:37 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2010/03/11 22:00:37 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2010/03/11 22:00:37 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2010/03/11 22:00:38 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 joerob100

joerob100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 30 January 2012 - 05:05 PM

Still have the same problem. Trying Firefox, Opera and Chrome i still get Google redirects and crashing.



All processes killed
========== OTL ==========
C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joe\New folder\cmd.bat deleted successfully.
C:\Users\Joe\New folder\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: AppData
-> No Temporary Internet Files cache folder defined!

User: Journal
-> No Temporary Internet Files cache folder defined!

User: RegBack
-> No Temporary Internet Files cache folder defined!

User: systemprofile
-> No Temporary Internet Files cache folder defined!

User: TxR
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 595070 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


[EMPTYJAVA]

User: AppData

User: Journal

User: RegBack

User: systemprofile

User: TxR

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: AppData

User: Journal

User: RegBack

User: systemprofile

User: TxR

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01302012_193331

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:32 PM

Posted 02 February 2012 - 09:58 AM

Please download Kaspersky Virus Removal Tool and SAVE it to your desktop

  • Right click and run as admin (xp please double click to run)
  • select lang
  • accept the license aggreement
  • click on settings (gear looking thing on the right)
  • put check mark in
    • system memory
      hidden objects
      disk boot sectors
      computer
      os
  • go back to automatic scan
  • click on start scan
  • For this scan select skip for anything found
  • when the scan is complete click on the report button (looks like a peace of paper on the right of the gear looking thing)
  • on the left you will see
    status
    Detected threats<-- click on this one
    automatic Scan report
    Manual disinfection report
  • click on the save button
    save to a location that you can find it ( default is in the document folder)
  • copy and paste this report in your next post

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:32 PM

Posted 04 February 2012 - 11:32 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users