Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit infection


  • This topic is locked This topic is locked
43 replies to this topic

#1 K-kOo

K-kOo

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 20 February 2012 - 03:36 PM

Hi there,

The brief summary of my problem is : i get redirected to abnow ad when i click results of google search.

Sorry I must say I have been impatient and tried to fixed by my own but wasn't successful. My laptop is *really* unstable, i get bluescreen really often (but i don't think this related), so it doesn't really help neither.
Anyway, here are my logs :

DDS logs
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Jojo at 20:42:00 on 2012-02-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.33.1033.18.6126.4320 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Users\Jojo\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Users\Jojo\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.EXE
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
G:\bleepingcomputer\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
uWinlogon: Shell=C:\Users\Jojo\AppData\Local\959f419c\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\java\jre6\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "C:\Users\Jojo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Jojo\AppData\Local\Akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [CANAL+ CANALSAT A LA DEMANDE] "C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
TCP: Interfaces\{782A5E1C-1DB1-46AA-B043-AF8D28374E1E} : DhcpNameServer = 89.2.0.1 89.2.0.2
TCP: Interfaces\{782A5E1C-1DB1-46AA-B043-AF8D28374E1E}\377796373736F6D6 : DhcpNameServer = 192.168.48.1
TCP: Interfaces\{782A5E1C-1DB1-46AA-B043-AF8D28374E1E}\6427565675966696 : DhcpNameServer = 212.27.40.241 212.27.40.242
TCP: Interfaces\{782A5E1C-1DB1-46AA-B043-AF8D28374E1E}\84F44554C4F514251474F4E4 : DhcpNameServer = 195.130.130.11
TCP: Interfaces\{782A5E1C-1DB1-46AA-B043-AF8D28374E1E}\C496675626F687D246130383 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F4A3FB2E-F71B-4F89-AB10-72BF48285117} : DhcpNameServer = 89.2.0.1 89.2.0.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\java\jre6\bin\ssv.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [CANAL+ CANALSAT A LA DEMANDE] "C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\yrngr6vk.default\
FF - plugin: C:\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npCpVod.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Users\Jojo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jojo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jojo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/26 02:16:23];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-4-2 146928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-12-23 44768]
R2 ca-messagequeuing;Netwg311;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 CanalPlus.VOD;CanalPlus.VOD;C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2010-5-3 188416]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-3-9 5352960]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimssne64.sys --> C:\Windows\system32\DRIVERS\rimssne64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-6-14 259192]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-4 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" --> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 a8djavs_x64;a8djavs_x64;C:\Windows\system32\Drivers\a8djavs_x64.sys --> C:\Windows\system32\Drivers\a8djavs_x64.sys [?]
S3 a8djusb_svc;Audio 8 DJ;C:\Windows\system32\Drivers\a8djusb.sys --> C:\Windows\system32\Drivers\a8djusb.sys [?]
S3 a8djusb_x64;a8djusb_x64;C:\Windows\system32\Drivers\a8djusb_x64.sys --> C:\Windows\system32\Drivers\a8djusb_x64.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-4 136176]
S3 Phase26;PHASE26 WDM Audio;C:\Windows\system32\drivers\Phase26m.sys --> C:\Windows\system32\drivers\Phase26m.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TTP7;Flash Update for TerraTec PHASE 26 USB;C:\Windows\system32\DRIVERS\ttp7up.sys --> C:\Windows\system32\DRIVERS\ttp7up.sys [?]
S3 TVICHW64;TVICHW64;\??\C:\Windows\system32\DRIVERS\TVICHW64.SYS --> C:\Windows\system32\DRIVERS\TVICHW64.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-6-14 44736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2012-02-20 18:59:46 208896 ----a-w- C:\Windows\MBR.exe
2012-02-20 18:59:45 98816 ----a-w- C:\Windows\sed.exe
2012-02-20 18:59:45 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-20 18:59:45 256000 ----a-w- C:\Windows\PEV.exe
2012-02-20 18:59:19 -------- d-s---w- C:\ComboFix
2012-02-20 17:30:42 -------- d-----w- C:\Users\Jojo\AppData\Roaming\SUPERAntiSpyware.com
2012-02-20 17:29:55 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-20 17:29:55 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-19 19:39:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-19 19:28:04 -------- d-----w- C:\ProgramData\PC Tools
2012-02-19 19:13:34 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-19 19:11:25 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-02-19 19:08:01 0 --sha-w- C:\Windows\System32\dds_log_trash.cmd
2012-02-19 19:06:57 -------- d-sh--w- C:\Users\Jojo\AppData\Local\959f419c
2012-02-19 18:57:49 -------- d-----w- C:\Users\Jojo\AppData\Local\Mixed_In_Key_LLC
2012-02-19 18:57:48 -------- d-----w- C:\Users\Jojo\AppData\Local\Mixed In Key
2012-02-19 18:57:13 -------- d-----w- C:\Program Files (x86)\Mixed In Key 5.0
2012-02-19 18:54:32 -------- d-----w- C:\Users\Jojo\AppData\Roaming\Mixed In Key LLC
2012-02-18 22:48:51 -------- d-----w- C:\Users\Jojo\.swt
2012-02-18 22:36:58 -------- d-sh--w- C:\found.004
2012-02-18 13:50:31 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5DB498B-1D0B-4E67-A57F-049E94A0833C}\mpengine.dll
2012-01-23 01:06:03 -------- d-----w- C:\Users\Jojo\AppData\Roaming\ScummVM
.
==================== Find3M ====================
.
2012-01-29 04:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-09 15:06:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr
2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2006-05-03 10:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 20:44:15,71 ===============

I tried to attach Attach.zip to this post but i get this error (using the advanced uploader):

Attach.zip
The server returned an error during upload


Thanks in advance for your help,
Jojo

Edited by K-kOo, 20 February 2012 - 03:42 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:27 PM

Posted 21 February 2012 - 03:06 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:27 PM

Posted 24 February 2012 - 12:45 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 K-kOo

K-kOo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 25 February 2012 - 06:25 AM

Hi gringo, thank you for your answer.
Sorey i didnt get any notification by email
I will run combofix and let you know the results !

#5 K-kOo

K-kOo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 25 February 2012 - 11:12 AM

Combofix ran almost fine the first time, it even deleted some stuff and restarted my computer but when windows got restarted i got a blue screen error.
After trying 2 other times (at first, it got stuck at deleting a folder, i had to manually close the program) I finally got the attached log.

Hope it help.

Redirection seems gone now.

Attached Files

  • Attached File  log.txt   17.57KB   5 downloads


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:27 PM

Posted 25 February 2012 - 03:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 K-kOo

K-kOo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 25 February 2012 - 07:04 PM

Scans went fine. TDSSKiller found 1 small threat.
aswMBR found 3 files infected. Should i click on Fix before closing this program ?

TDSS Killer log

00:06:51.0716 5980 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
00:06:51.0855 5980 ============================================================
00:06:51.0855 5980 Current date / time: 2012/02/26 00:06:51.0855
00:06:51.0855 5980 SystemInfo:
00:06:51.0855 5980
00:06:51.0855 5980 OS Version: 6.1.7601 ServicePack: 1.0
00:06:51.0855 5980 Product type: Workstation
00:06:51.0856 5980 ComputerName: JOJO-PC
00:06:51.0856 5980 UserName: Jojo
00:06:51.0856 5980 Windows directory: C:\Windows
00:06:51.0856 5980 System windows directory: C:\Windows
00:06:51.0856 5980 Running under WOW64
00:06:51.0856 5980 Processor architecture: Intel x64
00:06:51.0856 5980 Number of processors: 8
00:06:51.0856 5980 Page size: 0x1000
00:06:51.0856 5980 Boot type: Normal boot
00:06:51.0856 5980 ============================================================
00:06:53.0083 5980 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:06:53.0103 5980 \Device\Harddisk0\DR0:
00:06:53.0103 5980 MBR used
00:06:53.0103 5980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x13EF000, BlocksNum 0x32000
00:06:53.0103 5980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1421000, BlocksNum 0x1DC2B830
00:06:53.0117 5980 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1F04D800, BlocksNum 0x1B338000
00:06:53.0191 5980 Initialize success
00:06:53.0191 5980 ============================================================
00:07:05.0681 6972 ============================================================
00:07:05.0681 6972 Scan started
00:07:05.0681 6972 Mode: Manual;
00:07:05.0681 6972 ============================================================
00:07:06.0558 6972 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
00:07:06.0561 6972 1394ohci - ok
00:07:06.0599 6972 a8djavs (bdd5ed82bd07b70a8d5ba743f4bfb893) C:\Windows\system32\Drivers\a8djavs.sys
00:07:06.0605 6972 a8djavs - ok
00:07:06.0642 6972 a8djavs_x64 (bfcd54a1d14707eb46f09ab2e782be91) C:\Windows\system32\Drivers\a8djavs_x64.sys
00:07:06.0643 6972 a8djavs_x64 - ok
00:07:06.0720 6972 a8djusb_svc (20655c1777d20b428a8c3dbffe6a2e19) C:\Windows\system32\Drivers\a8djusb.sys
00:07:06.0722 6972 a8djusb_svc - ok
00:07:06.0845 6972 a8djusb_x64 (0ca501dc7ae111b2661c08d3b94723f6) C:\Windows\system32\Drivers\a8djusb_x64.sys
00:07:06.0849 6972 a8djusb_x64 - ok
00:07:06.0934 6972 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:07:06.0938 6972 ACPI - ok
00:07:07.0014 6972 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:07:07.0015 6972 AcpiPmi - ok
00:07:07.0097 6972 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:07:07.0103 6972 adp94xx - ok
00:07:07.0142 6972 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:07:07.0147 6972 adpahci - ok
00:07:07.0168 6972 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:07:07.0171 6972 adpu320 - ok
00:07:07.0244 6972 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:07:07.0251 6972 AFD - ok
00:07:07.0306 6972 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:07:07.0308 6972 agp440 - ok
00:07:07.0388 6972 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:07:07.0389 6972 aliide - ok
00:07:07.0409 6972 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:07:07.0410 6972 amdide - ok
00:07:07.0477 6972 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:07:07.0478 6972 AmdK8 - ok
00:07:07.0503 6972 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:07:07.0504 6972 AmdPPM - ok
00:07:07.0574 6972 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:07:07.0576 6972 amdsata - ok
00:07:07.0597 6972 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:07:07.0600 6972 amdsbs - ok
00:07:07.0626 6972 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:07:07.0627 6972 amdxata - ok
00:07:07.0712 6972 ApfiltrService (1661f9c9e4b0049fa0a5e30264375a87) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:07:07.0714 6972 ApfiltrService - ok
00:07:07.0798 6972 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:07:07.0800 6972 AppID - ok
00:07:07.0875 6972 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:07:07.0877 6972 arc - ok
00:07:07.0898 6972 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:07:07.0900 6972 arcsas - ok
00:07:08.0008 6972 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
00:07:08.0009 6972 aswFsBlk - ok
00:07:08.0106 6972 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
00:07:08.0106 6972 aswMonFlt - ok
00:07:08.0160 6972 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
00:07:08.0161 6972 aswRdr - ok
00:07:08.0211 6972 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
00:07:08.0214 6972 aswSnx - ok
00:07:08.0272 6972 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
00:07:08.0273 6972 aswSP - ok
00:07:08.0331 6972 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
00:07:08.0332 6972 aswTdi - ok
00:07:08.0404 6972 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:07:08.0405 6972 AsyncMac - ok
00:07:08.0448 6972 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:07:08.0448 6972 atapi - ok
00:07:08.0537 6972 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:07:08.0544 6972 b06bdrv - ok
00:07:08.0603 6972 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:07:08.0607 6972 b57nd60a - ok
00:07:08.0684 6972 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:07:08.0684 6972 Beep - ok
00:07:08.0762 6972 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:07:08.0763 6972 blbdrive - ok
00:07:08.0854 6972 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:07:08.0856 6972 bowser - ok
00:07:08.0902 6972 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:07:08.0902 6972 BrFiltLo - ok
00:07:08.0916 6972 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:07:08.0917 6972 BrFiltUp - ok
00:07:08.0988 6972 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:07:08.0990 6972 BridgeMP - ok
00:07:09.0061 6972 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:07:09.0066 6972 Brserid - ok
00:07:09.0083 6972 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:07:09.0085 6972 BrSerWdm - ok
00:07:09.0096 6972 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:07:09.0097 6972 BrUsbMdm - ok
00:07:09.0120 6972 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:07:09.0121 6972 BrUsbSer - ok
00:07:09.0199 6972 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
00:07:09.0200 6972 BthEnum - ok
00:07:09.0223 6972 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:07:09.0225 6972 BTHMODEM - ok
00:07:09.0295 6972 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:07:09.0297 6972 BthPan - ok
00:07:09.0344 6972 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
00:07:09.0351 6972 BTHPORT - ok
00:07:09.0425 6972 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
00:07:09.0427 6972 BTHUSB - ok
00:07:09.0488 6972 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
00:07:09.0489 6972 btusbflt - ok
00:07:09.0536 6972 catchme - ok
00:07:09.0591 6972 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:07:09.0593 6972 cdfs - ok
00:07:09.0671 6972 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:07:09.0674 6972 cdrom - ok
00:07:09.0733 6972 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:07:09.0734 6972 circlass - ok
00:07:09.0773 6972 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:07:09.0778 6972 CLFS - ok
00:07:09.0840 6972 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:07:09.0841 6972 CmBatt - ok
00:07:09.0878 6972 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:07:09.0879 6972 cmdide - ok
00:07:09.0937 6972 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
00:07:09.0942 6972 CNG - ok
00:07:09.0988 6972 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:07:09.0989 6972 Compbatt - ok
00:07:10.0045 6972 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:07:10.0046 6972 CompositeBus - ok
00:07:10.0102 6972 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:07:10.0103 6972 crcdisk - ok
00:07:10.0169 6972 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:07:10.0176 6972 CSC - ok
00:07:10.0230 6972 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:07:10.0232 6972 DfsC - ok
00:07:10.0266 6972 DFUBTUSB - ok
00:07:10.0307 6972 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:07:10.0309 6972 discache - ok
00:07:10.0380 6972 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:07:10.0382 6972 Disk - ok
00:07:10.0471 6972 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:07:10.0472 6972 drmkaud - ok
00:07:10.0572 6972 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:07:10.0577 6972 DXGKrnl - ok
00:07:10.0676 6972 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:07:10.0716 6972 ebdrv - ok
00:07:10.0861 6972 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
00:07:10.0862 6972 ElbyCDIO - ok
00:07:10.0938 6972 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:07:10.0945 6972 elxstor - ok
00:07:10.0986 6972 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:07:10.0988 6972 ErrDev - ok
00:07:11.0071 6972 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:07:11.0074 6972 exfat - ok
00:07:11.0092 6972 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:07:11.0095 6972 fastfat - ok
00:07:11.0165 6972 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:07:11.0166 6972 fdc - ok
00:07:11.0216 6972 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:07:11.0217 6972 FileInfo - ok
00:07:11.0236 6972 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:07:11.0237 6972 Filetrace - ok
00:07:11.0257 6972 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:07:11.0258 6972 flpydisk - ok
00:07:11.0306 6972 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:07:11.0310 6972 FltMgr - ok
00:07:11.0360 6972 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:07:11.0362 6972 FsDepends - ok
00:07:11.0381 6972 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:07:11.0381 6972 Fs_Rec - ok
00:07:11.0450 6972 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:07:11.0453 6972 fvevol - ok
00:07:11.0509 6972 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:07:11.0510 6972 gagp30kx - ok
00:07:11.0596 6972 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:07:11.0597 6972 GEARAspiWDM - ok
00:07:11.0727 6972 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:07:11.0728 6972 hcw85cir - ok
00:07:11.0792 6972 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:07:11.0797 6972 HdAudAddService - ok
00:07:11.0870 6972 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:07:11.0872 6972 HDAudBus - ok
00:07:11.0894 6972 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:07:11.0895 6972 HidBatt - ok
00:07:11.0987 6972 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:07:11.0989 6972 HidBth - ok
00:07:12.0062 6972 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:07:12.0063 6972 HidIr - ok
00:07:12.0134 6972 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
00:07:12.0135 6972 HidUsb - ok
00:07:12.0209 6972 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:07:12.0211 6972 HpSAMD - ok
00:07:12.0310 6972 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:07:12.0320 6972 HTTP - ok
00:07:12.0356 6972 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:07:12.0357 6972 hwpolicy - ok
00:07:12.0422 6972 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:07:12.0424 6972 i8042prt - ok
00:07:12.0498 6972 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:07:12.0503 6972 Suspicious file (Forged): C:\Windows\system32\drivers\iaStorV.sys. Real md5: aaaf44db3bd0b9d1fb6969b23ecc8366, Fake md5: 9abe36ddfb75ade99cdbfd150171b9e6
00:07:12.0504 6972 iaStorV ( ForgedFile.Multi.Generic ) - warning
00:07:12.0505 6972 iaStorV - detected ForgedFile.Multi.Generic (1)
00:07:12.0542 6972 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:07:12.0544 6972 iirsp - ok
00:07:12.0679 6972 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
00:07:12.0689 6972 IntcAzAudAddService - ok
00:07:12.0737 6972 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:07:12.0738 6972 intelide - ok
00:07:12.0800 6972 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:07:12.0800 6972 intelppm - ok
00:07:12.0857 6972 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:07:12.0858 6972 IpFilterDriver - ok
00:07:12.0947 6972 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:07:12.0948 6972 IPMIDRV - ok
00:07:12.0967 6972 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:07:12.0969 6972 IPNAT - ok
00:07:13.0028 6972 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:07:13.0029 6972 IRENUM - ok
00:07:13.0093 6972 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:07:13.0094 6972 isapnp - ok
00:07:13.0118 6972 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:07:13.0122 6972 iScsiPrt - ok
00:07:13.0169 6972 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:07:13.0170 6972 kbdclass - ok
00:07:13.0233 6972 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:07:13.0234 6972 kbdhid - ok
00:07:13.0301 6972 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
00:07:13.0302 6972 KSecDD - ok
00:07:13.0353 6972 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
00:07:13.0355 6972 KSecPkg - ok
00:07:13.0401 6972 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:07:13.0403 6972 ksthunk - ok
00:07:13.0549 6972 Lbd - ok
00:07:13.0610 6972 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:07:13.0611 6972 lltdio - ok
00:07:13.0670 6972 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:07:13.0672 6972 LSI_FC - ok
00:07:13.0717 6972 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:07:13.0719 6972 LSI_SAS - ok
00:07:13.0737 6972 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:07:13.0738 6972 LSI_SAS2 - ok
00:07:13.0766 6972 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:07:13.0768 6972 LSI_SCSI - ok
00:07:13.0790 6972 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:07:13.0792 6972 luafv - ok
00:07:13.0810 6972 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:07:13.0811 6972 megasas - ok
00:07:13.0851 6972 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:07:13.0855 6972 MegaSR - ok
00:07:13.0909 6972 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:07:13.0911 6972 Modem - ok
00:07:13.0953 6972 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:07:13.0954 6972 monitor - ok
00:07:14.0024 6972 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:07:14.0025 6972 mouclass - ok
00:07:14.0077 6972 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:07:14.0078 6972 mouhid - ok
00:07:14.0120 6972 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:07:14.0121 6972 mountmgr - ok
00:07:14.0161 6972 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:07:14.0163 6972 mpio - ok
00:07:14.0180 6972 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:07:14.0182 6972 mpsdrv - ok
00:07:14.0277 6972 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:07:14.0279 6972 MRxDAV - ok
00:07:14.0320 6972 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:07:14.0323 6972 mrxsmb - ok
00:07:14.0351 6972 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:07:14.0355 6972 mrxsmb10 - ok
00:07:14.0382 6972 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:07:14.0384 6972 mrxsmb20 - ok
00:07:14.0421 6972 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:07:14.0421 6972 msahci - ok
00:07:14.0462 6972 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:07:14.0465 6972 msdsm - ok
00:07:14.0536 6972 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:07:14.0538 6972 Msfs - ok
00:07:14.0583 6972 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:07:14.0583 6972 mshidkmdf - ok
00:07:14.0618 6972 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:07:14.0618 6972 msisadrv - ok
00:07:14.0636 6972 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:07:14.0637 6972 MSKSSRV - ok
00:07:14.0660 6972 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:07:14.0661 6972 MSPCLOCK - ok
00:07:14.0673 6972 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:07:14.0674 6972 MSPQM - ok
00:07:14.0711 6972 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:07:14.0715 6972 MsRPC - ok
00:07:14.0750 6972 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:07:14.0751 6972 mssmbios - ok
00:07:14.0762 6972 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:07:14.0763 6972 MSTEE - ok
00:07:14.0783 6972 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:07:14.0784 6972 MTConfig - ok
00:07:14.0828 6972 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:07:14.0829 6972 Mup - ok
00:07:14.0928 6972 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:07:14.0932 6972 NativeWifiP - ok
00:07:15.0055 6972 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:07:15.0067 6972 NDIS - ok
00:07:15.0102 6972 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:07:15.0104 6972 NdisCap - ok
00:07:15.0148 6972 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:07:15.0149 6972 NdisTapi - ok
00:07:15.0214 6972 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:07:15.0215 6972 Ndisuio - ok
00:07:15.0261 6972 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:07:15.0264 6972 NdisWan - ok
00:07:15.0330 6972 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:07:15.0331 6972 NDProxy - ok
00:07:15.0382 6972 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:07:15.0383 6972 NetBIOS - ok
00:07:15.0428 6972 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:07:15.0432 6972 NetBT - ok
00:07:15.0691 6972 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
00:07:15.0802 6972 NETw5s64 - ok
00:07:15.0935 6972 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:07:15.0937 6972 nfrd960 - ok
00:07:16.0011 6972 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:07:16.0013 6972 Npfs - ok
00:07:16.0037 6972 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:07:16.0038 6972 nsiproxy - ok
00:07:16.0103 6972 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:07:16.0123 6972 Ntfs - ok
00:07:16.0148 6972 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:07:16.0149 6972 Null - ok
00:07:16.0206 6972 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
00:07:16.0207 6972 NVHDA - ok
00:07:16.0464 6972 nvlddmkm (ca8447574e9dae22250c723819d3ef96) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:07:16.0513 6972 nvlddmkm - ok
00:07:16.0644 6972 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:07:16.0646 6972 nvraid - ok
00:07:16.0667 6972 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:07:16.0670 6972 nvstor - ok
00:07:16.0742 6972 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:07:16.0744 6972 nv_agp - ok
00:07:16.0780 6972 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:07:16.0782 6972 ohci1394 - ok
00:07:16.0821 6972 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:07:16.0823 6972 Parport - ok
00:07:16.0856 6972 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:07:16.0857 6972 partmgr - ok
00:07:16.0897 6972 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:07:16.0900 6972 pci - ok
00:07:16.0920 6972 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:07:16.0921 6972 pciide - ok
00:07:16.0945 6972 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:07:16.0948 6972 pcmcia - ok
00:07:16.0974 6972 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:07:16.0975 6972 pcw - ok
00:07:17.0000 6972 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:07:17.0009 6972 PEAUTH - ok
00:07:17.0086 6972 Phase26 (119e92474e7bcc504770d4997356e562) C:\Windows\system32\drivers\Phase26m.sys
00:07:17.0088 6972 Phase26 - ok
00:07:17.0182 6972 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:07:17.0184 6972 PptpMiniport - ok
00:07:17.0200 6972 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:07:17.0202 6972 Processor - ok
00:07:17.0269 6972 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:07:17.0271 6972 Psched - ok
00:07:17.0325 6972 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
00:07:17.0326 6972 PxHlpa64 - ok
00:07:17.0404 6972 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:07:17.0423 6972 ql2300 - ok
00:07:17.0442 6972 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:07:17.0444 6972 ql40xx - ok
00:07:17.0467 6972 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:07:17.0468 6972 QWAVEdrv - ok
00:07:17.0518 6972 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:07:17.0519 6972 RasAcd - ok
00:07:17.0591 6972 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:07:17.0593 6972 RasAgileVpn - ok
00:07:17.0638 6972 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:07:17.0640 6972 Rasl2tp - ok
00:07:17.0709 6972 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:07:17.0711 6972 RasPppoe - ok
00:07:17.0756 6972 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:07:17.0758 6972 RasSstp - ok
00:07:17.0808 6972 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:07:17.0812 6972 rdbss - ok
00:07:17.0830 6972 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:07:17.0831 6972 rdpbus - ok
00:07:17.0886 6972 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:07:17.0887 6972 RDPCDD - ok
00:07:17.0929 6972 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:07:17.0932 6972 RDPDR - ok
00:07:17.0958 6972 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:07:17.0959 6972 RDPENCDD - ok
00:07:17.0972 6972 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:07:17.0973 6972 RDPREFMP - ok
00:07:18.0051 6972 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
00:07:18.0052 6972 RdpVideoMiniport - ok
00:07:18.0098 6972 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:07:18.0102 6972 RDPWD - ok
00:07:18.0138 6972 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:07:18.0141 6972 rdyboost - ok
00:07:18.0251 6972 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:07:18.0254 6972 RFCOMM - ok
00:07:18.0290 6972 rimspci (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\DRIVERS\rimssne64.sys
00:07:18.0292 6972 rimspci - ok
00:07:18.0334 6972 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:07:18.0335 6972 rspndr - ok
00:07:18.0373 6972 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:07:18.0374 6972 s3cap - ok
00:07:18.0506 6972 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:07:18.0506 6972 SASDIFSV - ok
00:07:18.0546 6972 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:07:18.0547 6972 SASKUTIL - ok
00:07:18.0588 6972 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:07:18.0591 6972 sbp2port - ok
00:07:18.0641 6972 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:07:18.0642 6972 scfilter - ok
00:07:18.0719 6972 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
00:07:18.0721 6972 sdbus - ok
00:07:18.0788 6972 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:07:18.0789 6972 secdrv - ok
00:07:18.0845 6972 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:07:18.0846 6972 Serenum - ok
00:07:18.0899 6972 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:07:18.0901 6972 Serial - ok
00:07:18.0965 6972 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:07:18.0966 6972 sermouse - ok
00:07:19.0042 6972 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
00:07:19.0043 6972 SFEP - ok
00:07:19.0083 6972 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:07:19.0085 6972 sffdisk - ok
00:07:19.0102 6972 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:07:19.0103 6972 sffp_mmc - ok
00:07:19.0125 6972 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:07:19.0126 6972 sffp_sd - ok
00:07:19.0167 6972 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:07:19.0168 6972 sfloppy - ok
00:07:19.0235 6972 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:07:19.0236 6972 SiSRaid2 - ok
00:07:19.0258 6972 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:07:19.0260 6972 SiSRaid4 - ok
00:07:19.0311 6972 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:07:19.0313 6972 Smb - ok
00:07:19.0369 6972 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:07:19.0370 6972 spldr - ok
00:07:19.0423 6972 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:07:19.0429 6972 srv - ok
00:07:19.0453 6972 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:07:19.0459 6972 srv2 - ok
00:07:19.0481 6972 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:07:19.0484 6972 srvnet - ok
00:07:19.0543 6972 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:07:19.0545 6972 stexstor - ok
00:07:19.0619 6972 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:07:19.0619 6972 storflt - ok
00:07:19.0664 6972 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:07:19.0664 6972 storvsc - ok
00:07:19.0706 6972 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:07:19.0709 6972 swenum - ok
00:07:19.0758 6972 Synth3dVsc - ok
00:07:19.0838 6972 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
00:07:19.0861 6972 Tcpip - ok
00:07:19.0917 6972 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
00:07:19.0925 6972 TCPIP6 - ok
00:07:19.0970 6972 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:07:19.0972 6972 tcpipreg - ok
00:07:20.0010 6972 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:07:20.0011 6972 TDPIPE - ok
00:07:20.0027 6972 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:07:20.0028 6972 TDTCP - ok
00:07:20.0089 6972 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:07:20.0091 6972 tdx - ok
00:07:20.0134 6972 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:07:20.0135 6972 TermDD - ok
00:07:20.0191 6972 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:07:20.0193 6972 tssecsrv - ok
00:07:20.0262 6972 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:07:20.0264 6972 TsUsbFlt - ok
00:07:20.0291 6972 tsusbhub - ok
00:07:20.0348 6972 TTP7 (b1acb75d290d755ea27fef88d31e71b7) C:\Windows\system32\DRIVERS\ttp7up.sys
00:07:20.0350 6972 TTP7 - ok
00:07:20.0416 6972 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:07:20.0419 6972 tunnel - ok
00:07:20.0486 6972 TVICHW64 (1a006963644c7fde5be60036f3a43e68) C:\Windows\system32\DRIVERS\TVICHW64.SYS
00:07:20.0487 6972 TVICHW64 - ok
00:07:20.0520 6972 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:07:20.0522 6972 uagp35 - ok
00:07:20.0566 6972 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:07:20.0570 6972 udfs - ok
00:07:20.0646 6972 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:07:20.0648 6972 uliagpkx - ok
00:07:20.0688 6972 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:07:20.0689 6972 umbus - ok
00:07:20.0712 6972 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:07:20.0713 6972 UmPass - ok
00:07:20.0938 6972 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
00:07:20.0940 6972 USBAAPL64 - ok
00:07:21.0024 6972 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:07:21.0026 6972 usbaudio - ok
00:07:21.0095 6972 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:07:21.0097 6972 usbccgp - ok
00:07:21.0120 6972 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:07:21.0121 6972 usbcir - ok
00:07:21.0140 6972 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:07:21.0142 6972 usbehci - ok
00:07:21.0205 6972 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:07:21.0210 6972 usbhub - ok
00:07:21.0236 6972 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:07:21.0237 6972 usbohci - ok
00:07:21.0277 6972 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:07:21.0278 6972 usbprint - ok
00:07:21.0326 6972 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:07:21.0328 6972 USBSTOR - ok
00:07:21.0346 6972 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:07:21.0347 6972 usbuhci - ok
00:07:21.0409 6972 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
00:07:21.0413 6972 usbvideo - ok
00:07:21.0511 6972 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
00:07:21.0512 6972 VClone - ok
00:07:21.0571 6972 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:07:21.0572 6972 vdrvroot - ok
00:07:21.0641 6972 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:07:21.0642 6972 vga - ok
00:07:21.0665 6972 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:07:21.0666 6972 VgaSave - ok
00:07:21.0704 6972 VGPU - ok
00:07:21.0756 6972 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:07:21.0759 6972 vhdmp - ok
00:07:21.0777 6972 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:07:21.0779 6972 viaide - ok
00:07:21.0824 6972 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:07:21.0827 6972 vmbus - ok
00:07:21.0874 6972 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:07:21.0875 6972 VMBusHID - ok
00:07:21.0936 6972 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:07:21.0937 6972 volmgr - ok
00:07:21.0980 6972 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:07:21.0985 6972 volmgrx - ok
00:07:22.0029 6972 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:07:22.0032 6972 volsnap - ok
00:07:22.0108 6972 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:07:22.0111 6972 vsmraid - ok
00:07:22.0138 6972 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:07:22.0139 6972 vwifibus - ok
00:07:22.0154 6972 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:07:22.0156 6972 vwififlt - ok
00:07:22.0208 6972 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:07:22.0210 6972 vwifimp - ok
00:07:22.0268 6972 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:07:22.0269 6972 WacomPen - ok
00:07:22.0350 6972 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:07:22.0352 6972 WANARP - ok
00:07:22.0356 6972 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:07:22.0357 6972 Wanarpv6 - ok
00:07:22.0391 6972 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:07:22.0392 6972 Wd - ok
00:07:22.0428 6972 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:07:22.0436 6972 Wdf01000 - ok
00:07:22.0476 6972 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:07:22.0478 6972 WfpLwf - ok
00:07:22.0494 6972 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:07:22.0495 6972 WIMMount - ok
00:07:22.0658 6972 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:07:22.0659 6972 WinUsb - ok
00:07:22.0696 6972 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:07:22.0697 6972 WmiAcpi - ok
00:07:22.0729 6972 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:07:22.0730 6972 ws2ifsl - ok
00:07:22.0786 6972 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:07:22.0789 6972 WudfPf - ok
00:07:22.0810 6972 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:07:22.0813 6972 WUDFRd - ok
00:07:22.0858 6972 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
00:07:22.0863 6972 yukonw7 - ok
00:07:22.0976 6972 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
00:07:22.0977 6972 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
00:07:23.0035 6972 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:07:23.0097 6972 \Device\Harddisk0\DR0 - ok
00:07:23.0100 6972 Boot (0x1200) (93e4cbf0a4cbaa9c5534b0695869c69e) \Device\Harddisk0\DR0\Partition0
00:07:23.0102 6972 \Device\Harddisk0\DR0\Partition0 - ok
00:07:23.0108 6972 Boot (0x1200) (1039af3c994b5e95489b0447270ea28f) \Device\Harddisk0\DR0\Partition1
00:07:23.0110 6972 \Device\Harddisk0\DR0\Partition1 - ok
00:07:23.0128 6972 Boot (0x1200) (888e2fd4645d5557bddd7fe39c830f41) \Device\Harddisk0\DR0\Partition2
00:07:23.0129 6972 \Device\Harddisk0\DR0\Partition2 - ok
00:07:23.0130 6972 ============================================================
00:07:23.0130 6972 Scan finished
00:07:23.0130 6972 ============================================================
00:07:23.0136 4116 Detected object count: 1
00:07:23.0136 4116 Actual detected object count: 1
00:09:26.0351 4116 iaStorV ( ForgedFile.Multi.Generic ) - skipped by user
00:09:26.0351 4116 iaStorV ( ForgedFile.Multi.Generic ) - User select action: Skip
00:10:54.0012 2016 Deinitialize success

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:27 PM

Posted 25 February 2012 - 08:40 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\Windows\system32\IntelC53.dll
C:\Windows\system32\Intels51.dll 
C:\Windows\system32\vstor2-ws60.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 K-kOo

K-kOo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 26 February 2012 - 09:40 AM

ComboFix log attached.

Was it supposed to fix the files aswMBR reported ?

Still no more redirection to abnow.

Attached Files



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:27 PM

Posted 26 February 2012 - 12:12 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 K-kOo

K-kOo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 26 February 2012 - 04:09 PM

Here is the OTL log:

OTL logfile created on: 2/26/2012 9:53:39 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Jojo\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy

5.98 Gb Total Physical Memory | 4.33 Gb Available Physical Memory | 72.34% Memory free
11.96 Gb Paging File | 10.25 Gb Available in Paging File | 85.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.08 Gb Total Space | 115.02 Gb Free Space | 48.31% Space Free | Partition Type: NTFS
Drive Z: | 217.61 Gb Total Space | 43.80 Gb Free Space | 20.13% Space Free | Partition Type: NTFS

Computer Name: JOJO-PC | User Name: Jojo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jojo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Jojo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.exe ()
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe (Canal+ Active)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll ()
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (CanalPlus.VOD) -- C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe (Canal+ Active)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (a8djavs) -- C:\Windows\SysNative\drivers\a8djavs.sys (Native Instruments GmbH)
DRV:64bit: - (a8djusb_svc) -- C:\Windows\SysNative\drivers\a8djusb.sys (Native Instruments GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TVICHW64) -- C:\Windows\SysNative\drivers\TVicHW64.sys (EnTech Taiwan)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (a8djavs_x64) -- C:\Windows\SysNative\drivers\a8djavs_x64.sys (Native Instruments GmbH)
DRV:64bit: - (a8djusb_x64) -- C:\Windows\SysNative\drivers\a8djusb_x64.sys (Native Instruments GmbH)
DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Phase26) -- C:\Windows\SysNative\drivers\Phase26m.sys (TerraTec Electronic GmbH)
DRV:64bit: - (TTP7) -- C:\Windows\SysNative\drivers\ttp7up.sys (TerraTec)
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1660810582-4181507185-3789098069-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1660810582-4181507185-3789098069-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 FA EF CD 91 83 CC 01 [binary data]
IE - HKU\S-1-5-21-1660810582-4181507185-3789098069-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1660810582-4181507185-3789098069-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canalplus.fr/Assistants VOD,version=1.0.0.0: C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npcpvod.dll (Canal+ Active)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jojo\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jojo\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/01 00:00:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/09 16:24:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/12/28 23:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jojo\AppData\Roaming\Mozilla\Extensions
[2011/10/29 15:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\yrngr6vk.default\extensions
[2011/10/29 15:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\yrngr6vk.default\extensions\staged
[2012/01/09 16:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/09 16:06:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\JOJO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YRNGR6VK.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/07/08 08:37:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/09 16:06:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 09:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2010/01/01 09:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 09:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jojo\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jojo\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jojo\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jojo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jojo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Canal+ Assistants VOD (Enabled) = C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npcpvod.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: JavaScript Injector: Nicholas Workshop = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdogfafejmdomllalkdegagoehgbdbk\2.0.5_0\
CHR - Extension: Entanglement = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Pidoco\u00B0 = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bipghjdghdamigamobmcaigdcncbkfof\1.8_0\
CHR - Extension: Audiotool = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0\
CHR - Extension: YouTube = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: MockFlow = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldcgifnkcmflfjfbhedkdfecbaakmcd\7.1_0\
CHR - Extension: Google Search = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Tampermonkey = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.2.2517_0\
CHR - Extension: FB Photo Zoom = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\
CHR - Extension: Switch to Tab = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbfhhcljihbgcobpfnceegfmooomhhli\3_0\
CHR - Extension: AdBlock = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.19_0\
CHR - Extension: TweetDeck = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.1.3_0\
CHR - Extension: jsFiddle = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiigmadmngbpbmacbkfngpkjfmmpagfk\2.0.2_0\
CHR - Extension: Locomote = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hladmecilpblhileppnpknjmaiaakkba\1.1.0.0_0\
CHR - Extension: tHema = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkaeajbkjogfmcjenokjpdebpmjodam\1.5.6_0\
CHR - Extension: Poppit = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Mockingbird = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mglnbanmebacbohplmcogiompoijbhnm\1.0_0\
CHR - Extension: AT_Delbuck = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\neghaibmbjedngldjldidfoobmkkfkle\2_0\
CHR - Extension: 4chan Plus = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.3.9_0\
CHR - Extension: Gmail = C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/26 15:19:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-1660810582-4181507185-3789098069-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CANAL+ CANALSAT A LA DEMANDE] C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe (Canal+)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1660810582-4181507185-3789098069-1000..\Run: [Akamai NetSession Interface] C:\Users\Jojo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1660810582-4181507185-3789098069-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1660810582-4181507185-3789098069-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1660810582-4181507185-3789098069-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{782A5E1C-1DB1-46AA-B043-AF8D28374E1E}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4A3FB2E-F71B-4F89-AB10-72BF48285117}: DhcpNameServer = 89.2.0.1 89.2.0.2
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 21:52:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/26 21:40:17 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Jojo\Desktop\OTL.exe
[2012/02/26 15:02:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/26 00:05:02 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Jojo\Desktop\aswMBR.exe
[2012/02/26 00:04:36 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jojo\Desktop\tdsskiller.exe
[2012/02/25 14:44:15 | 000,000,000 | ---D | C] -- C:\c26a59fafeecc24c87e545
[2012/02/25 12:51:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/25 12:51:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/20 19:59:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/20 19:59:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/20 19:57:35 | 004,419,501 | R--- | C] (Swearware) -- C:\Users\Jojo\Desktop\ComboFix.exe
[2012/02/20 18:30:42 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/20 18:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/20 18:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/20 18:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/19 20:39:24 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/19 20:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/02/19 20:13:34 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/19 20:13:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/19 20:11:25 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/02/19 20:06:57 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\959f419c
[2012/02/19 19:57:49 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\Mixed_In_Key_LLC
[2012/02/19 19:57:48 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\Mixed In Key
[2012/02/19 19:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mixed In Key 5.0
[2012/02/19 19:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mixed In Key 5.0
[2012/02/19 19:54:32 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\Mixed In Key LLC
[2012/02/18 23:48:51 | 000,000,000 | ---D | C] -- C:\Users\Jojo\.swt
[2012/02/18 23:36:58 | 000,000,000 | ---D | C] -- C:\found.004
[1 C:\Users\Jojo\AppData\Local\*.tmp files -> C:\Users\Jojo\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/26 22:01:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/26 21:53:00 | 000,001,844 | -H-- | M] () -- C:\Windows\tasks\{603380FE-28B7-4EFA-A9B9-A94C1D46A6EA}.job
[2012/02/26 21:52:54 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/26 21:52:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/26 21:52:01 | 522,768,383 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/26 21:48:37 | 716,024,664 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/26 21:40:15 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Jojo\Desktop\OTL.exe
[2012/02/26 21:39:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1660810582-4181507185-3789098069-1000UA.job
[2012/02/26 20:08:32 | 000,018,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 20:08:32 | 000,018,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 19:45:15 | 005,535,210 | ---- | M] () -- C:\Users\Jojo\Desktop\documentation.zip
[2012/02/26 18:40:10 | 004,825,253 | ---- | M] () -- C:\Users\Jojo\Desktop\500.zip
[2012/02/26 15:25:05 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/26 15:25:05 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/26 15:25:05 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/26 15:19:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/26 14:59:12 | 000,785,372 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/26 14:57:20 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1660810582-4181507185-3789098069-1000Core.job
[2012/02/26 00:58:46 | 000,000,512 | ---- | M] () -- C:\Users\Jojo\Desktop\MBR.dat
[2012/02/26 00:58:26 | 000,007,619 | ---- | M] () -- C:\Users\Jojo\AppData\Local\Resmon.ResmonCfg
[2012/02/26 00:05:47 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Jojo\Desktop\aswMBR.exe
[2012/02/26 00:04:32 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jojo\Desktop\tdsskiller.exe
[2012/02/25 12:31:38 | 004,419,501 | R--- | M] (Swearware) -- C:\Users\Jojo\Desktop\ComboFix.exe
[2012/02/20 23:47:10 | 016,329,660 | ---- | M] () -- C:\Users\Jojo\Desktop\Wolfgang Gartner - Ménage a Trois (Original Mix).mp3
[2012/02/20 21:33:23 | 000,005,829 | ---- | M] () -- C:\Users\Jojo\Desktop\Attach.zip
[2012/02/20 20:41:48 | 000,000,000 | ---- | M] () -- C:\Users\Jojo\defogger_reenable
[2012/02/20 18:29:58 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/20 18:20:11 | 000,396,041 | ---- | M] () -- C:\Users\Jojo\Desktop\MiniToolBox.exe
[2012/02/19 20:35:35 | 002,041,519 | ---- | M] () -- C:\Users\Jojo\Desktop\tdsskiller.zip
[2012/02/19 20:20:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/19 19:58:09 | 000,000,097 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/19 19:57:13 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\Mixed In Key 5.lnk
[2012/02/05 22:46:47 | 000,089,856 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/02/05 19:41:20 | 000,006,526 | ---- | M] () -- C:\Users\Jojo\Desktop\SCUMM VM.lnk
[2012/01/30 23:20:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/01/30 23:18:00 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2012/01/30 00:14:13 | 000,051,889 | ---- | M] () -- C:\test.xml
[1 C:\Users\Jojo\AppData\Local\*.tmp files -> C:\Users\Jojo\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/26 19:45:07 | 005,535,210 | ---- | C] () -- C:\Users\Jojo\Desktop\documentation.zip
[2012/02/26 18:40:19 | 004,825,253 | ---- | C] () -- C:\Users\Jojo\Desktop\500.zip
[2012/02/26 00:58:46 | 000,000,512 | ---- | C] () -- C:\Users\Jojo\Desktop\MBR.dat
[2012/02/25 12:51:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/25 12:51:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/25 12:51:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/25 12:51:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/25 12:51:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/20 23:41:11 | 016,329,660 | ---- | C] () -- C:\Users\Jojo\Desktop\Wolfgang Gartner - Ménage a Trois (Original Mix).mp3
[2012/02/20 21:33:23 | 000,005,829 | ---- | C] () -- C:\Users\Jojo\Desktop\Attach.zip
[2012/02/20 20:41:48 | 000,000,000 | ---- | C] () -- C:\Users\Jojo\defogger_reenable
[2012/02/20 18:29:58 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/20 18:20:11 | 000,396,041 | ---- | C] () -- C:\Users\Jojo\Desktop\MiniToolBox.exe
[2012/02/19 20:35:35 | 002,041,519 | ---- | C] () -- C:\Users\Jojo\Desktop\tdsskiller.zip
[2012/02/19 19:58:09 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/19 19:57:13 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\Mixed In Key 5.lnk
[2012/02/19 19:54:56 | 000,001,844 | -H-- | C] () -- C:\Windows\tasks\{603380FE-28B7-4EFA-A9B9-A94C1D46A6EA}.job
[2012/02/05 19:41:20 | 000,006,526 | ---- | C] () -- C:\Users\Jojo\Desktop\SCUMM VM.lnk
[2012/01/30 23:18:00 | 000,000,628 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2012/01/15 17:37:11 | 000,000,000 | ---- | C] () -- C:\Users\Jojo\AppData\Local\{5F5A036C-319A-44C9-B6AA-D42365FE63E6}
[2012/01/07 12:44:57 | 000,000,000 | ---- | C] () -- C:\Users\Jojo\AppData\Local\{AA7B6A2E-5B99-4187-9BA8-791A2339E9AD}
[2011/09/06 15:44:32 | 000,000,000 | ---- | C] () -- C:\Users\Jojo\AppData\Local\{3109C50F-01AF-4482-856D-F4EECC0DA324}
[2011/08/11 21:28:10 | 000,785,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/18 22:39:41 | 000,000,600 | ---- | C] () -- C:\Users\Jojo\AppData\Roaming\winscp.rnd
[2011/06/14 21:35:21 | 000,033,134 | ---- | C] () -- C:\Users\Jojo\AppData\Roaming\UserTile.png
[2011/05/09 10:45:28 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/09 10:45:28 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/10/16 17:10:01 | 000,064,201 | ---- | C] () -- C:\Windows\SysWow64\memrnzzgqd.exe
[2010/09/08 22:28:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/03 22:15:24 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\PCProxyOff.ini
[2010/08/03 22:15:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\VistaInfo32.dll
[2010/07/04 02:02:53 | 000,089,856 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/04 01:24:53 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/06/27 10:06:51 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/10 08:16:03 | 000,007,619 | ---- | C] () -- C:\Users\Jojo\AppData\Local\Resmon.ResmonCfg

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

#12 K-kOo

K-kOo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 28 February 2012 - 10:22 AM

Bump :)

It's been two days since your last answer.
Thank you for your help.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:27 PM

Posted 28 February 2012 - 05:45 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKU\S-1-5-21-1660810582-4181507185-3789098069-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 K-kOo

K-kOo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 01 March 2012 - 06:53 PM

Here is the OTL Log.
May i know what are you looking for ? You think you didn't manage to completely fix my problem yet ?

OTL Log

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1660810582-4181507185-3789098069-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jojo\Desktop\cmd.bat deleted successfully.
C:\Users\Jojo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jojo
->Temp folder emptied: 6179113 bytes
->Temporary Internet Files folder emptied: 4161964 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49038149 bytes
->Google Chrome cache emptied: 6449627 bytes
->Flash cache emptied: 243577 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 528142 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 16440002 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 79.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jojo
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jojo
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.33.2 log created on 03022012_004535

Files\Folders moved on Reboot...
C:\Users\Jojo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:27 PM

Posted 02 March 2012 - 01:52 AM

Hello

It bothers me that combofix did not remove those files so I want to make sure they are not around

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :Files
    c:\windows\system32\IntelC53.dll
    c:\windows\system32\Intels51.dll
    c:\windows\system32\vstor2-ws60.dll
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Edited by gringo_pr, 02 March 2012 - 01:52 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users