Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects Win7/x64


  • This topic is locked This topic is locked
21 replies to this topic

#1 ny942631

ny942631

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 22 January 2012 - 10:20 PM

Hello,

Unfortunately this is too common story. PC got infected, most of the viruses vere removed but whenever I search something with google I get redirected to junk websites... Researched the forum a bit, found other people had similar issues but didn't want to run fixes that were not made for my PC... Downloaded and run OTL.exe with this rgument < %TEMP%\smtmp\*.* /s >, below is the output. Please help, these redirects are very annoying. Thanks a lot. Dan

OTL logfile created on: 1/22/2012 9:52:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ktouloumis\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.71 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.78% Memory free
7.42 Gb Paging File | 5.78 Gb Available in Paging File | 77.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 97.94 Gb Free Space | 65.75% Space Free | Partition Type: NTFS
Drive K: | 66.09 Gb Total Space | 53.69 Gb Free Space | 81.24% Space Free | Partition Type: NTFS
Drive P: | 66.09 Gb Total Space | 53.69 Gb Free Space | 81.24% Space Free | Partition Type: NTFS

Computer Name: JPC-PC1 | User Name: ktouloumis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ktouloumis\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Lexmark S800 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark S800 Series\lxefmon.exe ()
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\lxefmon.exe ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\lxefdrs.dll ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\lxefcaps.dll ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\lxefptp.dll ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\epoemdll.dll ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\epwizres.dll ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\epwizard.dll ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\epfunct.dll ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\eputil.dll ()
MOD - C:\Program Files (x86)\Lexmark S800 Series\imagutil.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (lxefCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxefserv.exe ()
SRV:64bit: - (lxef_device) -- C:\Windows\SysNative\lxefcoms.exe ( )
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (SecureConnectClientService) -- C:\Program Files (x86)\Grasp Technologies\Secure Connect Client\SecureConnectClientService.exe ()
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (lxef_device) -- C:\Windows\SysWow64\lxefcoms.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PSPRSERV) -- C:\Program Files (x86)\ElcomSoft\Proactive System Password Recovery\psprserv64.exe (ElcomSoft Co. Ltd.)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)


========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (e1kexpress) Intel® -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3401027966-791964573-2700206336-1125\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3401027966-791964573-2700206336-1125\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3401027966-791964573-2700206336-1125\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3401027966-791964573-2700206336-1125\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3401027966-791964573-2700206336-1125\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 B0 40 25 CA D8 CC 01 [binary data]
IE - HKU\S-1-5-21-3401027966-791964573-2700206336-1125\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.95\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.95\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/01/22 00:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/01/22 00:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/01/22 00:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2011/12/01 15:13:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\ktouloumis\AppData\Roaming\mozilla\Extensions
[2011/12/16 12:32:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/20 20:04:05 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/19 19:11:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3401027966-791964573-2700206336-1125\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S800 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [lxefmon.exe] C:\Program Files (x86)\Lexmark S800 Series\lxefmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Lexmark S800 Series] C:\Program Files (x86)\Lexmark S800 Series\fm3032.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3401027966-791964573-2700206336-1125\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3401027966-791964573-2700206336-1125\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3401027966-791964573-2700206336-1125\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3401027966-791964573-2700206336-1125\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://clientbase.webex.com/client/T26L/event/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jpcruises.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69CD637B-0A1F-4338-B9F2-54486B35A807}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69CD637B-0A1F-4338-B9F2-54486B35A807}: NameServer = 10.10.10.10
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/22 20:29:10 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/01/22 20:29:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/01/22 20:29:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/01/22 20:01:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/22 20:01:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/22 20:01:39 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/01/22 20:01:39 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/01/22 20:01:39 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/22 20:01:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/01/22 20:01:39 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/22 20:01:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/01/22 20:01:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/22 20:01:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/01/22 20:01:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/22 20:01:38 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/01/22 20:01:38 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/01/22 20:01:38 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/22 20:01:38 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/22 20:01:38 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/22 20:01:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/22 20:01:38 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/22 20:01:38 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/01/22 20:01:38 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/01/22 20:01:38 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/01/22 20:01:38 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/22 20:01:38 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/01/22 20:01:38 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/22 20:01:38 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/01/22 20:01:38 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/01/22 20:01:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/22 20:01:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/22 20:01:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/22 20:01:38 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/01/22 20:01:38 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/01/22 20:01:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/01/22 20:01:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/22 20:01:38 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/01/22 20:01:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/01/22 20:01:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/01/22 20:01:38 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/01/22 20:01:38 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/01/22 20:01:38 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/01/22 20:01:38 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/01/22 20:01:38 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/22 20:01:38 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/22 20:01:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/22 20:01:38 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/01/22 20:01:38 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/22 20:01:38 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/01/22 20:01:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/22 20:01:38 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/01/22 20:01:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/01/22 20:01:38 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/22 20:01:38 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/01/22 20:01:38 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/01/22 20:01:38 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/22 20:01:38 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/22 20:01:38 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/01/22 20:01:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/01/22 20:01:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/01/22 20:01:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/22 20:01:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/22 20:01:38 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/22 20:01:38 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/01/22 20:01:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/01/22 20:01:38 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/01/22 20:01:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/01/22 20:01:38 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/01/22 20:01:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/01/22 20:01:38 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/22 20:01:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/22 20:01:38 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/22 20:01:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/22 20:01:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/01/22 20:01:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/22 00:26:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/22 00:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012/01/22 00:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/22 00:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/01/22 00:01:58 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/01/21 23:42:10 | 000,000,000 | ---D | C] -- C:\jink
[2012/01/21 22:47:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/21 22:42:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/19 19:34:14 | 000,000,000 | ---D | C] -- C:\Users\ktouloumis\AppData\Local\temp
[2012/01/19 18:15:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/19 18:15:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/19 18:15:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/19 18:14:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/19 18:12:40 | 000,000,000 | ---D | C] -- C:\Qoobox.xxx
[2012/01/19 17:50:58 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0129.old
[2012/01/19 17:50:58 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0129.old
[2012/01/19 17:45:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/01/19 17:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/19 17:10:07 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/01/17 16:33:33 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/17 16:33:33 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/17 16:33:32 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/17 16:33:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/17 16:33:32 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/17 16:33:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/11 12:02:43 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 12:02:43 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 12:02:43 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 12:02:43 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 12:02:40 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 12:02:39 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 12:02:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/10 14:31:38 | 001,028,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.00A
[2012/01/10 14:31:38 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.00B
[2012/01/10 14:31:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\TRAMS
[2012/01/10 14:31:31 | 000,000,000 | ---D | C] -- C:\Users\ktouloumis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TRAMS for Windows
[2012/01/10 14:31:16 | 000,444,928 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\midas.dll
[2011/12/25 14:35:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/25 14:35:19 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/25 14:35:18 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/06 15:05:26 | 000,352,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefinpa.dll
[2011/12/06 15:05:26 | 000,327,680 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefiesc.dll
[2011/12/06 15:05:25 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefserv.dll
[2011/12/06 15:05:25 | 000,770,048 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefusb1.dll
[2011/12/06 15:05:25 | 000,634,880 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefpmui.dll
[2011/12/06 15:05:25 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeflmpm.dll
[2011/12/06 15:05:25 | 000,307,880 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefih.exe
[2011/12/06 15:05:24 | 000,815,104 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefcomc.dll
[2011/12/06 15:05:24 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefhbn3.dll
[2011/12/06 15:05:24 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefcoms.exe
[2011/12/06 15:05:24 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefcomm.dll
[2011/12/06 15:05:24 | 000,357,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefcfg.exe

========== Files - Modified Within 30 Days ==========

[2012/01/22 21:29:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/22 20:42:01 | 000,797,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/22 20:42:01 | 000,674,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/22 20:42:01 | 000,127,162 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/22 20:41:41 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 20:41:41 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 20:38:45 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/22 20:33:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/22 20:33:52 | 2987,847,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/22 20:10:22 | 000,001,437 | ---- | M] () -- C:\Users\ktouloumis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/22 20:01:39 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/22 20:01:39 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/22 20:01:39 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/01/22 20:01:39 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/01/22 20:01:39 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/22 20:01:39 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/01/22 20:01:39 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/22 20:01:39 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/01/22 20:01:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/22 20:01:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/01/22 20:01:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/22 20:01:38 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/01/22 20:01:38 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/01/22 20:01:38 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/22 20:01:38 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/22 20:01:38 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/22 20:01:38 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/22 20:01:38 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/22 20:01:38 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/01/22 20:01:38 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/01/22 20:01:38 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/01/22 20:01:38 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/22 20:01:38 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/01/22 20:01:38 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/22 20:01:38 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/01/22 20:01:38 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/01/22 20:01:38 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/22 20:01:38 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/22 20:01:38 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/22 20:01:38 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/01/22 20:01:38 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/01/22 20:01:38 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/01/22 20:01:38 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/22 20:01:38 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/01/22 20:01:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/01/22 20:01:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/01/22 20:01:38 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/01/22 20:01:38 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/01/22 20:01:38 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/01/22 20:01:38 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/01/22 20:01:38 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/22 20:01:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/22 20:01:38 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/22 20:01:38 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/01/22 20:01:38 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/22 20:01:38 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/01/22 20:01:38 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/22 20:01:38 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/01/22 20:01:38 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/01/22 20:01:38 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/22 20:01:38 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/01/22 20:01:38 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/01/22 20:01:38 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/22 20:01:38 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/22 20:01:38 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/01/22 20:01:38 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/01/22 20:01:38 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/01/22 20:01:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/22 20:01:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/22 20:01:38 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/22 20:01:38 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/22 20:01:38 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/22 20:01:38 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/01/22 20:01:38 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/01/22 20:01:38 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/01/22 20:01:38 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/01/22 20:01:38 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/01/22 20:01:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/01/22 20:01:38 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/22 20:01:38 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/22 20:01:38 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/22 20:01:38 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/22 20:01:38 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/01/22 20:01:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/22 00:16:16 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/01/22 00:16:16 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/01/22 00:04:52 | 000,017,408 | ---- | M] () -- C:\Users\ktouloumis\AppData\Local\WebpageIcons.db
[2012/01/22 00:01:58 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/01/19 19:11:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/19 17:55:49 | 001,933,336 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/18 16:21:39 | 001,848,921 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Travelex Select STS Brochure.pdf
[2012/01/18 15:52:36 | 000,410,565 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Seabourn_Shield_Description_3-11.pdf
[2012/01/18 15:21:53 | 000,138,771 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Walerstein Cunard QM2 Canada July 1- July 6, 2012.pdf
[2012/01/18 12:35:57 | 000,309,226 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Bell TFFAS Oceania June 9 - June 19, 2012.pdf
[2012/01/17 16:55:15 | 000,305,934 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Herstein TFFAS Oceania Cruise June 9 - June 19, 2012.pdf
[2012/01/13 10:07:48 | 000,118,139 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Drucker Ryan Seabourn Quest July 2, 2012.pdf
[2012/01/12 14:23:27 | 000,110,291 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Van Der Mije San Juan Hotel Invoice.pdf
[2012/01/12 11:50:01 | 000,110,249 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Glass Ritz Carlton Confirmation San Juan.pdf
[2012/01/12 03:04:08 | 000,793,692 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/11 16:08:05 | 000,236,195 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Descher TFFAS Oceania June 9 - June 19, 2012.pdf
[2012/01/10 16:05:58 | 000,171,496 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Lipp Cap Jaluca Invoice.pdf
[2012/01/10 15:43:12 | 000,077,442 | ---- | M] () -- C:\Users\ktouloumis\Desktop\GRF Nautica June 9, 2012.pdf
[2012/01/10 14:41:49 | 000,310,620 | ---- | M] () -- C:\Users\ktouloumis\Desktop\GroupDiningRequestFormFinal-Nautica.pdf
[2012/01/10 14:31:45 | 000,000,206 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012/01/10 14:31:38 | 000,017,583 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Services
[2012/01/10 14:31:38 | 000,001,077 | ---- | M] () -- C:\Users\ktouloumis\Desktop\CBPlus.lnk
[2012/01/10 14:31:31 | 000,000,987 | ---- | M] () -- C:\Users\ktouloumis\Desktop\TCR 10.lnk
[2012/01/10 14:30:36 | 067,933,088 | ---- | M] () -- C:\Users\ktouloumis\Desktop\currentcbwupdate.exe
[2012/01/10 09:59:14 | 000,248,488 | ---- | M] () -- C:\Users\ktouloumis\Desktop\ShoreExcursions for June 9, 2012.pdf
[2012/01/09 13:57:14 | 000,110,894 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Nowick Disney Dream February 19 - February 23, 2012.pdf
[2012/01/06 18:39:52 | 000,120,673 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Montgomery SeaDream 1 January 28 - February 4, 2012.pdf
[2012/01/06 18:00:25 | 000,120,980 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Montgomery SeaDream January 28 - February 4, 2012 Invoice.pdf
[2012/01/06 14:37:25 | 000,019,264 | ---- | M] () -- C:\Users\ktouloumis\Desktop\SeaDream Guest Registration Form.pdf
[2012/01/06 11:49:13 | 000,171,577 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Montgomery Reid SeaDream 1 January 28 - February 4, 2012.pdf
[2012/01/06 09:09:48 | 000,118,280 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Glass San Juan Hotel Invoice.pdf
[2012/01/05 11:50:22 | 000,184,534 | ---- | M] () -- C:\Users\ktouloumis\Desktop\CHeck 12-22-2011.PDF
[2012/01/04 12:00:39 | 000,089,095 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Montgomery CONFIRMATION FOR GUEST.pdf
[2012/01/01 12:43:30 | 000,303,198 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Kendall Hotel Invoice.pdf
[2012/01/01 12:41:26 | 000,233,547 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Kendall AMA Waterways invoice.pdf
[2011/12/31 22:26:19 | 000,371,425 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Kendall Invoice.pdf
[2011/12/31 15:19:48 | 000,126,793 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Kendall Chiva Som Mandarin Oriental Invoice.pdf
[2011/12/31 15:14:15 | 000,169,700 | ---- | M] () -- C:\Users\ktouloumis\Desktop\Kendall Mandarin Oriental Invoice.pdf
[2011/12/26 03:07:35 | 000,422,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/22 20:01:38 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/22 20:01:38 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/22 00:04:50 | 000,017,408 | ---- | C] () -- C:\Users\ktouloumis\AppData\Local\WebpageIcons.db
[2012/01/22 00:03:48 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/01/22 00:03:47 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/01/19 18:15:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 18:15:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 18:15:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 18:15:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 18:15:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/19 17:55:24 | 001,933,336 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/19 17:50:58 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0129.old
[2012/01/18 16:21:39 | 001,848,921 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Travelex Select STS Brochure.pdf
[2012/01/18 15:52:36 | 000,410,565 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Seabourn_Shield_Description_3-11.pdf
[2012/01/18 15:00:03 | 000,138,771 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Walerstein Cunard QM2 Canada July 1- July 6, 2012.pdf
[2012/01/13 10:07:48 | 000,118,139 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Drucker Ryan Seabourn Quest July 2, 2012.pdf
[2012/01/12 11:50:00 | 000,110,249 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Glass Ritz Carlton Confirmation San Juan.pdf
[2012/01/11 16:08:05 | 000,236,195 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Descher TFFAS Oceania June 9 - June 19, 2012.pdf
[2012/01/11 14:04:00 | 000,309,226 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Bell TFFAS Oceania June 9 - June 19, 2012.pdf
[2012/01/10 16:05:58 | 000,171,496 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Lipp Cap Jaluca Invoice.pdf
[2012/01/10 15:43:12 | 000,077,442 | ---- | C] () -- C:\Users\ktouloumis\Desktop\GRF Nautica June 9, 2012.pdf
[2012/01/10 14:41:49 | 000,310,620 | ---- | C] () -- C:\Users\ktouloumis\Desktop\GroupDiningRequestFormFinal-Nautica.pdf
[2012/01/10 14:31:31 | 000,000,987 | ---- | C] () -- C:\Users\ktouloumis\Desktop\TCR 10.lnk
[2012/01/10 14:08:32 | 067,933,088 | ---- | C] () -- C:\Users\ktouloumis\Desktop\currentcbwupdate.exe
[2012/01/10 09:59:14 | 000,248,488 | ---- | C] () -- C:\Users\ktouloumis\Desktop\ShoreExcursions for June 9, 2012.pdf
[2012/01/09 10:16:56 | 000,110,894 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Nowick Disney Dream February 19 - February 23, 2012.pdf
[2012/01/06 18:39:51 | 000,120,673 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Montgomery SeaDream 1 January 28 - February 4, 2012.pdf
[2012/01/06 18:00:24 | 000,120,980 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Montgomery SeaDream January 28 - February 4, 2012 Invoice.pdf
[2012/01/06 14:37:25 | 000,019,264 | ---- | C] () -- C:\Users\ktouloumis\Desktop\SeaDream Guest Registration Form.pdf
[2012/01/06 11:49:13 | 000,171,577 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Montgomery Reid SeaDream 1 January 28 - February 4, 2012.pdf
[2012/01/06 09:31:33 | 000,110,291 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Van Der Mije San Juan Hotel Invoice.pdf
[2012/01/06 09:05:32 | 000,118,280 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Glass San Juan Hotel Invoice.pdf
[2012/01/05 11:50:22 | 000,184,534 | ---- | C] () -- C:\Users\ktouloumis\Desktop\CHeck 12-22-2011.PDF
[2012/01/05 11:41:32 | 000,305,934 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Herstein TFFAS Oceania Cruise June 9 - June 19, 2012.pdf
[2012/01/04 12:00:39 | 000,089,095 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Montgomery CONFIRMATION FOR GUEST.pdf
[2012/01/01 12:43:30 | 000,303,198 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Kendall Hotel Invoice.pdf
[2011/12/31 22:26:19 | 000,371,425 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Kendall Invoice.pdf
[2011/12/31 15:19:48 | 000,126,793 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Kendall Chiva Som Mandarin Oriental Invoice.pdf
[2011/12/31 15:15:20 | 000,233,547 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Kendall AMA Waterways invoice.pdf
[2011/12/31 15:14:15 | 000,169,700 | ---- | C] () -- C:\Users\ktouloumis\Desktop\Kendall Mandarin Oriental Invoice.pdf
[2011/12/19 14:21:55 | 000,005,856 | -HS- | C] () -- C:\Users\ktouloumis\AppData\Local\107357r7j173a311h074m2lqw2t2
[2011/12/19 14:21:55 | 000,005,856 | -HS- | C] () -- C:\ProgramData\107357r7j173a311h074m2lqw2t2
[2011/12/16 15:43:09 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~uWRexjzVg4clOrr
[2011/12/16 15:43:08 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~uWRexjzVg4clOr
[2011/12/16 15:42:57 | 000,000,344 | -H-- | C] () -- C:\ProgramData\uWRexjzVg4clOr
[2011/12/16 11:00:50 | 000,000,112 | -H-- | C] () -- C:\ProgramData\Bw41cPl0.dat
[2011/12/15 14:33:59 | 000,011,634 | -HS- | C] () -- C:\Users\ktouloumis\AppData\Local\vibahd5e3upe6uek6otu8t317s4k
[2011/12/15 14:33:59 | 000,011,634 | -HS- | C] () -- C:\ProgramData\vibahd5e3upe6uek6otu8t317s4k
[2011/12/12 10:45:27 | 000,011,398 | -HS- | C] () -- C:\Users\ktouloumis\AppData\Local\frvivf3i4vur5rmx1wal1i614o0j
[2011/12/12 10:45:27 | 000,011,398 | -HS- | C] () -- C:\ProgramData\frvivf3i4vur5rmx1wal1i614o0j
[2011/12/09 11:50:03 | 000,001,784 | -HS- | C] () -- C:\Users\ktouloumis\AppData\Local\4h82fh5s08h625
[2011/12/09 11:50:03 | 000,001,784 | -HS- | C] () -- C:\ProgramData\4h82fh5s08h625
[2011/12/08 16:12:17 | 000,010,716 | -HS- | C] () -- C:\Users\ktouloumis\AppData\Local\638686h3l434n836e311a3ijf1c1
[2011/12/08 16:12:17 | 000,010,716 | -HS- | C] () -- C:\ProgramData\638686h3l434n836e311a3ijf1c1
[2011/12/08 11:06:13 | 000,011,212 | -HS- | C] () -- C:\Users\ktouloumis\AppData\Local\667137f6b054u417g063y7qmi3d1
[2011/12/08 11:06:13 | 000,011,212 | -HS- | C] () -- C:\ProgramData\667137f6b054u417g063y7qmi3d1
[2011/12/07 11:39:49 | 000,001,746 | -HS- | C] () -- C:\Users\ktouloumis\AppData\Local\3h37wy5w76y685
[2011/12/07 11:39:49 | 000,001,746 | -HS- | C] () -- C:\ProgramData\3h37wy5w76y685
[2011/12/06 15:05:26 | 000,360,448 | ---- | C] () -- C:\Windows\SysWow64\lxefcomx.dll
[2011/12/06 15:05:26 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\LXEFinst.dll
[2011/12/06 15:05:26 | 000,106,638 | ---- | C] () -- C:\Windows\SysWow64\lxefinsr.dll
[2011/12/06 15:05:26 | 000,057,486 | ---- | C] () -- C:\Windows\SysWow64\lxefjswr.dll
[2011/12/06 15:05:26 | 000,037,003 | ---- | C] () -- C:\Windows\SysWow64\lxefcur.dll
[2011/12/06 15:05:25 | 000,450,693 | ---- | C] () -- C:\Windows\SysWow64\lxefins.dll
[2011/12/06 15:05:25 | 000,262,278 | ---- | C] () -- C:\Windows\SysWow64\lxefinsb.dll
[2011/12/06 15:05:25 | 000,258,180 | ---- | C] () -- C:\Windows\SysWow64\lxefcu.dll
[2011/12/06 15:05:25 | 000,090,245 | ---- | C] () -- C:\Windows\SysWow64\lxefcub.dll
[2011/12/06 14:57:15 | 000,000,179 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011/12/06 12:36:03 | 000,008,728 | -HS- | C] () -- C:\Users\ktouloumis\AppData\Local\001386f7s457x258h403u1uvg1g5
[2011/12/06 12:36:03 | 000,008,728 | -HS- | C] () -- C:\ProgramData\001386f7s457x258h403u1uvg1g5
[2011/12/06 09:00:06 | 000,000,068 | ---- | C] () -- C:\Windows\Awpr.ini
[2011/12/01 14:49:57 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~D1XdBZ7ldwCpN6
[2011/12/01 14:49:57 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~D1XdBZ7ldwCpN6r
[2011/12/01 14:49:52 | 000,000,344 | -H-- | C] () -- C:\ProgramData\D1XdBZ7ldwCpN6
[2011/06/23 10:05:43 | 000,630,784 | ---- | C] () -- C:\Windows\SysWow64\LXEFsm.dll
[2011/06/23 10:05:43 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\LXEFsmr.dll
[2011/01/11 17:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2010/11/23 15:19:16 | 000,000,284 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/22 17:17:38 | 000,793,692 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/22 17:08:31 | 000,000,206 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/11/22 17:08:10 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\k1aAPSLicense.dll
[2010/11/22 16:16:53 | 000,000,213 | ---- | C] () -- C:\Windows\cedt.INI
[2010/11/22 15:20:50 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/11/21 17:12:51 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/11/21 17:12:51 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/11/21 17:12:50 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/11/21 17:12:50 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/11/21 17:12:50 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/11/21 17:12:50 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/11/21 17:12:50 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/11/21 17:12:50 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/11/21 17:12:50 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/11/21 17:12:50 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/11/21 17:12:50 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/11/21 17:12:50 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/11/21 17:12:50 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/11/21 17:12:50 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/11/21 17:12:50 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/11/21 17:12:50 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/11/21 15:19:18 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/19 17:09:00 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/07/19 17:08:58 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/07/19 17:08:58 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/07/19 16:33:52 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/19 16:33:52 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

BC AdBot (Login to Remove)

 


#2 ny942631

ny942631
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 23 January 2012 - 12:18 AM

As per new post instruction here is the contents of DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by ktouloumis at 22:58:55 on 2012-01-22
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3799.1885 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\lxefcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Grasp Technologies\Secure Connect Client\SecureConnectClientService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lexmark S800 Series\lxefmon.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Lexmark S800 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TB: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Lexmark S800 Series] "C:\Program Files (x86)\Lexmark S800 Series\fm3032.exe" /s
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://clientbase.webex.com/client/T26L/event/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{69CD637B-0A1F-4338-B9F2-54486B35A807} : NameServer = 10.10.10.10
TCP: Interfaces\{69CD637B-0A1F-4338-B9F2-54486B35A807} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
BHO-X64: IMinent WebBooster - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [Lexmark S800 Series] "C:\Program Files (x86)\Lexmark S800 Series\fm3032.exe" /s
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-6-1 116536]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 lxef_device;lxef_device;C:\Windows\system32\lxefcoms.exe -service --> C:\Windows\system32\lxefcoms.exe -service [?]
R2 SecureConnectClientService;Secure Connect Client Service;C:\Program Files (x86)\Grasp Technologies\Secure Connect Client\SecureConnectClientService.exe [2011-4-18 61440]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-16 136176]
S2 lxefCATSCustConnectService;lxefCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxefserv.exe [2010-9-9 45224]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-16 136176]
S3 PSPRSERV;PSPR Control Service;C:\Program Files (x86)\ElcomSoft\Proactive System Password Recovery\psprserv64.exe [2009-5-19 78336]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-23 03:03:41 -------- d-----w- C:\Users\ktouloumis\AppData\Roaming\SUPERAntiSpyware.com
2012-01-23 03:03:29 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-23 03:03:29 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-01-23 03:02:51 -------- d-----w- C:\_OTL
2012-01-22 05:26:00 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-22 05:02:07 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-01-22 05:02:07 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-01-22 04:42:10 -------- d-----w- C:\jink
2012-01-22 03:47:43 -------- d-----w- C:\ComboFix
2012-01-20 00:34:14 -------- d-----w- C:\Users\ktouloumis\AppData\Local\temp
2012-01-19 23:15:34 98816 ----a-w- C:\Windows\sed.exe
2012-01-19 23:15:34 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-19 23:15:34 256000 ----a-w- C:\Windows\PEV.exe
2012-01-19 23:15:34 208896 ----a-w- C:\Windows\MBR.exe
2012-01-19 23:12:40 -------- d-----w- C:\Qoobox.xxx
2012-01-19 22:50:58 767952 ----a-w- C:\Windows\BDTSupport.dll0129.old
2012-01-19 22:50:58 1652688 ----a-w- C:\Windows\PCTBDCore.dll0129.old
2012-01-19 22:50:58 149456 ----a-w- C:\Windows\SGDetectionTool.dll0129.old
2012-01-19 22:45:58 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-01-19 22:10:07 -------- d-----w- C:\Windows\pss
2012-01-11 17:02:43 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 17:02:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 17:02:43 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 17:02:43 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 17:02:40 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 17:02:40 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 17:02:39 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 17:02:39 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-10 19:31:38 343040 ----a-w- C:\Windows\SysWow64\temp.00B
2012-01-10 19:31:38 1028096 ----a-w- C:\Windows\SysWow64\temp.00A
2012-01-10 19:31:38 -------- d-----w- C:\Windows\SysWow64\TRAMS
2012-01-10 19:31:16 444928 ----a-w- C:\Windows\SysWow64\midas.dll
2011-12-25 19:35:45 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-25 19:35:20 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-25 19:35:19 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-25 19:35:18 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-25 19:35:13 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-25 19:35:13 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2011-12-19 21:51:32 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2011-12-19 21:51:32 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2011-12-19 21:51:32 34688 ----a-w- C:\Windows\System32\LMIport.dll
2011-12-04 07:03:38 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-10 10:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 23:09:54.83 ===============

Edited by Budapest, 23 January 2012 - 12:20 AM.
Moved from Win7


#3 ny942631

ny942631
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 23 January 2012 - 12:19 AM

Here is the attach.txt (attachedAttached File  Attach.txt   8.79KB   1 downloads)

#4 ny942631

ny942631
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 25 January 2012 - 01:22 PM

Is there anything else I should provide? I really need help guys! Thanks!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:30 AM

Posted 26 January 2012 - 07:38 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ny942631

ny942631
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 26 January 2012 - 09:17 PM

Thank you Gringo.

here are the answers to your questions:

1. Combofix run fine, it erroneusly detects ESET but I uninstalled it a while ago and there are no ESET executables of any kind also scanned registry and removed references to ESET, still it is shows as present. Other than that there were no issues during combofix run.
2. PC still have hijacked Google search results.
3. Here is the log:

ComboFix 12-01-26.03 - ktouloumis 01/26/2012 19:58:05.3.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3799.1916 [GMT -5:00]
Running from: c:\users\ktouloumis\Desktop\comofix\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2012-01-27 01:36 . 2012-01-27 01:36 -------- d-----w- c:\users\pteas\AppData\Local\temp
2012-01-27 01:36 . 2012-01-27 01:36 -------- d-----w- c:\users\jperl\AppData\Local\temp
2012-01-27 01:36 . 2012-01-27 01:36 -------- d-----w- c:\users\fbean\AppData\Local\temp
2012-01-27 01:36 . 2012-01-27 01:36 -------- d-----w- c:\users\engineer\AppData\Local\temp
2012-01-27 01:36 . 2012-01-27 01:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 01:36 . 2012-01-27 01:36 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-01-27 00:40 . 2012-01-27 00:40 -------- d-----w- c:\programdata\WinZip
2012-01-24 21:09 . 2012-01-24 21:09 -------- d-----w- c:\programdata\Yahoo!
2012-01-24 21:09 . 2012-01-24 21:09 -------- d-----w- c:\programdata\Yahoo! Companion
2012-01-24 21:09 . 2012-01-24 21:09 -------- d-----w- c:\program files (x86)\Yahoo!
2012-01-24 21:09 . 2012-01-24 21:09 -------- d-----w- c:\users\ktouloumis\AppData\Roaming\Yahoo!
2012-01-24 21:09 . 2012-01-24 21:09 -------- d-----w- c:\program files (x86)\7-Zip
2012-01-23 14:25 . 2012-01-23 14:25 -------- d-----w- c:\program files\Microsoft Silverlight
2012-01-23 14:25 . 2012-01-23 14:25 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-01-23 14:12 . 2012-01-23 15:23 -------- d-----w- c:\program files (x86)\ShowMyPCService
2012-01-23 03:03 . 2012-01-23 03:03 -------- d-----w- c:\users\ktouloumis\AppData\Roaming\SUPERAntiSpyware.com
2012-01-23 03:03 . 2012-01-23 03:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-23 03:03 . 2012-01-23 03:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-23 03:02 . 2012-01-23 03:02 -------- d-----w- C:\_OTL
2012-01-22 05:02 . 2012-01-27 00:17 -------- d-----w- c:\programdata\Kaspersky Lab
2012-01-22 05:02 . 2012-01-22 05:02 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-01-22 04:42 . 2012-01-23 04:12 -------- d-----w- C:\jink
2012-01-20 00:34 . 2012-01-27 01:36 -------- d-----w- c:\users\ktouloumis\AppData\Local\temp
2012-01-19 22:50 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll0129.old
2012-01-19 22:50 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll0129.old
2012-01-19 22:50 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll0129.old
2012-01-19 22:45 . 2012-01-19 23:08 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-01-19 21:56 . 2012-01-19 21:56 -------- d-----w- c:\users\dshapiro
2012-01-11 17:02 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 17:02 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 17:02 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 17:02 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 17:02 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 17:02 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 17:02 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 17:02 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 19:31 . 2012-01-10 19:31 -------- d-----w- c:\windows\SysWow64\TRAMS
2012-01-10 19:31 . 2008-04-14 09:42 343040 ----a-w- c:\windows\SysWow64\temp.00B
2012-01-10 19:31 . 2008-04-14 09:41 1028096 ----a-w- c:\windows\SysWow64\temp.00A
2012-01-10 19:31 . 2010-11-03 18:55 444928 ----a-w- c:\windows\SysWow64\midas.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 21:51 . 2011-05-01 23:11 34688 ----a-w- c:\windows\system32\LMIport.dll
2011-12-19 21:51 . 2011-05-01 23:11 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-19 21:51 . 2011-05-01 23:11 80768 ----a-w- c:\windows\system32\LMIinit.dll
2011-12-04 07:03 . 2011-07-13 12:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-25 19:35 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-06 08:12 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33CC3CA3-6785-41C3-B722-F637E729022C}\mpengine.dll
2011-11-10 10:54 . 2011-06-20 17:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-05 05:32 . 2011-12-25 19:35 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-25 19:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-23 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Lexmark S800 Series"="c:\program files (x86)\Lexmark S800 Series\fm3032.exe" [2010-09-30 316184]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-16 136176]
R2 lxefCATSCustConnectService;lxefCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxefserv.exe [2010-09-09 45224]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-16 136176]
R3 PSPRSERV;PSPR Control Service;c:\program files (x86)\ElcomSoft\Proactive System Password Recovery\psprserv64.exe [2009-05-19 78336]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-06-01 116536]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-19 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 lxef_device;lxef_device;c:\windows\system32\lxefcoms.exe [2010-09-09 1070760]
S2 SecureConnectClientService;Secure Connect Client Service;c:\program files (x86)\Grasp Technologies\Secure Connect Client\SecureConnectClientService.exe [2011-04-18 61440]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-16 13:28]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-16 13:28]
.
2011-06-17 c:\windows\Tasks\Restart SC Client.job
- c:\program files (x86)\Grasp Technologies\Secure Connect Client\GRASP_Client_SC_Client_Restart_v2.x.bat [2011-04-18 13:42]
.
2012-01-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 83b66e8b-a59e-485e-8765-3e10b7bed63b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-01-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d859151f-7d56-4f2e-982e-cd70bfb69118.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"lxefmon.exe"="c:\program files (x86)\Lexmark S800 Series\lxefmon.exe" [2010-09-30 713384]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"EzPrint"="c:\program files (x86)\Lexmark S800 Series\ezprint.exe" [2010-09-30 148288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{69CD637B-0A1F-4338-B9F2-54486B35A807}: NameServer = 10.10.10.10
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\users\ktouloumis\AppData\Roaming\Mozilla\Firefox\Profiles\tgxjsyzq.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-IMBoosterARP - c:\program files (x86)\Iminent\IMBooster\inst\Bootstrapper\Bootstrapper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-26 20:57:45
ComboFix-quarantined-files.txt 2012-01-27 01:57
ComboFix2.txt 2012-01-22 04:56
.
Pre-Run: 104,079,278,080 bytes free
Post-Run: 104,142,942,208 bytes free
.
- - End Of File - - 79C3F282A9B274A4BCC4AD4FCDCD3E1C

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:30 AM

Posted 26 January 2012 - 09:23 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ny942631

ny942631
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 26 January 2012 - 09:56 PM

21:43:55.0292 2132 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
21:43:55.0573 2132 ============================================================
21:43:55.0573 2132 Current date / time: 2012/01/26 21:43:55.0573
21:43:55.0573 2132 SystemInfo:
21:43:55.0573 2132
21:43:55.0573 2132 OS Version: 6.1.7601 ServicePack: 1.0
21:43:55.0573 2132 Product type: Workstation
21:43:55.0573 2132 ComputerName: JPC-PC1
21:43:55.0573 2132 UserName: ktouloumis
21:43:55.0573 2132 Windows directory: C:\Windows
21:43:55.0573 2132 System windows directory: C:\Windows
21:43:55.0573 2132 Running under WOW64
21:43:55.0573 2132 Processor architecture: Intel x64
21:43:55.0573 2132 Number of processors: 2
21:43:55.0573 2132 Page size: 0x1000
21:43:55.0573 2132 Boot type: Normal boot
21:43:55.0573 2132 ============================================================
21:43:57.0023 2132 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:43:57.0133 2132 Initialize success
21:44:04.0496 1652 ============================================================
21:44:04.0496 1652 Scan started
21:44:04.0496 1652 Mode: Manual;
21:44:04.0496 1652 ============================================================
21:44:05.0026 1652 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:44:05.0026 1652 1394ohci - ok
21:44:05.0151 1652 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:44:05.0167 1652 ACPI - ok
21:44:05.0198 1652 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:44:05.0198 1652 AcpiPmi - ok
21:44:05.0276 1652 ADIHdAudAddService (560649e6a9c11f6124f97310ef387c45) C:\Windows\system32\drivers\ADIHdAud.sys
21:44:05.0276 1652 ADIHdAudAddService - ok
21:44:05.0401 1652 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:44:05.0401 1652 adp94xx - ok
21:44:05.0494 1652 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:44:05.0494 1652 adpahci - ok
21:44:05.0525 1652 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:44:05.0525 1652 adpu320 - ok
21:44:05.0650 1652 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:44:05.0650 1652 AFD - ok
21:44:05.0744 1652 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:44:05.0744 1652 agp440 - ok
21:44:05.0791 1652 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:44:05.0791 1652 aliide - ok
21:44:05.0822 1652 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:44:05.0822 1652 amdide - ok
21:44:05.0853 1652 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:44:05.0869 1652 AmdK8 - ok
21:44:05.0900 1652 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:44:05.0915 1652 AmdPPM - ok
21:44:05.0962 1652 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:44:05.0962 1652 amdsata - ok
21:44:06.0025 1652 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:44:06.0025 1652 amdsbs - ok
21:44:06.0087 1652 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:44:06.0087 1652 amdxata - ok
21:44:06.0134 1652 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:44:06.0134 1652 AppID - ok
21:44:06.0243 1652 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:44:06.0243 1652 arc - ok
21:44:06.0274 1652 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:44:06.0290 1652 arcsas - ok
21:44:06.0383 1652 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:44:06.0399 1652 AsyncMac - ok
21:44:06.0430 1652 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:44:06.0430 1652 atapi - ok
21:44:06.0555 1652 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:44:06.0555 1652 b06bdrv - ok
21:44:06.0617 1652 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:44:06.0617 1652 b57nd60a - ok
21:44:06.0680 1652 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:44:06.0680 1652 Beep - ok
21:44:06.0742 1652 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:44:06.0742 1652 blbdrive - ok
21:44:06.0789 1652 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:44:06.0789 1652 bowser - ok
21:44:06.0820 1652 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:44:06.0820 1652 BrFiltLo - ok
21:44:06.0836 1652 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:44:06.0836 1652 BrFiltUp - ok
21:44:06.0929 1652 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:44:06.0945 1652 BridgeMP - ok
21:44:06.0976 1652 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:44:06.0976 1652 Brserid - ok
21:44:06.0992 1652 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:44:06.0992 1652 BrSerWdm - ok
21:44:07.0085 1652 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:44:07.0085 1652 BrUsbMdm - ok
21:44:07.0117 1652 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:44:07.0117 1652 BrUsbSer - ok
21:44:07.0148 1652 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:44:07.0148 1652 BTHMODEM - ok
21:44:07.0163 1652 catchme - ok
21:44:07.0241 1652 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:44:07.0241 1652 cdfs - ok
21:44:07.0304 1652 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:44:07.0304 1652 cdrom - ok
21:44:07.0397 1652 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:44:07.0397 1652 circlass - ok
21:44:07.0429 1652 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:44:07.0429 1652 CLFS - ok
21:44:07.0522 1652 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:44:07.0522 1652 CmBatt - ok
21:44:07.0538 1652 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:44:07.0538 1652 cmdide - ok
21:44:07.0569 1652 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:44:07.0585 1652 CNG - ok
21:44:07.0600 1652 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:44:07.0600 1652 Compbatt - ok
21:44:07.0647 1652 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:44:07.0663 1652 CompositeBus - ok
21:44:07.0694 1652 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:44:07.0709 1652 crcdisk - ok
21:44:07.0756 1652 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:44:07.0756 1652 CSC - ok
21:44:07.0850 1652 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:44:07.0865 1652 DfsC - ok
21:44:07.0897 1652 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:44:07.0897 1652 discache - ok
21:44:07.0975 1652 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:44:07.0975 1652 Disk - ok
21:44:08.0021 1652 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:44:08.0021 1652 drmkaud - ok
21:44:08.0068 1652 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:44:08.0084 1652 DXGKrnl - ok
21:44:08.0162 1652 e1kexpress (e6bdb3c7ef35d82ff987576b9cf07a57) C:\Windows\system32\DRIVERS\e1k62x64.sys
21:44:08.0162 1652 e1kexpress - ok
21:44:08.0255 1652 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:44:08.0333 1652 ebdrv - ok
21:44:08.0396 1652 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:44:08.0411 1652 elxstor - ok
21:44:08.0458 1652 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:44:08.0458 1652 ErrDev - ok
21:44:08.0489 1652 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:44:08.0489 1652 exfat - ok
21:44:08.0521 1652 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:44:08.0521 1652 fastfat - ok
21:44:08.0599 1652 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:44:08.0599 1652 fdc - ok
21:44:08.0630 1652 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:44:08.0630 1652 FileInfo - ok
21:44:08.0645 1652 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:44:08.0645 1652 Filetrace - ok
21:44:08.0692 1652 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:44:08.0692 1652 flpydisk - ok
21:44:08.0723 1652 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:44:08.0739 1652 FltMgr - ok
21:44:08.0770 1652 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:44:08.0770 1652 FsDepends - ok
21:44:08.0801 1652 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:44:08.0801 1652 Fs_Rec - ok
21:44:08.0848 1652 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:44:08.0848 1652 fvevol - ok
21:44:08.0895 1652 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:44:08.0911 1652 gagp30kx - ok
21:44:09.0004 1652 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:44:09.0004 1652 hcw85cir - ok
21:44:09.0098 1652 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:44:09.0113 1652 HdAudAddService - ok
21:44:09.0207 1652 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:44:09.0207 1652 HDAudBus - ok
21:44:09.0238 1652 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:44:09.0238 1652 HidBatt - ok
21:44:09.0254 1652 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:44:09.0254 1652 HidBth - ok
21:44:09.0269 1652 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:44:09.0269 1652 HidIr - ok
21:44:09.0332 1652 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:44:09.0332 1652 HidUsb - ok
21:44:09.0379 1652 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:44:09.0425 1652 HpSAMD - ok
21:44:09.0472 1652 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:44:09.0488 1652 HTTP - ok
21:44:09.0535 1652 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:44:09.0535 1652 hwpolicy - ok
21:44:09.0613 1652 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:44:09.0613 1652 i8042prt - ok
21:44:09.0659 1652 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:44:09.0659 1652 iaStorV - ok
21:44:09.0909 1652 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:44:10.0065 1652 igfx - ok
21:44:10.0159 1652 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:44:10.0159 1652 iirsp - ok
21:44:10.0237 1652 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:44:10.0237 1652 intelide - ok
21:44:10.0268 1652 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:44:10.0268 1652 intelppm - ok
21:44:10.0346 1652 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:44:10.0346 1652 IpFilterDriver - ok
21:44:10.0393 1652 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:44:10.0408 1652 IPMIDRV - ok
21:44:10.0439 1652 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:44:10.0439 1652 IPNAT - ok
21:44:10.0486 1652 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:44:10.0486 1652 IRENUM - ok
21:44:10.0533 1652 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:44:10.0533 1652 isapnp - ok
21:44:10.0564 1652 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:44:10.0580 1652 iScsiPrt - ok
21:44:10.0658 1652 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:44:10.0658 1652 kbdclass - ok
21:44:10.0705 1652 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:44:10.0720 1652 kbdhid - ok
21:44:10.0829 1652 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
21:44:10.0845 1652 KL1 - ok
21:44:10.0907 1652 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
21:44:10.0907 1652 kl2 - ok
21:44:11.0017 1652 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
21:44:11.0032 1652 KLIF - ok
21:44:11.0141 1652 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
21:44:11.0141 1652 KLIM6 - ok
21:44:11.0188 1652 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
21:44:11.0188 1652 klmouflt - ok
21:44:11.0251 1652 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:44:11.0251 1652 KSecDD - ok
21:44:11.0266 1652 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:44:11.0266 1652 KSecPkg - ok
21:44:11.0313 1652 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:44:11.0313 1652 ksthunk - ok
21:44:11.0344 1652 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:44:11.0344 1652 lltdio - ok
21:44:11.0469 1652 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
21:44:11.0469 1652 LMIInfo - ok
21:44:11.0563 1652 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
21:44:11.0563 1652 lmimirr - ok
21:44:11.0641 1652 LMIRfsClientNP - ok
21:44:11.0687 1652 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
21:44:11.0687 1652 LMIRfsDriver - ok
21:44:11.0734 1652 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:44:11.0750 1652 LSI_FC - ok
21:44:11.0765 1652 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:44:11.0765 1652 LSI_SAS - ok
21:44:11.0781 1652 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:44:11.0781 1652 LSI_SAS2 - ok
21:44:11.0812 1652 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:44:11.0812 1652 LSI_SCSI - ok
21:44:11.0843 1652 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:44:11.0843 1652 luafv - ok
21:44:11.0953 1652 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:44:11.0953 1652 megasas - ok
21:44:11.0984 1652 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:44:11.0984 1652 MegaSR - ok
21:44:12.0015 1652 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:44:12.0015 1652 Modem - ok
21:44:12.0093 1652 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:44:12.0093 1652 monitor - ok
21:44:12.0124 1652 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:44:12.0124 1652 mouclass - ok
21:44:12.0187 1652 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:44:12.0187 1652 mouhid - ok
21:44:12.0249 1652 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:44:12.0249 1652 mountmgr - ok
21:44:12.0296 1652 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:44:12.0296 1652 mpio - ok
21:44:12.0327 1652 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:44:12.0327 1652 mpsdrv - ok
21:44:12.0374 1652 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:44:12.0389 1652 MRxDAV - ok
21:44:12.0421 1652 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:44:12.0421 1652 mrxsmb - ok
21:44:12.0467 1652 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:44:12.0467 1652 mrxsmb10 - ok
21:44:12.0499 1652 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:44:12.0499 1652 mrxsmb20 - ok
21:44:12.0545 1652 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:44:12.0545 1652 msahci - ok
21:44:12.0577 1652 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:44:12.0592 1652 msdsm - ok
21:44:12.0670 1652 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:44:12.0670 1652 Msfs - ok
21:44:12.0686 1652 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:44:12.0686 1652 mshidkmdf - ok
21:44:12.0717 1652 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:44:12.0717 1652 msisadrv - ok
21:44:12.0764 1652 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:44:12.0764 1652 MSKSSRV - ok
21:44:12.0764 1652 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:44:12.0764 1652 MSPCLOCK - ok
21:44:12.0779 1652 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:44:12.0779 1652 MSPQM - ok
21:44:12.0826 1652 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:44:12.0826 1652 MsRPC - ok
21:44:12.0873 1652 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:44:12.0873 1652 mssmbios - ok
21:44:12.0920 1652 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:44:12.0920 1652 MSTEE - ok
21:44:12.0967 1652 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:44:12.0967 1652 MTConfig - ok
21:44:12.0982 1652 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:44:12.0982 1652 Mup - ok
21:44:13.0091 1652 NAL (f517103851871222fea84379edeb4373) C:\Windows\system32\Drivers\iqvw64e.sys
21:44:13.0091 1652 NAL - ok
21:44:13.0138 1652 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:44:13.0154 1652 NativeWifiP - ok
21:44:13.0247 1652 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:44:13.0279 1652 NDIS - ok
21:44:13.0310 1652 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:44:13.0310 1652 NdisCap - ok
21:44:13.0325 1652 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:44:13.0325 1652 NdisTapi - ok
21:44:13.0357 1652 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:44:13.0372 1652 Ndisuio - ok
21:44:13.0403 1652 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:44:13.0403 1652 NdisWan - ok
21:44:13.0435 1652 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:44:13.0435 1652 NDProxy - ok
21:44:13.0528 1652 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:44:13.0528 1652 NetBIOS - ok
21:44:13.0559 1652 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:44:13.0559 1652 NetBT - ok
21:44:13.0684 1652 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:44:13.0684 1652 nfrd960 - ok
21:44:13.0731 1652 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:44:13.0731 1652 Npfs - ok
21:44:13.0747 1652 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:44:13.0747 1652 nsiproxy - ok
21:44:13.0809 1652 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:44:13.0840 1652 Ntfs - ok
21:44:13.0887 1652 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:44:13.0887 1652 Null - ok
21:44:13.0934 1652 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:44:13.0934 1652 nvraid - ok
21:44:13.0949 1652 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:44:13.0949 1652 nvstor - ok
21:44:14.0043 1652 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:44:14.0043 1652 nv_agp - ok
21:44:14.0090 1652 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:44:14.0090 1652 ohci1394 - ok
21:44:14.0183 1652 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:44:14.0183 1652 Parport - ok
21:44:14.0230 1652 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:44:14.0230 1652 partmgr - ok
21:44:14.0261 1652 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:44:14.0277 1652 pci - ok
21:44:14.0308 1652 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:44:14.0308 1652 pciide - ok
21:44:14.0355 1652 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:44:14.0355 1652 pcmcia - ok
21:44:14.0386 1652 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:44:14.0386 1652 pcw - ok
21:44:14.0558 1652 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:44:14.0605 1652 PEAUTH - ok
21:44:14.0745 1652 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:44:14.0745 1652 PptpMiniport - ok
21:44:14.0792 1652 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:44:14.0792 1652 Processor - ok
21:44:14.0854 1652 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:44:14.0854 1652 Psched - ok
21:44:14.0932 1652 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:44:14.0948 1652 ql2300 - ok
21:44:14.0979 1652 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:44:14.0979 1652 ql40xx - ok
21:44:15.0010 1652 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:44:15.0010 1652 QWAVEdrv - ok
21:44:15.0010 1652 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:44:15.0026 1652 RasAcd - ok
21:44:15.0057 1652 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:44:15.0057 1652 RasAgileVpn - ok
21:44:15.0088 1652 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:44:15.0104 1652 Rasl2tp - ok
21:44:15.0119 1652 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:44:15.0119 1652 RasPppoe - ok
21:44:15.0151 1652 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:44:15.0151 1652 RasSstp - ok
21:44:15.0197 1652 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:44:15.0197 1652 rdbss - ok
21:44:15.0229 1652 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:44:15.0229 1652 rdpbus - ok
21:44:15.0244 1652 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:44:15.0244 1652 RDPCDD - ok
21:44:15.0275 1652 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:44:15.0291 1652 RDPDR - ok
21:44:15.0353 1652 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:44:15.0353 1652 RDPENCDD - ok
21:44:15.0369 1652 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:44:15.0369 1652 RDPREFMP - ok
21:44:15.0400 1652 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:44:15.0400 1652 RdpVideoMiniport - ok
21:44:15.0447 1652 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:44:15.0447 1652 RDPWD - ok
21:44:15.0541 1652 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:44:15.0556 1652 rdyboost - ok
21:44:15.0650 1652 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:44:15.0650 1652 RimUsb - ok
21:44:15.0759 1652 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
21:44:15.0759 1652 RimVSerPort - ok
21:44:15.0790 1652 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
21:44:15.0790 1652 ROOTMODEM - ok
21:44:15.0868 1652 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:44:15.0884 1652 rspndr - ok
21:44:15.0915 1652 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:44:15.0915 1652 s3cap - ok
21:44:15.0962 1652 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:44:15.0962 1652 SASDIFSV - ok
21:44:15.0993 1652 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:44:15.0993 1652 SASKUTIL - ok
21:44:16.0071 1652 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:44:16.0071 1652 sbp2port - ok
21:44:16.0102 1652 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:44:16.0102 1652 scfilter - ok
21:44:16.0180 1652 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:44:16.0180 1652 secdrv - ok
21:44:16.0243 1652 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:44:16.0243 1652 Serenum - ok
21:44:16.0258 1652 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:44:16.0258 1652 Serial - ok
21:44:16.0289 1652 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:44:16.0305 1652 sermouse - ok
21:44:16.0336 1652 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:44:16.0336 1652 sffdisk - ok
21:44:16.0352 1652 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:44:16.0352 1652 sffp_mmc - ok
21:44:16.0367 1652 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:44:16.0367 1652 sffp_sd - ok
21:44:16.0399 1652 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:44:16.0399 1652 sfloppy - ok
21:44:16.0430 1652 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:44:16.0445 1652 SiSRaid2 - ok
21:44:16.0461 1652 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:44:16.0461 1652 SiSRaid4 - ok
21:44:16.0508 1652 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:44:16.0508 1652 Smb - ok
21:44:16.0539 1652 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:44:16.0539 1652 spldr - ok
21:44:16.0586 1652 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:44:16.0586 1652 srv - ok
21:44:16.0633 1652 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:44:16.0633 1652 srv2 - ok
21:44:16.0726 1652 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:44:16.0726 1652 srvnet - ok
21:44:16.0820 1652 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:44:16.0820 1652 stexstor - ok
21:44:16.0851 1652 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:44:16.0851 1652 storflt - ok
21:44:16.0867 1652 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:44:16.0867 1652 storvsc - ok
21:44:16.0882 1652 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:44:16.0898 1652 swenum - ok
21:44:16.0913 1652 Synth3dVsc - ok
21:44:16.0991 1652 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:44:17.0038 1652 Tcpip - ok
21:44:17.0116 1652 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:44:17.0132 1652 TCPIP6 - ok
21:44:17.0194 1652 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:44:17.0194 1652 tcpipreg - ok
21:44:17.0225 1652 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:44:17.0225 1652 TDPIPE - ok
21:44:17.0241 1652 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:44:17.0241 1652 TDTCP - ok
21:44:17.0272 1652 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:44:17.0272 1652 tdx - ok
21:44:17.0319 1652 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:44:17.0319 1652 TermDD - ok
21:44:17.0366 1652 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
21:44:17.0381 1652 TPM - ok
21:44:17.0413 1652 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:44:17.0413 1652 tssecsrv - ok
21:44:17.0444 1652 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:44:17.0459 1652 TsUsbFlt - ok
21:44:17.0475 1652 tsusbhub - ok
21:44:17.0553 1652 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:44:17.0553 1652 tunnel - ok
21:44:17.0584 1652 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:44:17.0584 1652 uagp35 - ok
21:44:17.0631 1652 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:44:17.0631 1652 udfs - ok
21:44:17.0693 1652 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:44:17.0693 1652 uliagpkx - ok
21:44:17.0740 1652 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:44:17.0740 1652 umbus - ok
21:44:17.0771 1652 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:44:17.0771 1652 UmPass - ok
21:44:17.0818 1652 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:44:17.0818 1652 usbccgp - ok
21:44:17.0849 1652 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:44:17.0865 1652 usbcir - ok
21:44:17.0881 1652 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:44:17.0881 1652 usbehci - ok
21:44:17.0912 1652 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:44:17.0912 1652 usbhub - ok
21:44:17.0927 1652 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:44:17.0927 1652 usbohci - ok
21:44:17.0959 1652 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:44:17.0959 1652 usbprint - ok
21:44:18.0005 1652 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:44:18.0005 1652 usbscan - ok
21:44:18.0052 1652 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:44:18.0052 1652 USBSTOR - ok
21:44:18.0068 1652 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:44:18.0068 1652 usbuhci - ok
21:44:18.0115 1652 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:44:18.0115 1652 vdrvroot - ok
21:44:18.0146 1652 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:44:18.0146 1652 vga - ok
21:44:18.0177 1652 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:44:18.0177 1652 VgaSave - ok
21:44:18.0193 1652 VGPU - ok
21:44:18.0239 1652 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:44:18.0239 1652 vhdmp - ok
21:44:18.0271 1652 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:44:18.0271 1652 viaide - ok
21:44:18.0286 1652 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:44:18.0286 1652 vmbus - ok
21:44:18.0333 1652 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:44:18.0333 1652 VMBusHID - ok
21:44:18.0364 1652 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:44:18.0364 1652 volmgr - ok
21:44:18.0411 1652 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:44:18.0427 1652 volmgrx - ok
21:44:18.0473 1652 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:44:18.0473 1652 volsnap - ok
21:44:18.0567 1652 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
21:44:18.0567 1652 vpcbus - ok
21:44:18.0661 1652 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:44:18.0661 1652 vpcnfltr - ok
21:44:18.0707 1652 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
21:44:18.0723 1652 vpcusb - ok
21:44:18.0801 1652 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
21:44:18.0801 1652 vpcvmm - ok
21:44:18.0848 1652 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:44:18.0848 1652 vsmraid - ok
21:44:18.0863 1652 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:44:18.0863 1652 vwifibus - ok
21:44:18.0895 1652 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:44:18.0895 1652 WacomPen - ok
21:44:18.0957 1652 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:44:18.0957 1652 WANARP - ok
21:44:18.0957 1652 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:44:18.0973 1652 Wanarpv6 - ok
21:44:19.0066 1652 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:44:19.0066 1652 Wd - ok
21:44:19.0097 1652 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:44:19.0113 1652 Wdf01000 - ok
21:44:19.0207 1652 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:44:19.0207 1652 WfpLwf - ok
21:44:19.0222 1652 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:44:19.0222 1652 WIMMount - ok
21:44:19.0331 1652 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:44:19.0331 1652 WmiAcpi - ok
21:44:19.0378 1652 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:44:19.0378 1652 ws2ifsl - ok
21:44:19.0425 1652 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:44:19.0425 1652 WudfPf - ok
21:44:19.0441 1652 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:44:19.0441 1652 WUDFRd - ok
21:44:19.0472 1652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:44:19.0503 1652 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:44:19.0503 1652 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:44:19.0534 1652 Boot (0x1200) (04766a36954a82f1b85cc51e5432d22d) \Device\Harddisk0\DR0\Partition0
21:44:19.0534 1652 \Device\Harddisk0\DR0\Partition0 - ok
21:44:19.0550 1652 Boot (0x1200) (9d5ce1442263ba8ceb902f732ff1a266) \Device\Harddisk0\DR0\Partition1
21:44:19.0550 1652 \Device\Harddisk0\DR0\Partition1 - ok
21:44:19.0550 1652 ============================================================
21:44:19.0550 1652 Scan finished
21:44:19.0550 1652 ============================================================
21:44:19.0550 5592 Detected object count: 1
21:44:19.0550 5592 Actual detected object count: 1
21:45:08.0643 5592 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
21:45:08.0643 5592 \Device\Harddisk0\DR0 - ok
21:45:08.0643 5592 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
21:45:14.0197 1316 Deinitialize success

#9 ny942631

ny942631
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 26 January 2012 - 09:59 PM

That did it! Thank you so much!!! You guys are the best!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:30 AM

Posted 26 January 2012 - 10:37 PM

Greetings

Thank you!!

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ny942631

ny942631
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 29 January 2012 - 02:57 PM

Here is the log from the last run. PC is fine. Combofix run pretty fast too.

ComboFix 12-01-29.02 - ktouloumis 01/29/2012 14:33:13.4.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3799.2183 [GMT -5:00]
Running from: c:\users\ktouloumis\Desktop\ComboFix.exe
Command switches used :: c:\users\ktouloumis\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-29 19:39 . 2012-01-29 19:39 -------- d-----w- c:\users\pteas\AppData\Local\temp
2012-01-29 19:39 . 2012-01-29 19:39 -------- d-----w- c:\users\jperl\AppData\Local\temp
2012-01-29 19:39 . 2012-01-29 19:39 -------- d-----w- c:\users\fbean\AppData\Local\temp
2012-01-29 19:39 . 2012-01-29 19:39 -------- d-----w- c:\users\engineer\AppData\Local\temp
2012-01-29 19:39 . 2012-01-29 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-29 19:39 . 2012-01-29 19:39 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-01-27 14:35 . 2012-01-27 14:35 -------- d-----w- c:\program files\Microsoft Silverlight
2012-01-27 14:35 . 2012-01-27 14:35 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-01-27 00:40 . 2012-01-27 00:40 -------- d-----w- c:\programdata\WinZip
2012-01-24 21:09 . 2012-01-24 21:09 -------- d-----w- c:\programdata\Yahoo!
2012-01-24 21:09 . 2012-01-24 21:09 -------- d-----w- c:\programdata\Yahoo! Companion
2012-01-24 21:09 . 2012-01-24 21:09 -------- d-----w- c:\program files (x86)\Yahoo!
2012-01-24 21:09 . 2012-01-24 21:09 -------- d-----w- c:\users\ktouloumis\AppData\Roaming\Yahoo!
2012-01-24 21:09 . 2012-01-24 21:09 -------- d-----w- c:\program files (x86)\7-Zip
2012-01-23 14:12 . 2012-01-23 15:23 -------- d-----w- c:\program files (x86)\ShowMyPCService
2012-01-23 03:03 . 2012-01-23 03:03 -------- d-----w- c:\users\ktouloumis\AppData\Roaming\SUPERAntiSpyware.com
2012-01-23 03:03 . 2012-01-23 03:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-23 03:03 . 2012-01-23 03:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-22 05:02 . 2012-01-29 18:22 -------- d-----w- c:\programdata\Kaspersky Lab
2012-01-22 05:02 . 2012-01-22 05:02 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-01-22 04:42 . 2012-01-29 19:27 -------- d-----w- C:\junk
2012-01-20 00:34 . 2012-01-29 19:39 -------- d-----w- c:\users\ktouloumis\AppData\Local\temp
2012-01-19 22:50 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll0129.old
2012-01-19 22:50 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll0129.old
2012-01-19 22:50 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll0129.old
2012-01-19 22:45 . 2012-01-19 23:08 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-01-19 21:56 . 2012-01-19 21:56 -------- d-----w- c:\users\dshapiro
2012-01-11 17:02 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 17:02 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 17:02 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 17:02 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 17:02 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 17:02 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 17:02 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 17:02 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 19:31 . 2012-01-10 19:31 -------- d-----w- c:\windows\SysWow64\TRAMS
2012-01-10 19:31 . 2008-04-14 09:42 343040 ----a-w- c:\windows\SysWow64\temp.00B
2012-01-10 19:31 . 2008-04-14 09:41 1028096 ----a-w- c:\windows\SysWow64\temp.00A
2012-01-10 19:31 . 2010-11-03 18:55 444928 ----a-w- c:\windows\SysWow64\midas.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 21:51 . 2011-05-01 23:11 34688 ----a-w- c:\windows\system32\LMIport.dll
2011-12-19 21:51 . 2011-05-01 23:11 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-19 21:51 . 2011-05-01 23:11 80768 ----a-w- c:\windows\system32\LMIinit.dll
2011-12-04 07:03 . 2011-07-13 12:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-25 19:35 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-06 08:12 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33CC3CA3-6785-41C3-B722-F637E729022C}\mpengine.dll
2011-11-10 10:54 . 2011-06-20 17:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-05 05:32 . 2011-12-25 19:35 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-25 19:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-23 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Lexmark S800 Series"="c:\program files (x86)\Lexmark S800 Series\fm3032.exe" [2010-09-30 316184]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-16 136176]
R2 lxefCATSCustConnectService;lxefCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxefserv.exe [2010-09-09 45224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-16 136176]
R3 PSPRSERV;PSPR Control Service;c:\program files (x86)\ElcomSoft\Proactive System Password Recovery\psprserv64.exe [2009-05-19 78336]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-06-01 116536]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-19 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 lxef_device;lxef_device;c:\windows\system32\lxefcoms.exe [2010-09-09 1070760]
S2 SecureConnectClientService;Secure Connect Client Service;c:\program files (x86)\Grasp Technologies\Secure Connect Client\SecureConnectClientService.exe [2011-04-18 61440]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-16 13:28]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-16 13:28]
.
2011-06-17 c:\windows\Tasks\Restart SC Client.job
- c:\program files (x86)\Grasp Technologies\Secure Connect Client\GRASP_Client_SC_Client_Restart_v2.x.bat [2011-04-18 13:42]
.
2012-01-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 83b66e8b-a59e-485e-8765-3e10b7bed63b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-01-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d859151f-7d56-4f2e-982e-cd70bfb69118.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"lxefmon.exe"="c:\program files (x86)\Lexmark S800 Series\lxefmon.exe" [2010-09-30 713384]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"EzPrint"="c:\program files (x86)\Lexmark S800 Series\ezprint.exe" [2010-09-30 148288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{69CD637B-0A1F-4338-B9F2-54486B35A807}: NameServer = 10.10.10.10
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\users\ktouloumis\AppData\Roaming\Mozilla\Firefox\Profiles\tgxjsyzq.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-IMBoosterARP - c:\program files (x86)\Iminent\IMBooster\inst\Bootstrapper\Bootstrapper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-29 14:42:37
ComboFix-quarantined-files.txt 2012-01-29 19:42
.
Pre-Run: 104,514,678,784 bytes free
Post-Run: 104,463,491,072 bytes free
.
- - End Of File - - 9C635290D92F65F0EA759AE061DFE0D2

#12 ny942631

ny942631
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 29 January 2012 - 02:58 PM

Once again thank you Gringo for you help. Please let me know if all bad stuff is gone.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:30 AM

Posted 29 January 2012 - 03:07 PM

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ny942631

ny942631
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 29 January 2012 - 03:36 PM

run TFC
run Malware bytes (found nothing)

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ktouloumis :: JPC-PC1 [administrator]

Protection: Enabled

1/29/2012 3:21:57 PM
mbam-log-2012-01-29 (15-21-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288098
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 ny942631

ny942631
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 29 January 2012 - 03:39 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:31:03 PM, on 1/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark S800 Series\ezprint.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Lexmark S800 Series] "C:\Program Files (x86)\Lexmark S800 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Users\ktouloumis\Desktop\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Users\ktouloumis\Desktop\Fiddler2\Fiddler.exe" (file missing)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} (Jeopardy Control) - http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://clientbase.webex.com/client/T26L/event/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jpcruises.int
O17 - HKLM\System\CCS\Services\Tcpip\..\{69CD637B-0A1F-4338-B9F2-54486B35A807}: NameServer = 10.10.10.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jpcruises.int
O17 - HKLM\System\CS1\Services\Tcpip\..\{69CD637B-0A1F-4338-B9F2-54486B35A807}: NameServer = 10.10.10.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = jpcruises.int
O17 - HKLM\System\CS2\Services\Tcpip\..\{69CD637B-0A1F-4338-B9F2-54486B35A807}: NameServer = 10.10.10.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\SysWOW64\atashost.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: lxefCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxefserv.exe
O23 - Service: lxef_device - - C:\Windows\system32\lxefcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PSPR Control Service (PSPRSERV) - ElcomSoft Co. Ltd. - C:\Program Files (x86)\ElcomSoft\Proactive System Password Recovery\psprserv64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secure Connect Client Service (SecureConnectClientService) - Unknown owner - C:\Program Files (x86)\Grasp Technologies\Secure Connect Client\SecureConnectClientService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11884 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users