Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple iexplore.exe non-stop publicity


  • This topic is locked This topic is locked
42 replies to this topic

#1 Louispg

Louispg

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 03 February 2012 - 11:31 AM

Hi there !

My name is Louis and my computer is certainly infected by something; everytime I open IE8 once, then 9 more open with various commercials (some with sound I can hear !) and my NOD32 goes nuts trying to block all these URLS.

I did a few scans (NOD32, Malwarebytes, Adware, AVG) and they didn't find anything.

Here are my basic logs :

DDS :
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Elmo at 11:04:49 on 2012-02-03
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.2.1036.18.3950.2495 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\lxebcoms.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\SysWOW64\Rezip.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\SysWoW64\svchost.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\msdt.exe
C:\windows\SysWOW64\sdiagnhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Lexmark : {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: !{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Lexmark Pro200-S500 Series] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\fm3032.exe" /s
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Envoyer à OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 10.10.10.23
TCP: Interfaces\{76A3D829-BEE9-4064-BC93-08388942B791} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{784D460A-10DD-412A-8568-55E9FC50BD98} : DhcpNameServer = 10.10.10.23
TCP: Interfaces\{B00EA1F2-4824-43DD-B3BA-8E207D96687F} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B00EA1F2-4824-43DD-B3BA-8E207D96687F}\2454C4C4535353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B00EA1F2-4824-43DD-B3BA-8E207D96687F}\455636860225F6F6D6 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{D2C5E510-BE6D-42CC-9F61-E4F939078474}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Lexmark Pro200-S500 Series] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\fm3032.exe" /s
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 eamonm;eamonm;C:\windows\system32\DRIVERS\eamonm.sys --> C:\windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\windows\system32\DRIVERS\epfwwfpr.sys --> C:\windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 lxeb_device;lxeb_device;C:\windows\system32\lxebcoms.exe -service --> C:\windows\system32\lxebcoms.exe -service [?]
R2 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-4-25 311296]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxebserv.exe [2011-7-6 45736]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Service Windows Live Contrôle parental;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-03 15:51:35 845 ----a-w- C:\ProgramData\mseqbaa.tmp
2012-02-03 15:50:56 834 ----a-w- C:\ProgramData\qseqbaa.tmp
2012-02-03 15:50:50 819 ----a-w- C:\ProgramData\pseqbaa.tmp
2012-02-03 15:50:45 810 ----a-w- C:\ProgramData\oseqbaa.tmp
2012-02-03 15:50:40 839 ----a-w- C:\ProgramData\nseqbaa.tmp
2012-02-03 15:46:41 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-03 15:44:52 872 ----a-w- C:\ProgramData\ldqfcaa.tmp
2012-02-03 15:43:47 831 ----a-w- C:\ProgramData\kdqfcaa.tmp
2012-02-03 15:43:07 856 ----a-w- C:\ProgramData\odqfcaa.tmp
2012-02-03 15:43:02 819 ----a-w- C:\ProgramData\ndqfcaa.tmp
2012-02-03 15:42:58 811 ----a-w- C:\ProgramData\mdqfcaa.tmp
2012-02-03 15:20:46 98816 ----a-w- C:\windows\sed.exe
2012-02-03 15:20:46 518144 ----a-w- C:\windows\SWREG.exe
2012-02-03 15:20:46 256000 ----a-w- C:\windows\PEV.exe
2012-02-03 15:20:46 208896 ----a-w- C:\windows\MBR.exe
2012-02-03 15:05:18 388096 ----a-r- C:\Users\Elmo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-03 15:05:18 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-03 13:12:18 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-02-03 13:12:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-01 00:07:31 -------- d-----w- C:\Program Files\ESET
2012-01-29 15:39:08 -------- d-----w- C:\Users\Elmo\AppData\Roaming\Malwarebytes
2012-01-29 15:38:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-23 17:06:38 -------- d-----w- C:\Users\Elmo\AppData\Local\App
2012-01-20 17:14:15 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24517D5E-B80E-4B0C-9F95-05A84CE322ED}\mpengine.dll
2012-01-18 19:41:26 -------- d-----w- C:\Users\Elmo\AppData\Local\kbdapiSched
2012-01-16 15:34:16 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-01-16 15:34:16 1572864 ----a-w- C:\windows\System32\quartz.dll
2012-01-16 15:34:16 1328128 ----a-w- C:\windows\SysWow64\quartz.dll
2012-01-16 15:34:15 77312 ----a-w- C:\windows\System32\packager.dll
2012-01-16 15:34:15 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-01-16 15:34:15 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-01-16 15:34:15 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-01-16 15:34:15 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
.
==================== Find3M ====================
.
2012-01-03 14:01:16 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2011-11-15 19:29:56 270720 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 11:05:33,74 ===============


GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-03 11:30:40
Windows 6.1.7601 Service Pack 1
Running: uuvpxeil.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654eb87
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f56e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe9ad52e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654eb87 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f56e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe9ad52e (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\kristin-cavallari-values-privacy-baby-582455[1].htm 38624 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\sendtracker[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\line_dots_fade[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\errorPageStrings[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\kardashian-top-040211-10[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\H;alias=toromagazine_features_talkingto_300x250_1;size=300x250;loc=300;target=_blank;key=;grp=368;misc=1328285141080;aduho=-300;rdclick=[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\background_gradient[1] 453 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\kim-karis-052711-7[1].jpg 4994 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\__utm[2].gif 4903 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\280x160_FOOD_EPS64_FriedChicken_CU[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\65x40_DRINKS_EPS69_WisersSquare_thumb[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\65x40_THUMBNAIL_VodkaMartini[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\http_404[1] 6593 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\kim-add-021311-2[1].jpg 4832 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\kim-kardashian-021411-12[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\kim-kardashian-022311-3[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\kim-karis-052711-14[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\kim-karis-052711-2[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\kim-karis-052711-5[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\btn_plus[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\ws-vid-btn-close[1].png 497 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPWKS1V\dotted_divider[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCHMDYB\blake-lively-covers-elle-march-2012-581937[1].htm 52267 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCHMDYB\kim-karis-052711-10[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCHMDYB\kim-karis-052711-11[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCHMDYB\kim-karis-052711-13[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCHMDYB\kim-karis-052711-16[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCHMDYB\kim-karis-052711-4[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCHMDYB\count[2].json 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCHMDYB\ErrorPageTemplate[1] 2168 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCHMDYB\discovertheforest_org[1].htm 11166 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCHMDYB\bullet[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCHMDYB\httpErrorPagesScripts[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCHMDYB\kim-030811-2[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCHMDYB\kim-add-013011-1[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\1028393326[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\info_48[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\WladimirKlitschko[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\kim-kardashian-022011-16[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\kim-kardashian-humphries-amber-show[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\kim-kardashian-inland-empire-feb2011-2[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\kim-karis-052711-3[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\kim-karis-052711-6[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\kim-karis-052711-9[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\jsadimp[1].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\__utm[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\65x40_mikedojcTORO[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\spam_code[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\206x123_AndyKindlerThumb[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\like[7].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGA1LSAD\s95192370041897[1].txt 4983 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\like[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\65x40_HandymanChallenge_thumb[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\statstracker[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\oauth[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\320x182_ListedMusic[1].jpg 11562 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\favicon[8].ico 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\flashmediaelement[3].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\glamadapt_jsrv[1].act 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\iconsmallsolidarrow[4].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\iconsmallsolidarrow[5].jpg 466 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\kim-karis-052711-12[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\kim-karis-052711-15[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\kim-karis-052711-1[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\kim-karis-052711-8[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\kim-kardashian-021611-8[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAKRSDIR\kim-kardashian-022711-7[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FD3BLVOH.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8H3OD6OC.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PF3IBIFM.txt 1706 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CWJGA7N2.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KC7O46MU.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KSSQI4DP.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\S8YRX2TO.txt 695 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BMEW589A.txt 1517 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\IV4QDLHN.txt 1944 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6UEW9P5P.txt 3002 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YANCQLO5.txt 196 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3L5NZVN8.txt 1153 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\EIS7UH3T.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ELFWRMS2.txt 226 bytes
File C:\Windows\temp\~DF9C14C02CB73F159F.TMP 16384 bytes
File C:\Windows\temp\~DF1BB33B7309BD619F.TMP 16384 bytes

---- EOF - GMER 1.0.15 ----


Thank you !!!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 05 February 2012 - 12:28 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Louispg

Louispg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 06 February 2012 - 08:32 AM

ComboFix 12-02-03.02 - Elmo 2012-02-06 8:12.4.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.2.1036.18.3950.2847 [GMT -5:00]
Lancé depuis: c:\users\Elmo\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
* Un antivirus résident est actif
.
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\kdqfcaa.tmp
c:\programdata\ldqfcaa.tmp
c:\programdata\mdqfcaa.tmp
c:\programdata\mseqbaa.tmp
c:\programdata\ndqfcaa.tmp
c:\programdata\nseqbaa.tmp
c:\programdata\odqfcaa.tmp
c:\programdata\oseqbaa.tmp
c:\programdata\pseqbaa.tmp
c:\programdata\qseqbaa.tmp
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-01-06 au 2012-02-06 ))))))))))))))))))))))))))))))))))))
.
.
2012-02-06 13:18 . 2012-02-06 13:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-03 15:05 . 2012-02-03 15:05 388096 ----a-r- c:\users\Elmo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-03 15:05 . 2012-02-03 15:05 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-03 13:12 . 2012-02-03 13:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-03 13:12 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 00:07 . 2012-02-01 00:07 -------- d-----w- c:\program files\ESET
2012-01-29 15:39 . 2012-01-29 15:39 -------- d-----w- c:\users\Elmo\AppData\Roaming\Malwarebytes
2012-01-29 15:38 . 2012-01-29 15:38 -------- d-----w- c:\programdata\Malwarebytes
2012-01-23 17:06 . 2012-01-29 16:24 -------- d-----w- c:\users\Elmo\AppData\Local\App
2012-01-20 17:14 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24517D5E-B80E-4B0C-9F95-05A84CE322ED}\mpengine.dll
2012-01-18 19:41 . 2012-01-29 16:24 -------- d-----w- c:\users\Elmo\AppData\Local\kbdapiSched
2012-01-16 15:34 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-16 15:34 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-16 15:34 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-16 15:34 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-16 15:34 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-16 15:34 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-16 15:34 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-16 15:34 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-14 18:54 . 2012-01-14 18:54 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 14:01 . 2012-01-03 14:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-15 16:47 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 19:29 . 2010-08-11 04:27 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 571FDEF9B1E87B183F0A129DC2FB9BD9 . 858112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-02-03_15.42.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-23 17:18 . 2012-02-03 17:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-01-23 17:18 . 2012-02-03 15:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-03 17:21 . 2012-02-03 17:21 20992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{73CF1F7F-4E8B-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:49 . 2012-02-03 16:56 61440 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FE04A826-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:13 . 2012-02-03 16:14 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F8AB56AE-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:03 . 2012-02-03 17:06 20992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F71EC4F3-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:27 . 2012-02-03 16:27 25088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F3C19189-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:05 . 2012-02-03 16:09 29696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC7FF528-4E80-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:50 . 2012-02-03 15:57 86528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D56BA451-4E7E-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:19 . 2012-02-03 16:26 83968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3619990-4E82-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:26 . 2012-02-03 16:26 27136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA434CAB-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:25 . 2012-02-03 16:25 27136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B38C2AB6-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:39 . 2012-02-03 16:45 48640 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0A86857-4E85-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:15 . 2012-02-03 17:15 19968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AED0D97E-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:54 . 2012-02-03 16:56 21504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADE79C57-4E87-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:17 . 2012-02-03 16:21 31744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A2098F51-4E82-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:53 . 2012-02-03 16:56 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9864B4BD-4E87-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:14 . 2012-02-03 17:15 19456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{94D6141C-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:24 . 2012-02-03 16:26 90624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8186F91F-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:02 . 2012-02-03 16:08 45568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7EDA331C-4E80-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:14 . 2012-02-03 17:14 17920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7E8307AE-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:09 . 2012-02-03 16:14 55296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A9D9D05-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:45 . 2012-02-03 16:51 55808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78C4DAEB-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:30 . 2012-02-03 16:31 19968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{71E3A976-4E84-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:13 . 2012-02-03 17:14 21504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{711A376A-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:59 . 2012-02-03 17:06 57856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6982D975-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:13 . 2012-02-03 17:16 25088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{53F7A397-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:22 . 2012-02-03 16:22 11776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C3C1137-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:08 . 2012-02-03 16:09 19456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3EA52B5A-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 19:49 . 2012-02-03 19:49 10240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3A1CD7B3-4EA0-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 19:49 . 2012-02-03 19:49 10240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3A1814F3-4EA0-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:53 . 2012-02-03 15:58 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39867858-4E7F-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:14 . 2012-02-03 16:21 37376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{305654BF-4E82-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:29 . 2012-02-03 16:36 70656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2FB86C83-4E84-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:43 . 2012-02-03 16:50 58880 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{27342CDA-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:52 . 2012-02-03 15:58 23040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19A0B846-4E7F-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:21 . 2012-02-03 16:21 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0F927FBC-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:20 . 2012-02-03 16:27 67072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B041D7A-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:13 . 2012-02-03 16:14 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{08B98F53-4E82-11E1-B052-B482FE9AD52E}.dat
+ 2012-01-23 20:42 . 2012-02-03 17:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-01-23 20:42 . 2012-02-03 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-02-02 00:24 . 2012-02-03 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2012-02-02 00:24 . 2012-02-03 19:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2010-04-26 06:51 . 2012-02-06 13:11 45838 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-06 13:11 46034 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-10 12:47 . 2012-02-06 13:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-10 12:47 . 2012-02-03 15:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-10 12:47 . 2012-02-03 15:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-10 12:47 . 2012-02-06 13:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-10 12:47 . 2012-02-06 13:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-10 12:47 . 2012-02-03 15:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-11 20:53 . 2012-02-06 13:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-11 20:53 . 2012-02-03 15:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-11 23:12 . 2012-01-29 18:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
+ 2010-08-11 23:12 . 2012-02-03 17:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
+ 2010-08-11 20:53 . 2012-02-06 13:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-11 20:53 . 2012-02-03 15:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-03 17:21 . 2012-02-03 17:21 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{73CF1F7E-4E8B-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:50 . 2012-02-03 17:22 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{1C01F9DD-4E87-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:22 . 2012-02-03 17:22 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{ADF3175F-4E8B-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:49 . 2012-02-03 16:56 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FE04A825-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:51 . 2012-02-03 15:58 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F33320F1-4E7E-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:58 . 2012-02-03 15:58 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F0BDBD5D-4E7F-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:03 . 2012-02-03 17:03 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F0958C27-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:20 . 2012-02-03 16:20 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EDD67F5D-4E82-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:05 . 2012-02-03 16:09 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EC7FF527-4E80-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:10 . 2012-02-03 17:10 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EC59D69E-4E89-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:27 . 2012-02-03 16:27 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E9966A5E-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:17 . 2012-02-03 17:22 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E81B0DA6-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:16 . 2012-02-03 17:22 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DF4BCD17-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:43 . 2012-02-03 15:43 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DC3C916B-4E7D-11E1-8019-B482FE9AD52E}.dat
+ 2012-02-03 15:50 . 2012-02-03 15:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DB63D7C0-4E7E-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:50 . 2012-02-03 15:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D867BE08-4E7E-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:50 . 2012-02-03 15:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D56BA450-4E7E-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:19 . 2012-02-03 16:26 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D361998F-4E82-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:47 . 2012-02-03 16:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C8BF8F85-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:43 . 2012-02-03 15:43 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C46ECEAE-4E7D-11E1-8019-B482FE9AD52E}.dat
+ 2012-02-03 16:47 . 2012-02-03 16:47 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C36B6C48-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:43 . 2012-02-03 15:43 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C16B90D5-4E7D-11E1-8019-B482FE9AD52E}.dat
+ 2012-02-03 15:42 . 2012-02-03 15:42 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BEA3D562-4E7D-11E1-8019-B482FE9AD52E}.dat
+ 2012-02-03 16:33 . 2012-02-03 16:33 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BDE87268-4E84-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:40 . 2012-02-03 16:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B9A89C5F-4E85-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:01 . 2012-02-03 17:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B95D8325-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:39 . 2012-02-03 16:45 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B0A86856-4E85-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:22 . 2012-02-03 17:22 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B08FFA10-4E8B-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:54 . 2012-02-03 16:59 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AB3462FA-4E87-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:03 . 2012-02-03 16:09 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A7C78502-4E80-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:22 . 2012-02-03 17:22 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A6C0AE4F-4E8B-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:03 . 2012-02-03 16:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A6627699-4E80-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:56 . 2012-02-03 15:56 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A64D1067-4E7F-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:08 . 2012-02-03 17:08 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A4452B52-4E89-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:10 . 2012-02-03 16:16 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8E813C6E-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:00 . 2012-02-03 17:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8184FA77-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:02 . 2012-02-03 16:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7EDA331B-4E80-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:07 . 2012-02-03 17:12 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D411D54-4E89-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:21 . 2012-02-03 17:21 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7CFC08FF-4E8B-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:09 . 2012-02-03 16:14 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7A9D9D04-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:09 . 2012-02-03 16:16 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7A7EAB20-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:45 . 2012-02-03 16:52 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78C4DAEA-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:16 . 2012-02-03 16:20 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{772744E5-4E82-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:16 . 2012-02-03 16:16 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{76405F6A-4E82-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:52 . 2012-02-03 16:52 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{748A8817-4E87-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:59 . 2012-02-03 16:59 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{704C85FC-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:59 . 2012-02-03 17:06 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6982D974-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:06 . 2012-02-03 17:12 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5B095564-4E89-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:54 . 2012-02-03 15:58 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{51A43960-4E7F-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:12 . 2012-02-03 17:17 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4E84FBDB-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:19 . 2012-02-03 17:19 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4A49B34D-4E8B-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:58 . 2012-02-03 17:02 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3AD7BEF5-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 19:49 . 2012-02-03 19:49 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3A1CD7B2-4EA0-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 19:49 . 2012-02-03 19:49 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3A1A7652-4EA0-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 19:49 . 2012-02-03 19:49 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3A183C02-4EA0-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 19:49 . 2012-02-03 19:49 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3A1814F2-4EA0-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 19:49 . 2012-02-03 19:49 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3A10F0D0-4EA0-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:12 . 2012-02-03 17:12 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34F16D99-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:22 . 2012-02-03 16:22 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{33F4E84F-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:19 . 2012-02-03 17:19 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{30B5EE9D-4E8B-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:14 . 2012-02-03 16:21 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{305654BE-4E82-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:29 . 2012-02-03 16:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2FB86C82-4E84-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:43 . 2012-02-03 16:47 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2C00BB07-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:36 . 2012-02-03 16:36 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2B77E980-4E85-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:11 . 2012-02-03 17:16 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2A9F3629-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:43 . 2012-02-03 16:50 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{27342CD9-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:35 . 2012-02-03 16:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{22B7FA9F-4E85-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:20 . 2012-02-03 16:27 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0B041D79-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:27 . 2012-02-03 16:32 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{06CA030D-4E84-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:35 . 2012-02-03 16:35 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0684AAFF-4E85-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:44 . 2012-02-03 15:44 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{02FDF8E1-4E7E-11E1-8019-B482FE9AD52E}.dat
+ 2012-02-03 16:42 . 2012-02-03 16:42 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0245EFCB-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:58 . 2012-02-03 15:59 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FBBB57DD-4E7F-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:49 . 2012-02-03 16:50 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F8DDC3A1-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:20 . 2012-02-03 16:20 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F76585F3-4E82-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:06 . 2012-02-03 16:09 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F6C645B1-4E80-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:58 . 2012-02-03 15:58 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0BDBD5E-4E7F-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:03 . 2012-02-03 17:03 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0958C28-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:48 . 2012-02-03 16:48 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF8BEA82-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:20 . 2012-02-03 16:20 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EDD67F5E-4E82-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:10 . 2012-02-03 17:10 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC59D69F-4E89-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:27 . 2012-02-03 16:27 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E9966A5F-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:17 . 2012-02-03 17:22 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E81B0DA7-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:02 . 2012-02-03 17:06 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DFC4764C-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:16 . 2012-02-03 17:22 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DF4BCD18-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:17 . 2012-02-03 17:17 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DD2B0FC2-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:16 . 2012-02-03 17:17 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DD2B0FC1-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:43 . 2012-02-03 15:43 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC3C916C-4E7D-11E1-8019-B482FE9AD52E}.dat
+ 2012-02-03 15:50 . 2012-02-03 15:56 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB63D7C1-4E7E-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:50 . 2012-02-03 15:55 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D867BE09-4E7E-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:05 . 2012-02-03 16:09 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6D5AEE4-4E80-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:12 . 2012-02-03 16:14 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D5DB334E-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:47 . 2012-02-03 16:53 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C8BF8F86-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:43 . 2012-02-03 15:43 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C46ECEAF-4E7D-11E1-8019-B482FE9AD52E}.dat
+ 2012-02-03 16:47 . 2012-02-03 16:47 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C36B6C49-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:26 . 2012-02-03 16:26 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C32565C4-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:43 . 2012-02-03 15:43 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C16B90D6-4E7D-11E1-8019-B482FE9AD52E}.dat
+ 2012-02-03 16:47 . 2012-02-03 16:47 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C01F9C57-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:11 . 2012-02-03 16:14 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BE621921-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:33 . 2012-02-03 16:33 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BDE87269-4E84-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:40 . 2012-02-03 16:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B9A89C60-4E85-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:01 . 2012-02-03 17:08 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B95D8326-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:22 . 2012-02-03 17:22 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B08FFA11-4E8B-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:46 . 2012-02-03 16:50 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AFF924A1-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:54 . 2012-02-03 16:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADE79C56-4E87-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:54 . 2012-02-03 16:59 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB3462FB-4E87-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:03 . 2012-02-03 16:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7C78503-4E80-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:22 . 2012-02-03 17:22 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A6C0AE50-4E8B-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:03 . 2012-02-03 16:07 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A662769A-4E80-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:56 . 2012-02-03 15:56 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A64D1068-4E7F-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:08 . 2012-02-03 17:08 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4452B53-4E89-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:56 . 2012-02-03 15:58 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A1251A6F-4E7F-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:46 . 2012-02-03 16:50 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9959B0A6-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:10 . 2012-02-03 16:16 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{94809402-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:53 . 2012-02-03 16:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8E5E2C91-4E87-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:14 . 2012-02-03 17:16 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85B30A3E-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:24 . 2012-02-03 16:24 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{82DFD27E-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:24 . 2012-02-03 16:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8186F921-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:00 . 2012-02-03 17:07 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8184FA78-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:14 . 2012-02-03 17:14 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7E8307AD-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:07 . 2012-02-03 17:12 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7D411D55-4E89-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:21 . 2012-02-03 17:21 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7CFC0900-4E8B-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:09 . 2012-02-03 16:16 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A7EAB21-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:45 . 2012-02-03 16:50 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7953AD76-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:16 . 2012-02-03 16:20 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{772744E6-4E82-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:16 . 2012-02-03 16:16 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{76405F6B-4E82-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:52 . 2012-02-03 16:52 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{748A8818-4E87-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:13 . 2012-02-03 17:14 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{711A3769-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:23 . 2012-02-03 16:23 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{705E34A0-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:59 . 2012-02-03 16:59 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{704C85FD-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:52 . 2012-02-03 16:52 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D858E91-4E87-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:09 . 2012-02-03 16:09 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CEB520C-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:23 . 2012-02-03 16:23 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{65A80364-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:08 . 2012-02-03 16:09 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5CB6538F-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:06 . 2012-02-03 17:12 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B095565-4E89-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:51 . 2012-02-03 16:51 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{58CA180B-4E87-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:08 . 2012-02-03 16:08 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5638D30F-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:08 . 2012-02-03 16:09 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4B105FC8-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:19 . 2012-02-03 17:19 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4A49B34E-4E8B-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:05 . 2012-02-03 17:06 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4393A58C-4E89-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:08 . 2012-02-03 16:08 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3E24A10B-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:58 . 2012-02-03 17:02 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3AD7BEF6-4E88-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 19:49 . 2012-02-03 19:49 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3A1A7653-4EA0-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 19:49 . 2012-02-03 19:49 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3A183C03-4EA0-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 19:49 . 2012-02-03 19:49 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3A10F0D1-4EA0-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:53 . 2012-02-03 15:58 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39867856-4E7F-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:12 . 2012-02-03 17:12 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34F16D9A-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:22 . 2012-02-03 16:22 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{33F4E850-4E83-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:07 . 2012-02-03 16:09 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3276E0B3-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:19 . 2012-02-03 17:19 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{30B5EE9E-4E8B-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:43 . 2012-02-03 16:47 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2C00BB08-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:36 . 2012-02-03 16:36 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2B77E981-4E85-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:50 . 2012-02-03 16:56 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{29A03FCD-4E87-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:07 . 2012-02-03 16:09 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{246EE435-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:35 . 2012-02-03 16:41 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22B7FAA0-4E85-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:52 . 2012-02-03 15:58 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19A0B845-4E7F-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:06 . 2012-02-03 16:09 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{105947E5-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:27 . 2012-02-03 16:32 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{06CA030E-4E84-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 16:35 . 2012-02-03 16:35 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0684AB00-4E85-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:44 . 2012-02-03 15:45 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{02FDF8E2-4E7E-11E1-8019-B482FE9AD52E}.dat
+ 2012-02-03 16:42 . 2012-02-03 16:42 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0245EFCC-4E86-11E1-B052-B482FE9AD52E}.dat
+ 2010-08-10 12:22 . 2012-02-06 13:11 9534 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-293359819-2363101794-1314079208-1000_UserData.bin
+ 2012-02-06 13:09 . 2012-02-06 13:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-03 15:31 . 2012-02-03 15:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-06 13:09 . 2012-02-06 13:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-03 15:31 . 2012-02-03 15:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-02-03 19:49 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-03 13:09 . 2012-02-03 19:49 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012020320120204\index.dat
+ 2009-07-14 04:54 . 2012-02-03 19:49 737280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-03 15:51 . 2012-02-03 15:58 218624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F33320F2-4E7E-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 15:42 . 2012-02-03 15:45 143360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BEA3D563-4E7D-11E1-8019-B482FE9AD52E}.dat
+ 2012-02-03 16:10 . 2012-02-03 16:16 203776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8E813C6F-4E81-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:12 . 2012-02-03 17:19 174592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4E84FBDC-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2012-02-03 17:11 . 2012-02-03 17:16 196096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2A9F362A-4E8A-11E1-B052-B482FE9AD52E}.dat
+ 2010-06-22 00:16 . 2012-02-03 19:49 279326 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-05-07 20:53 . 2012-02-03 15:38 711842 c:\windows\system32\perfh00C.dat
+ 2010-05-07 20:53 . 2012-02-06 13:16 711842 c:\windows\system32\perfh00C.dat
+ 2009-07-14 02:36 . 2012-02-06 13:16 623288 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-03 15:38 623288 c:\windows\system32\perfh009.dat
+ 2010-05-07 20:53 . 2012-02-06 13:16 133946 c:\windows\system32\perfc00C.dat
- 2010-05-07 20:53 . 2012-02-03 15:38 133946 c:\windows\system32\perfc00C.dat
- 2009-07-14 02:36 . 2012-02-03 15:38 109410 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-06 13:16 109410 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-02-03 19:50 398260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-03 15:31 398260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-02 00:24 . 2012-02-03 19:49 1130496 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2009-07-14 04:54 . 2012-02-03 19:49 1867776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-03 15:30 1867776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Lexmark Pro200-S500 Series"="c:\program files (x86)\Lexmark Pro200-S500 Series\fm3032.exe" [2010-05-05 316072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-29 126392]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-09 16413288]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: &Envoyer à OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 10.10.10.23
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,0f,b4,f1,aa,ce,d7,49,8f,06,14,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,0f,b4,f1,aa,ce,d7,49,8f,06,14,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-02-06 08:21:24
ComboFix-quarantined-files.txt 2012-02-06 13:21
ComboFix2.txt 2012-02-03 15:44
ComboFix3.txt 2012-02-03 15:27
.
Avant-CF: 203 562 930 176 octets libres
Après-CF: 203 502 407 680 octets libres
.
- - End Of File - - D7B9D2521F2A02F1E2F6E83C4E3AF2CE


Thank you for your help !!

Running ComboFix went very well, no apparent problems. The problem is still there, computer running slow from all the iexplore.exe running, NOD32 trying to block all the sites popping up and I can hear commercials running from my speakers in the background !

Thanks once again !

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 06 February 2012 - 03:25 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
explorer.exe
svchost.exe
winlogon.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Louispg

Louispg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 06 February 2012 - 04:23 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 16:19 on 06/02/2012 by Elmo
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 2871808 bytes [23:20 26/04/2011] [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\ERDNT\cache86\explorer.exe --a---- 2871808 bytes [18:19 29/01/2012] [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\SysWOW64\explorer.exe --a---- 2616320 bytes [23:20 26/04/2011] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe --a---- 2868224 bytes [23:56 13/07/2009] [01:39 14/07/2009] C235A51CB740E45FFA0EBFB9BAFCDA64
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe --a---- 2868224 bytes [05:12 26/04/2010] [06:17 03/08/2009] F170B4A061C9E026437B193B4D571799
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe --a---- 2868736 bytes [05:14 26/04/2010] [06:35 06/10/2009] 6D4F9E4B640B413C6F73414327484C80
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe --a---- 2870272 bytes [12:45 10/08/2010] [06:34 31/10/2009] 9AAAEC8DAC27AA17B053E6352AD233AE
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe --a---- 2870272 bytes [23:20 26/04/2011] [06:23 26/02/2011] 0862495E0C825893DB75EF44FAEA8E93
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe --a---- 2868224 bytes [05:12 26/04/2010] [06:19 03/08/2009] 700073016DAC1C3D2E7E2CE4223334B6
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe --a---- 2868736 bytes [05:14 26/04/2010] [06:31 06/10/2009] CA17F8620815267DC838E30B68CB5052
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe --a---- 2870272 bytes [12:45 10/08/2010] [06:38 31/10/2009] B8EC4BD49CE8F6FC457721BFC210B67F
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe --a---- 2870784 bytes [23:20 26/04/2011] [06:26 26/02/2011] E38899074D4951D31B4040E994DD7C8D
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe --a---- 2872320 bytes [03:14 05/07/2011] [13:24 20/11/2010] AC4C51EB24AA95B77F705AB159189E24
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe --a---- 2871808 bytes [23:20 26/04/2011] [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe --a---- 2871808 bytes [23:20 26/04/2011] [06:14 26/02/2011] 3B69712041F3D63605529BD66DC00C48
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe --a---- 2613248 bytes [23:41 13/07/2009] [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe --a---- 2613248 bytes [05:12 26/04/2010] [05:35 03/08/2009] B95EEB0F4E5EFBF1038A35B3351CF047
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe --a---- 2613248 bytes [05:14 26/04/2010] [05:53 06/10/2009] FC89FACA0473641CB625EDA9277D0885
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe --a---- 2614272 bytes [12:45 10/08/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe --a---- 2614784 bytes [23:20 26/04/2011] [05:33 26/02/2011] 2AF58D15EDC06EC6FDACCE1F19482BBF
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe --a---- 2613248 bytes [05:12 26/04/2010] [05:49 03/08/2009] 9FF6C4C91A3711C0A3B18F87B08B518D
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe --a---- 2613248 bytes [05:14 26/04/2010] [06:06 06/10/2009] 00B0358734CAA32C39D181FE6916B178
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe --a---- 2614272 bytes [12:45 10/08/2010] [06:00 31/10/2009] C76153C7ECA00FA852BB0C193378F917
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe --a---- 2614784 bytes [23:20 26/04/2011] [05:51 26/02/2011] 255CF508D7CFB10E0794D6AC93280BD8
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe --a---- 2616320 bytes [03:14 05/07/2011] [12:17 20/11/2010] 40D777B7A95E00593EB1568C68514493
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe --a---- 2616320 bytes [23:20 26/04/2011] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe --a---- 2616320 bytes [23:20 26/04/2011] [05:19 26/02/2011] 0FB9C74046656D1579A64660AD67B746

Searching for "svchost.exe"
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 182856 bytes [13:12 03/02/2012] [19:53 13/01/2012] 63EEC8A8B221AB79045E776E5F592868
C:\Windows\ERDNT\cache64\svchost.exe --a---- 27136 bytes [18:19 29/01/2012] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\ERDNT\cache86\svchost.exe --a---- 20992 bytes [18:19 29/01/2012] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\System32\svchost.exe --a---- 27136 bytes [23:31 13/07/2009] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\SysWOW64\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe --a---- 27136 bytes [23:31 13/07/2009] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866

Searching for "winlogon.exe"
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe --a---- 182856 bytes [13:12 03/02/2012] [19:53 13/01/2012] 63EEC8A8B221AB79045E776E5F592868
C:\Windows\ERDNT\cache64\winlogon.exe --a---- 390656 bytes [18:19 29/01/2012] [13:25 20/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
C:\Windows\System32\winlogon.exe --a---- 390656 bytes [03:13 05/07/2011] [13:25 20/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe --a---- 389120 bytes [23:52 13/07/2009] [01:39 14/07/2009] 132328DF455B0028F13BF0ABEE51A63A
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe --a---- 389632 bytes [12:45 10/08/2010] [06:24 28/10/2009] DA3E2A6FA9660CC75B471530CE88453A
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe --a---- 389632 bytes [12:45 10/08/2010] [07:01 28/10/2009] A93D41A4D4B0D91C072D11DD8AF266DE
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe --a---- 390656 bytes [03:13 05/07/2011] [13:25 20/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457

-= EOF =-

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 06 February 2012 - 09:19 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Louispg

Louispg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 07 February 2012 - 08:25 AM

No reboot, no threats found.

08:23:36.0219 5584 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
08:23:36.0529 5584 ============================================================
08:23:36.0529 5584 Current date / time: 2012/02/07 08:23:36.0529
08:23:36.0529 5584 SystemInfo:
08:23:36.0529 5584
08:23:36.0529 5584 OS Version: 6.1.7601 ServicePack: 1.0
08:23:36.0529 5584 Product type: Workstation
08:23:36.0529 5584 ComputerName: ELMO-PC
08:23:36.0529 5584 UserName: Elmo
08:23:36.0529 5584 Windows directory: C:\windows
08:23:36.0529 5584 System windows directory: C:\windows
08:23:36.0529 5584 Running under WOW64
08:23:36.0529 5584 Processor architecture: Intel x64
08:23:36.0529 5584 Number of processors: 4
08:23:36.0529 5584 Page size: 0x1000
08:23:36.0529 5584 Boot type: Normal boot
08:23:36.0529 5584 ============================================================
08:23:36.0839 5584 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:23:36.0849 5584 \Device\Harddisk0\DR0:
08:23:36.0849 5584 MBR used
08:23:36.0849 5584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
08:23:36.0849 5584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1C2A9000
08:23:36.0849 5584 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E0DB800, BlocksNum 0x1C2AA000
08:23:37.0119 5584 Initialize success
08:23:37.0119 5584 ============================================================
08:23:39.0409 6832 ============================================================
08:23:39.0409 6832 Scan started
08:23:39.0409 6832 Mode: Manual;
08:23:39.0409 6832 ============================================================
08:23:41.0569 6832 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
08:23:41.0609 6832 1394ohci - ok
08:23:41.0749 6832 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
08:23:41.0749 6832 ACPI - ok
08:23:41.0879 6832 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
08:23:41.0899 6832 AcpiPmi - ok
08:23:42.0029 6832 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
08:23:42.0069 6832 adp94xx - ok
08:23:42.0179 6832 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
08:23:42.0209 6832 adpahci - ok
08:23:42.0339 6832 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
08:23:42.0349 6832 adpu320 - ok
08:23:42.0509 6832 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
08:23:42.0509 6832 AFD - ok
08:23:42.0629 6832 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
08:23:42.0649 6832 agp440 - ok
08:23:42.0789 6832 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
08:23:42.0799 6832 aliide - ok
08:23:42.0929 6832 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
08:23:42.0939 6832 amdide - ok
08:23:43.0019 6832 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
08:23:43.0039 6832 AmdK8 - ok
08:23:43.0059 6832 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
08:23:43.0079 6832 AmdPPM - ok
08:23:43.0149 6832 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
08:23:43.0179 6832 amdsata - ok
08:23:43.0209 6832 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
08:23:43.0229 6832 amdsbs - ok
08:23:43.0289 6832 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
08:23:43.0299 6832 amdxata - ok
08:23:43.0379 6832 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
08:23:43.0379 6832 AppID - ok
08:23:43.0459 6832 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
08:23:43.0479 6832 arc - ok
08:23:43.0499 6832 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
08:23:43.0509 6832 arcsas - ok
08:23:43.0549 6832 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
08:23:43.0549 6832 AsyncMac - ok
08:23:43.0609 6832 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
08:23:43.0619 6832 atapi - ok
08:23:43.0709 6832 athr (cca705cdf038d5bc243203ce4416b345) C:\windows\system32\DRIVERS\athrx.sys
08:23:43.0739 6832 athr - ok
08:23:43.0919 6832 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
08:23:43.0939 6832 b06bdrv - ok
08:23:43.0989 6832 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
08:23:43.0999 6832 b57nd60a - ok
08:23:44.0059 6832 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
08:23:44.0059 6832 Beep - ok
08:23:44.0139 6832 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
08:23:44.0159 6832 blbdrive - ok
08:23:44.0199 6832 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
08:23:44.0199 6832 bowser - ok
08:23:44.0229 6832 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
08:23:44.0239 6832 BrFiltLo - ok
08:23:44.0279 6832 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
08:23:44.0279 6832 BrFiltUp - ok
08:23:44.0349 6832 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
08:23:44.0349 6832 BridgeMP - ok
08:23:44.0379 6832 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
08:23:44.0399 6832 Brserid - ok
08:23:44.0429 6832 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
08:23:44.0449 6832 BrSerWdm - ok
08:23:44.0499 6832 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
08:23:44.0519 6832 BrUsbMdm - ok
08:23:44.0519 6832 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
08:23:44.0529 6832 BrUsbSer - ok
08:23:44.0599 6832 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
08:23:44.0619 6832 BthEnum - ok
08:23:44.0649 6832 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
08:23:44.0659 6832 BTHMODEM - ok
08:23:44.0699 6832 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
08:23:44.0699 6832 BthPan - ok
08:23:44.0759 6832 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
08:23:44.0779 6832 BTHPORT - ok
08:23:44.0839 6832 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
08:23:44.0859 6832 BTHUSB - ok
08:23:44.0939 6832 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\windows\system32\drivers\btusbflt.sys
08:23:44.0939 6832 btusbflt - ok
08:23:44.0999 6832 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\windows\system32\drivers\btwaudio.sys
08:23:45.0279 6832 btwaudio - ok
08:23:45.0399 6832 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\windows\system32\DRIVERS\btwavdt.sys
08:23:45.0419 6832 btwavdt - ok
08:23:45.0539 6832 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
08:23:45.0549 6832 btwl2cap - ok
08:23:45.0659 6832 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\windows\system32\DRIVERS\btwrchid.sys
08:23:45.0669 6832 btwrchid - ok
08:23:45.0729 6832 catchme - ok
08:23:45.0869 6832 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
08:23:45.0869 6832 cdfs - ok
08:23:46.0009 6832 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
08:23:46.0019 6832 cdrom - ok
08:23:46.0159 6832 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
08:23:46.0159 6832 circlass - ok
08:23:46.0219 6832 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
08:23:46.0219 6832 CLFS - ok
08:23:46.0379 6832 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
08:23:46.0389 6832 CmBatt - ok
08:23:46.0509 6832 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
08:23:46.0529 6832 cmdide - ok
08:23:46.0569 6832 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
08:23:46.0589 6832 CNG - ok
08:23:46.0709 6832 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
08:23:46.0729 6832 Compbatt - ok
08:23:46.0779 6832 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
08:23:46.0779 6832 CompositeBus - ok
08:23:46.0829 6832 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
08:23:46.0829 6832 crcdisk - ok
08:23:46.0929 6832 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
08:23:46.0929 6832 DfsC - ok
08:23:47.0069 6832 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
08:23:47.0069 6832 discache - ok
08:23:47.0189 6832 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
08:23:47.0209 6832 Disk - ok
08:23:47.0339 6832 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
08:23:47.0369 6832 drmkaud - ok
08:23:47.0489 6832 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
08:23:47.0499 6832 DXGKrnl - ok
08:23:47.0629 6832 eamonm (13533557d01b88c83110d5cf749f14d7) C:\windows\system32\DRIVERS\eamonm.sys
08:23:47.0629 6832 eamonm - ok
08:23:47.0799 6832 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
08:23:47.0899 6832 ebdrv - ok
08:23:48.0019 6832 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\windows\system32\DRIVERS\ehdrv.sys
08:23:48.0049 6832 ehdrv - ok
08:23:48.0199 6832 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
08:23:48.0209 6832 elxstor - ok
08:23:48.0349 6832 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\windows\system32\DRIVERS\epfwwfpr.sys
08:23:48.0359 6832 epfwwfpr - ok
08:23:48.0389 6832 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
08:23:48.0409 6832 ErrDev - ok
08:23:48.0459 6832 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
08:23:48.0459 6832 exfat - ok
08:23:48.0489 6832 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
08:23:48.0489 6832 fastfat - ok
08:23:48.0559 6832 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
08:23:48.0579 6832 fdc - ok
08:23:48.0629 6832 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
08:23:48.0629 6832 FileInfo - ok
08:23:48.0659 6832 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
08:23:48.0659 6832 Filetrace - ok
08:23:48.0699 6832 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
08:23:48.0709 6832 flpydisk - ok
08:23:48.0749 6832 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
08:23:48.0749 6832 FltMgr - ok
08:23:48.0779 6832 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
08:23:48.0779 6832 FsDepends - ok
08:23:48.0829 6832 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\windows\system32\DRIVERS\fssfltr.sys
08:23:48.0839 6832 fssfltr - ok
08:23:48.0859 6832 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
08:23:48.0859 6832 Fs_Rec - ok
08:23:48.0939 6832 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
08:23:48.0939 6832 fvevol - ok
08:23:48.0979 6832 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
08:23:49.0009 6832 gagp30kx - ok
08:23:49.0039 6832 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
08:23:49.0039 6832 hcw85cir - ok
08:23:49.0089 6832 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
08:23:49.0099 6832 HdAudAddService - ok
08:23:49.0139 6832 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
08:23:49.0139 6832 HDAudBus - ok
08:23:49.0179 6832 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
08:23:49.0199 6832 HidBatt - ok
08:23:49.0229 6832 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
08:23:49.0249 6832 HidBth - ok
08:23:49.0259 6832 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
08:23:49.0279 6832 HidIr - ok
08:23:49.0339 6832 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
08:23:49.0339 6832 HidUsb - ok
08:23:49.0399 6832 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
08:23:49.0409 6832 HpSAMD - ok
08:23:49.0489 6832 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
08:23:49.0499 6832 HTTP - ok
08:23:49.0539 6832 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
08:23:49.0539 6832 hwpolicy - ok
08:23:49.0599 6832 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
08:23:49.0629 6832 i8042prt - ok
08:23:49.0689 6832 iaStor (073a606333b6f7bbf20aa856df7f0997) C:\windows\system32\DRIVERS\iaStor.sys
08:23:49.0689 6832 iaStor - ok
08:23:49.0769 6832 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
08:23:49.0789 6832 iaStorV - ok
08:23:49.0959 6832 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
08:23:50.0089 6832 igfx - ok
08:23:50.0189 6832 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
08:23:50.0189 6832 iirsp - ok
08:23:50.0279 6832 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\windows\system32\DRIVERS\Impcd.sys
08:23:50.0279 6832 Impcd - ok
08:23:50.0389 6832 IntcAzAudAddService (801946ce25dd2179fe68599826b0bb88) C:\windows\system32\drivers\RTKVHD64.sys
08:23:50.0429 6832 IntcAzAudAddService - ok
08:23:50.0469 6832 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
08:23:50.0479 6832 intelide - ok
08:23:50.0519 6832 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
08:23:50.0519 6832 intelppm - ok
08:23:50.0599 6832 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
08:23:50.0599 6832 IpFilterDriver - ok
08:23:50.0649 6832 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
08:23:50.0649 6832 IPMIDRV - ok
08:23:50.0679 6832 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
08:23:50.0689 6832 IPNAT - ok
08:23:50.0739 6832 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
08:23:50.0739 6832 IRENUM - ok
08:23:50.0779 6832 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
08:23:50.0809 6832 isapnp - ok
08:23:50.0839 6832 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
08:23:50.0869 6832 iScsiPrt - ok
08:23:50.0949 6832 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
08:23:50.0949 6832 kbdclass - ok
08:23:51.0009 6832 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
08:23:51.0009 6832 kbdhid - ok
08:23:51.0049 6832 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
08:23:51.0059 6832 KSecDD - ok
08:23:51.0089 6832 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
08:23:51.0109 6832 KSecPkg - ok
08:23:51.0159 6832 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
08:23:51.0159 6832 ksthunk - ok
08:23:51.0239 6832 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
08:23:51.0239 6832 lltdio - ok
08:23:51.0289 6832 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
08:23:51.0309 6832 LSI_FC - ok
08:23:51.0329 6832 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
08:23:51.0349 6832 LSI_SAS - ok
08:23:51.0379 6832 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
08:23:51.0389 6832 LSI_SAS2 - ok
08:23:51.0409 6832 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
08:23:51.0429 6832 LSI_SCSI - ok
08:23:51.0469 6832 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
08:23:51.0469 6832 luafv - ok
08:23:51.0539 6832 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
08:23:51.0569 6832 megasas - ok
08:23:51.0589 6832 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
08:23:51.0609 6832 MegaSR - ok
08:23:51.0619 6832 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
08:23:51.0629 6832 Modem - ok
08:23:51.0669 6832 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
08:23:51.0669 6832 monitor - ok
08:23:51.0729 6832 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
08:23:51.0729 6832 mouclass - ok
08:23:51.0769 6832 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
08:23:51.0769 6832 mouhid - ok
08:23:51.0809 6832 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
08:23:51.0809 6832 mountmgr - ok
08:23:51.0849 6832 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
08:23:51.0869 6832 mpio - ok
08:23:51.0889 6832 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
08:23:51.0889 6832 mpsdrv - ok
08:23:51.0929 6832 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
08:23:51.0929 6832 MRxDAV - ok
08:23:51.0969 6832 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
08:23:51.0969 6832 mrxsmb - ok
08:23:52.0009 6832 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
08:23:52.0019 6832 mrxsmb10 - ok
08:23:52.0039 6832 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
08:23:52.0039 6832 mrxsmb20 - ok
08:23:52.0079 6832 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
08:23:52.0099 6832 msahci - ok
08:23:52.0139 6832 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
08:23:52.0159 6832 msdsm - ok
08:23:52.0209 6832 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
08:23:52.0209 6832 Msfs - ok
08:23:52.0249 6832 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
08:23:52.0249 6832 mshidkmdf - ok
08:23:52.0279 6832 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
08:23:52.0299 6832 msisadrv - ok
08:23:52.0339 6832 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
08:23:52.0349 6832 MSKSSRV - ok
08:23:52.0359 6832 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
08:23:52.0359 6832 MSPCLOCK - ok
08:23:52.0379 6832 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
08:23:52.0379 6832 MSPQM - ok
08:23:52.0429 6832 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
08:23:52.0429 6832 MsRPC - ok
08:23:52.0459 6832 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
08:23:52.0459 6832 mssmbios - ok
08:23:52.0469 6832 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
08:23:52.0469 6832 MSTEE - ok
08:23:52.0479 6832 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
08:23:52.0489 6832 MTConfig - ok
08:23:52.0529 6832 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
08:23:52.0529 6832 Mup - ok
08:23:52.0589 6832 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
08:23:52.0589 6832 NativeWifiP - ok
08:23:52.0659 6832 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
08:23:52.0679 6832 NDIS - ok
08:23:52.0689 6832 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
08:23:52.0689 6832 NdisCap - ok
08:23:52.0749 6832 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
08:23:52.0749 6832 NdisTapi - ok
08:23:52.0789 6832 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
08:23:52.0789 6832 Ndisuio - ok
08:23:52.0829 6832 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
08:23:52.0829 6832 NdisWan - ok
08:23:52.0869 6832 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
08:23:52.0869 6832 NDProxy - ok
08:23:52.0899 6832 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
08:23:52.0919 6832 NetBIOS - ok
08:23:52.0959 6832 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
08:23:52.0969 6832 NetBT - ok
08:23:53.0019 6832 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
08:23:53.0039 6832 nfrd960 - ok
08:23:53.0079 6832 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
08:23:53.0079 6832 Npfs - ok
08:23:53.0099 6832 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
08:23:53.0099 6832 nsiproxy - ok
08:23:53.0159 6832 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
08:23:53.0179 6832 Ntfs - ok
08:23:53.0199 6832 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
08:23:53.0199 6832 Null - ok
08:23:53.0249 6832 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\windows\system32\drivers\nvhda64v.sys
08:23:53.0259 6832 NVHDA - ok
08:23:53.0509 6832 nvlddmkm (a518a34f345abf771e66ac48932ffea8) C:\windows\system32\DRIVERS\nvlddmkm.sys
08:23:53.0649 6832 nvlddmkm - ok
08:23:53.0759 6832 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
08:23:53.0779 6832 nvraid - ok
08:23:53.0789 6832 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
08:23:53.0819 6832 nvstor - ok
08:23:53.0899 6832 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
08:23:53.0909 6832 nv_agp - ok
08:23:53.0959 6832 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
08:23:53.0979 6832 ohci1394 - ok
08:23:54.0039 6832 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
08:23:54.0059 6832 Parport - ok
08:23:54.0089 6832 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
08:23:54.0099 6832 partmgr - ok
08:23:54.0119 6832 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
08:23:54.0139 6832 pci - ok
08:23:54.0179 6832 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
08:23:54.0199 6832 pciide - ok
08:23:54.0209 6832 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
08:23:54.0229 6832 pcmcia - ok
08:23:54.0249 6832 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
08:23:54.0249 6832 pcw - ok
08:23:54.0279 6832 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
08:23:54.0289 6832 PEAUTH - ok
08:23:54.0359 6832 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
08:23:54.0369 6832 PptpMiniport - ok
08:23:54.0379 6832 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
08:23:54.0399 6832 Processor - ok
08:23:54.0459 6832 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
08:23:54.0459 6832 Psched - ok
08:23:54.0509 6832 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
08:23:54.0529 6832 ql2300 - ok
08:23:54.0559 6832 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
08:23:54.0559 6832 ql40xx - ok
08:23:54.0579 6832 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
08:23:54.0579 6832 QWAVEdrv - ok
08:23:54.0599 6832 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
08:23:54.0599 6832 RasAcd - ok
08:23:54.0659 6832 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
08:23:54.0659 6832 RasAgileVpn - ok
08:23:54.0709 6832 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
08:23:54.0709 6832 Rasl2tp - ok
08:23:54.0739 6832 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
08:23:54.0819 6832 RasPppoe - ok
08:23:54.0869 6832 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
08:23:54.0879 6832 RasSstp - ok
08:23:54.0939 6832 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
08:23:54.0949 6832 rdbss - ok
08:23:54.0969 6832 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
08:23:54.0999 6832 rdpbus - ok
08:23:55.0029 6832 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
08:23:55.0029 6832 RDPCDD - ok
08:23:55.0089 6832 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
08:23:55.0089 6832 RDPENCDD - ok
08:23:55.0119 6832 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
08:23:55.0119 6832 RDPREFMP - ok
08:23:55.0169 6832 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
08:23:55.0169 6832 RDPWD - ok
08:23:55.0229 6832 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
08:23:55.0229 6832 rdyboost - ok
08:23:55.0379 6832 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
08:23:55.0409 6832 RFCOMM - ok
08:23:55.0569 6832 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
08:23:55.0569 6832 rspndr - ok
08:23:55.0619 6832 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
08:23:55.0659 6832 RTL8167 - ok
08:23:55.0749 6832 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
08:23:55.0749 6832 rtport - ok
08:23:55.0849 6832 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
08:23:55.0859 6832 SABI - ok
08:23:55.0909 6832 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
08:23:55.0929 6832 sbp2port - ok
08:23:55.0959 6832 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
08:23:55.0959 6832 scfilter - ok
08:23:56.0029 6832 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
08:23:56.0049 6832 secdrv - ok
08:23:56.0089 6832 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
08:23:56.0109 6832 Serenum - ok
08:23:56.0139 6832 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
08:23:56.0179 6832 Serial - ok
08:23:56.0219 6832 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
08:23:56.0249 6832 sermouse - ok
08:23:56.0319 6832 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
08:23:56.0349 6832 sffdisk - ok
08:23:56.0369 6832 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
08:23:56.0389 6832 sffp_mmc - ok
08:23:56.0399 6832 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
08:23:56.0399 6832 sffp_sd - ok
08:23:56.0449 6832 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
08:23:56.0479 6832 sfloppy - ok
08:23:56.0529 6832 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
08:23:56.0559 6832 SiSRaid2 - ok
08:23:56.0579 6832 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
08:23:56.0599 6832 SiSRaid4 - ok
08:23:56.0619 6832 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
08:23:56.0629 6832 Smb - ok
08:23:56.0689 6832 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
08:23:56.0699 6832 spldr - ok
08:23:56.0759 6832 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
08:23:56.0759 6832 srv - ok
08:23:56.0789 6832 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
08:23:56.0799 6832 srv2 - ok
08:23:56.0819 6832 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
08:23:56.0829 6832 srvnet - ok
08:23:56.0879 6832 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
08:23:56.0889 6832 stexstor - ok
08:23:56.0929 6832 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
08:23:56.0939 6832 swenum - ok
08:23:57.0009 6832 SynTP (3c80203c725c28cea5713d1ab242880a) C:\windows\system32\DRIVERS\SynTP.sys
08:23:57.0049 6832 SynTP - ok
08:23:57.0149 6832 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
08:23:57.0169 6832 Tcpip - ok
08:23:57.0219 6832 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
08:23:57.0229 6832 TCPIP6 - ok
08:23:57.0279 6832 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
08:23:57.0279 6832 tcpipreg - ok
08:23:57.0309 6832 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
08:23:57.0309 6832 TDPIPE - ok
08:23:57.0339 6832 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
08:23:57.0339 6832 TDTCP - ok
08:23:57.0389 6832 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
08:23:57.0389 6832 tdx - ok
08:23:57.0449 6832 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
08:23:57.0459 6832 TermDD - ok
08:23:57.0539 6832 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
08:23:57.0539 6832 tssecsrv - ok
08:23:57.0599 6832 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
08:23:57.0599 6832 TsUsbFlt - ok
08:23:57.0679 6832 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
08:23:57.0679 6832 tunnel - ok
08:23:57.0769 6832 TurboB (53ff5f00eab07e329abe48ae3de4f5d7) C:\windows\system32\DRIVERS\TurboB.sys
08:23:57.0769 6832 TurboB - ok
08:23:57.0849 6832 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
08:23:57.0869 6832 uagp35 - ok
08:23:57.0919 6832 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
08:23:57.0919 6832 udfs - ok
08:23:57.0999 6832 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
08:23:58.0019 6832 uliagpkx - ok
08:23:58.0069 6832 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
08:23:58.0079 6832 umbus - ok
08:23:58.0089 6832 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
08:23:58.0109 6832 UmPass - ok
08:23:58.0129 6832 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
08:23:58.0149 6832 usbccgp - ok
08:23:58.0209 6832 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
08:23:58.0209 6832 usbcir - ok
08:23:58.0229 6832 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
08:23:58.0239 6832 usbehci - ok
08:23:58.0269 6832 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
08:23:58.0289 6832 usbhub - ok
08:23:58.0309 6832 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
08:23:58.0319 6832 usbohci - ok
08:23:58.0359 6832 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
08:23:58.0389 6832 usbprint - ok
08:23:58.0449 6832 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
08:23:58.0449 6832 usbscan - ok
08:23:58.0499 6832 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
08:23:58.0499 6832 USBSTOR - ok
08:23:58.0519 6832 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
08:23:58.0519 6832 usbuhci - ok
08:23:58.0589 6832 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
08:23:58.0609 6832 usbvideo - ok
08:23:58.0669 6832 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
08:23:58.0699 6832 vdrvroot - ok
08:23:58.0729 6832 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
08:23:58.0729 6832 vga - ok
08:23:58.0749 6832 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
08:23:58.0749 6832 VgaSave - ok
08:23:58.0769 6832 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
08:23:58.0789 6832 vhdmp - ok
08:23:58.0809 6832 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
08:23:58.0819 6832 viaide - ok
08:23:58.0839 6832 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
08:23:58.0869 6832 volmgr - ok
08:23:58.0919 6832 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
08:23:58.0929 6832 volmgrx - ok
08:23:58.0989 6832 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
08:23:59.0009 6832 volsnap - ok
08:23:59.0049 6832 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
08:23:59.0069 6832 vsmraid - ok
08:23:59.0099 6832 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
08:23:59.0099 6832 vwifibus - ok
08:23:59.0139 6832 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
08:23:59.0139 6832 vwififlt - ok
08:23:59.0209 6832 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
08:23:59.0209 6832 vwifimp - ok
08:23:59.0239 6832 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
08:23:59.0249 6832 WacomPen - ok
08:23:59.0309 6832 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
08:23:59.0319 6832 WANARP - ok
08:23:59.0319 6832 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
08:23:59.0319 6832 Wanarpv6 - ok
08:23:59.0399 6832 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
08:23:59.0399 6832 Wd - ok
08:23:59.0439 6832 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
08:23:59.0439 6832 Wdf01000 - ok
08:23:59.0509 6832 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
08:23:59.0509 6832 WfpLwf - ok
08:23:59.0529 6832 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
08:23:59.0529 6832 WIMMount - ok
08:23:59.0629 6832 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
08:23:59.0649 6832 WinUsb - ok
08:23:59.0669 6832 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
08:23:59.0689 6832 WmiAcpi - ok
08:23:59.0719 6832 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
08:23:59.0719 6832 ws2ifsl - ok
08:23:59.0779 6832 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
08:23:59.0779 6832 WudfPf - ok
08:23:59.0809 6832 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
08:23:59.0819 6832 WUDFRd - ok
08:23:59.0869 6832 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\windows\system32\DRIVERS\yk62x64.sys
08:23:59.0879 6832 yukonw7 - ok
08:23:59.0949 6832 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
08:24:00.0269 6832 \Device\Harddisk0\DR0 - ok
08:24:00.0269 6832 Boot (0x1200) (317d6f0bb64cc4000c69c5fb8cfa57ec) \Device\Harddisk0\DR0\Partition0
08:24:00.0269 6832 \Device\Harddisk0\DR0\Partition0 - ok
08:24:00.0279 6832 Boot (0x1200) (1c6b76c14c94521ee9c5e6f50ce05f90) \Device\Harddisk0\DR0\Partition1
08:24:00.0279 6832 \Device\Harddisk0\DR0\Partition1 - ok
08:24:00.0299 6832 Boot (0x1200) (57d134e345493878285b1cb7d769c3c1) \Device\Harddisk0\DR0\Partition2
08:24:00.0299 6832 \Device\Harddisk0\DR0\Partition2 - ok
08:24:00.0299 6832 ============================================================
08:24:00.0299 6832 Scan finished
08:24:00.0299 6832 ============================================================
08:24:00.0309 3128 Detected object count: 0
08:24:00.0309 3128 Actual detected object count: 0
08:24:12.0149 5572 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 07 February 2012 - 08:48 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Louispg

Louispg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 07 February 2012 - 11:26 AM

I try to run it (normal and safe mode, anti-virus disabled) but everytime I start scanning, after a few minutes it stops and I get a Windows error message saying that avast! Antirootkit has stopped working etc. etc.

I can see that this happens everytime it scans : c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications

Thanks !

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 07 February 2012 - 02:48 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Louispg

Louispg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 07 February 2012 - 03:54 PM

Ran fixTDSS, rebooted by itself and then opened a window saying "No infections were found".

Re-Ran aswMBR and... it did the same thing, at the same spot !

Thank you again and again !

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 10 February 2012 - 01:02 AM

Please download Kaspersky Virus Removal Tool and SAVE it to your desktop

  • Right click and run as admin (xp please double click to run)
  • select lang
  • accept the license aggreement
  • click on settings (gear looking thing on the right)
  • put check mark in
    • system memory
      hidden objects
      disk boot sectors
      computer
      os
  • go back to automatic scan
  • click on start scan
  • For this scan select skip for anything found
  • when the scan is complete click on the report button (looks like a peace of paper on the right of the gear looking thing)
  • on the left you will see
    status
    Detected threats<-- click on this one
    automatic Scan report
    Manual disinfection report
  • click on the save button
    save to a location that you can find it ( default is in the document folder)
  • copy and paste this report in your next post

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Louispg

Louispg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 10 February 2012 - 03:29 PM

Alright so this morning my NOD32 got updated and directly detected a trojan in c:\windows\SysWoW64\user32.dll.

I ignored it and tried to run Kapersky; it would say 3 problems detected with user32.dll but would also cause the computer to reboot every time it hit something (never got to see what exactly), so I decided that NOD32 should clean the user32.dll problem. It couldn't clean it so it deleted it at the next reboot. I had to copy back user32.dll from the Windows 7 CD since nothing was working properly, and then ran Kapersky. It finished running with no threats found this time around and NOD32 stopped warning me about the URL blocked, iexplorer windows not opening anymore.

So I guess I'm clean, but if there's anything / suggestions you have for me from now on (like uninstalling ComboFix and all the other tools ?), please inform me.

Thank you !

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 10 February 2012 - 03:56 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 13 February 2012 - 12:15 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users