Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus on Chrome and Firefox


  • This topic is locked This topic is locked
40 replies to this topic

#1 The Diva

The Diva

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 04 March 2012 - 03:36 AM

Hello, I was instructed to escalate my issue here. Below are all the steps that were used up to this point.

Thank you

http://www.bleepingcomputer.com/forums/topic444376.html/page__st__15

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 05 March 2012 - 03:03 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 05 March 2012 - 04:57 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by xxxxx at 1:28:30 on 2012-03-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1445 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Hitman Pro 3.5\HitmanPro35_x64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\xxxxx\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "C:\Users\xxxxx\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{DD3C03EB-07A9-44B7-BFA5-F5EBD542ACAF} : DhcpNameServer = 192.168.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\94fqh79w.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\xxxxx\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\xxxxx\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\xxxxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\xxxxx\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-12-6 44768]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-20 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-10 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro35.sys --> C:\Windows\system32\drivers\hitmanpro35.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-6 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-7-13 8192]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-6 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 VBoxGuest;VBoxGuest;C:\Windows\system32\drivers\VBoxGuest.sys --> C:\Windows\system32\drivers\VBoxGuest.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-05 06:37:41 -------- d-----w- C:\Users\xxxxx\AppData\Local\{2EA06A34-B395-4F4A-B1B5-A8C543879658}
2012-03-05 06:36:52 -------- d-----w- C:\Users\xxxxx\AppData\Local\{AB7C8933-1472-4E67-B5A3-5325A44C882F}
2012-03-04 18:36:36 -------- d-----w- C:\Users\xxxxx\AppData\Local\{665D66F5-EF1E-43EE-ADF0-2931DC47D482}
2012-03-04 18:36:10 -------- d-----w- C:\Users\xxxxx\AppData\Local\{FCA5F4DA-74C6-4B9C-BFB6-6EF811C06F6D}
2012-03-04 06:35:54 -------- d-----w- C:\Users\xxxxx\AppData\Local\{AFCBA0BD-6905-4E10-B9D9-4663AB557842}
2012-03-04 06:35:41 -------- d-----w- C:\Users\xxxxx\AppData\Local\{00397E62-7B9A-4240-B7A2-6D45D53D87D7}
2012-03-03 18:35:28 -------- d-----w- C:\Users\xxxxx\AppData\Local\{73C94630-C54C-4007-9B0F-AD56250BD5AB}
2012-03-03 18:35:17 -------- d-----w- C:\Users\xxxxx\AppData\Local\{3AFFFA89-24B7-424E-B536-4D79B4B00C3F}
2012-03-03 06:35:03 -------- d-----w- C:\Users\xxxxx\AppData\Local\{AF3D2BEC-0DC4-495F-B1AB-2F268438CCEE}
2012-03-03 06:34:52 -------- d-----w- C:\Users\xxxxx\AppData\Local\{BFDEA44B-520E-4BBA-ABD6-D8C45326509D}
2012-03-02 18:34:23 -------- d-----w- C:\Users\xxxxx\AppData\Local\{31E71306-43A6-466A-900C-2374022E640A}
2012-03-02 12:29:49 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3DD80B20-1C3B-484D-A43F-B47971EB7AC8}\mpengine.dll
2012-03-02 06:33:56 -------- d-----w- C:\Users\xxxxx\AppData\Local\{CCA4B29B-1C1F-4F65-886E-7FD5025F7F80}
2012-03-01 18:33:12 -------- d-----w- C:\Users\xxxxx\AppData\Local\{6EACF512-D6C1-4A29-A7B2-FEBA0596E005}
2012-03-01 06:32:42 -------- d-----w- C:\Users\xxxxx\AppData\Local\{EDC552BA-EDB5-40C2-83FF-A57BD3612737}
2012-02-29 18:32:07 -------- d-----w- C:\Users\xxxxx\AppData\Local\{BA9BD803-F18B-4683-9F66-2AE8F9A4AD13}
2012-02-29 06:57:46 -------- d-----w- C:\Users\xxxxx\AppData\Roaming\Happy Chef
2012-02-29 06:31:10 -------- d-----w- C:\Users\xxxxx\AppData\Local\{A1194DD6-DC13-4374-B648-9A9338C4CFBF}
2012-02-29 06:31:00 -------- d-----w- C:\Users\xxxxx\AppData\Local\{1D95662C-DBEF-4A44-BE9F-21D91367B8D8}
2012-02-29 03:19:33 -------- d-----w- C:\ProgramData\Elcomsoft Password Recovery
2012-02-29 03:19:33 -------- d-----w- C:\Program Files (x86)\Elcomsoft Password Recovery
2012-02-29 03:19:33 -------- d-----w- C:\Program Files (x86)\Elcomsoft
2012-02-28 18:30:28 -------- d-----w- C:\Users\xxxxx\AppData\Local\{5530983D-5A24-4324-BF0F-DD09021BDEF3}
2012-02-28 06:30:01 -------- d-----w- C:\Users\xxxxx\AppData\Local\{56EE0650-4A46-4415-8F45-7C72DB53E570}
2012-02-27 18:29:16 -------- d-----w- C:\Users\xxxxx\AppData\Local\{0A379C1B-739B-411B-9709-B8A6D8A983F7}
2012-02-27 18:28:53 -------- d-----w- C:\Users\xxxxx\AppData\Local\{90F8A93A-FBEA-44FB-BBE3-98EBEC1651D3}
2012-02-27 09:29:00 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-02-25 16:31:15 -------- d-----w- C:\Users\xxxxx\AppData\Local\{044A6260-C73F-40F1-8B21-C20EFE2167CC}
2012-02-25 04:30:21 -------- d-----w- C:\Users\xxxxx\AppData\Local\{2DCABE61-9594-4060-BB50-DB4134B1757F}
2012-02-24 16:30:10 -------- d-----w- C:\Users\xxxxx\AppData\Local\{3D6E6552-DD9C-4A3E-B1AB-14BCAA275B9C}
2012-02-24 00:09:46 -------- d-----w- C:\Users\xxxxx\AppData\Local\{3149CD3A-7C69-4052-98A9-5AF80B2838B8}
2012-02-24 00:09:18 -------- d-----w- C:\Users\xxxxx\AppData\Local\{92FC44E0-B48F-476E-8D76-CC74AEE86B5A}
2012-02-23 12:09:03 -------- d-----w- C:\Users\xxxxx\AppData\Local\{ACA6F955-BBFF-405B-8DF4-F18A845F4816}
2012-02-23 12:08:41 -------- d-----w- C:\Users\xxxxx\AppData\Local\{4A7E7D26-68E3-4D75-ADC1-00BBC67574F1}
2012-02-23 00:08:26 -------- d-----w- C:\Users\xxxxx\AppData\Local\{154EE009-7856-4D29-8458-027DB2B10A28}
2012-02-23 00:08:05 -------- d-----w- C:\Users\xxxxx\AppData\Local\{B1A89961-07F2-433A-AED6-00D9028AEA77}
2012-02-22 12:07:51 -------- d-----w- C:\Users\xxxxx\AppData\Local\{4C666730-FB40-458E-BD15-45A63B4F1D27}
2012-02-22 12:07:29 -------- d-----w- C:\Users\xxxxx\AppData\Local\{E7E3BA02-F899-4FD6-9F7A-448A5EFC137C}
2012-02-22 00:07:14 -------- d-----w- C:\Users\xxxxx\AppData\Local\{0B38AB16-5229-4144-8A1C-F9638127BF6D}
2012-02-22 00:07:03 -------- d-----w- C:\Users\xxxxx\AppData\Local\{5A181073-0CF8-4BE0-B4F8-88FEA88C7932}
2012-02-21 12:06:48 -------- d-----w- C:\Users\xxxxx\AppData\Local\{0BACAD41-96BF-42B6-ACC9-D34FD27F4A80}
2012-02-21 12:06:22 -------- d-----w- C:\Users\xxxxx\AppData\Local\{04235904-2C4C-423D-928F-051E671B8637}
2012-02-21 00:06:07 -------- d-----w- C:\Users\xxxxx\AppData\Local\{4712E50E-312A-4D10-9006-23BBBA28E4CE}
2012-02-21 00:05:54 -------- d-----w- C:\Users\xxxxx\AppData\Local\{0A4B04C9-4C07-47AD-97DE-EC6B8D1B761F}
2012-02-20 23:57:51 -------- d-----w- C:\Users\xxxxx\AppData\Local\{8D58A53C-F9BD-410F-B8C8-05BC0E24C264}
2012-02-20 23:57:32 -------- d-----w- C:\Users\xxxxx\AppData\Local\{10CDA527-F02F-49E9-AFD2-240FCF375C25}
2012-02-18 04:04:43 -------- d-----w- C:\Users\xxxxx\AppData\Roaming\iPodtoComputer
2012-02-18 04:03:41 6144 ----a-w- C:\Windows\System32\ff_acm.acm
2012-02-18 04:03:41 60273 ----a-w- C:\Windows\System32\pthreadGC2.dll
2012-02-18 04:03:41 57344 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-02-18 04:03:41 258352 ----a-w- C:\Windows\System32\unicows.dll
2012-02-18 04:03:38 98304 ----a-w- C:\Windows\System32\L3CODECX.AX
2012-02-18 04:03:37 499712 ----a-w- C:\Windows\System32\MSVCP71.DLL
2012-02-18 04:03:36 348160 ----a-w- C:\Windows\System32\MSVCR71.DLL
2012-02-18 04:03:35 1060864 ----a-w- C:\Windows\System32\MFC71.DLL
2012-02-18 04:03:29 -------- d-----w- C:\Program Files\Cucusoft
2012-02-18 03:39:44 -------- d-----w- C:\Users\xxxxx\AppData\Roaming\WindSolutions
2012-02-18 03:39:43 -------- d-----w- C:\ProgramData\WindSolutions
2012-02-18 03:09:32 -------- d-----w- C:\Program Files (x86)\Daniusoft
2012-02-17 07:01:24 -------- d-----w- C:\Users\xxxxx\AppData\Roaming\MediaMonkey
2012-02-17 06:59:59 -------- d-----w- C:\Users\xxxxx\Mom's stuff
2012-02-16 23:32:37 -------- d-----w- C:\Users\xxxxx\AppData\Local\{9DCAD7F1-BB41-4544-98C1-06DCFF29972B}
2012-02-16 23:32:23 -------- d-----w- C:\Users\xxxxx\AppData\Local\{C8D843BE-14E3-474E-B187-C7B1A76BAD49}
2012-02-16 11:32:08 -------- d-----w- C:\Users\xxxxx\AppData\Local\{48662A8A-7D95-4C20-B202-957DD28150AE}
2012-02-16 11:31:50 -------- d-----w- C:\Users\xxxxx\AppData\Local\{FE200C4F-A3BB-4BA4-9645-13E06FEF07A7}
2012-02-16 03:29:51 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 03:29:50 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 03:29:47 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 03:29:47 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 03:29:45 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 03:29:43 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 03:29:37 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-16 03:29:35 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 23:30:37 -------- d-----w- C:\Users\xxxxx\AppData\Local\{7CC3F782-E6A1-47CE-BCC8-C3CCECF303A0}
2012-02-15 23:29:57 -------- d-----w- C:\Users\xxxxx\AppData\Local\{A3C2DA53-D486-417A-B9CD-AC338F3544BF}
2012-02-15 11:29:22 -------- d-----w- C:\Users\xxxxx\AppData\Local\{E636B630-1EC4-4123-9E25-2807BE75B57B}
2012-02-15 11:29:08 -------- d-----w- C:\Users\xxxxx\AppData\Local\{BDB23301-3D40-4197-A000-7C7FAF3D9EA5}
2012-02-14 23:28:53 -------- d-----w- C:\Users\xxxxx\AppData\Local\{617CEFAF-AD5E-4C55-A54F-D6988B7DCD42}
2012-02-14 23:28:43 -------- d-----w- C:\Users\xxxxx\AppData\Local\{8FA7FB24-B98A-48C7-9357-480835E60489}
2012-02-14 11:28:20 -------- d-----w- C:\Users\xxxxx\AppData\Local\{3957E4A0-C897-4D4B-B7E1-5E525381C6BF}
2012-02-14 11:28:05 -------- d-----w- C:\Users\xxxxx\AppData\Local\{C1AE87B9-A77C-4625-B43B-9DDA21F10CF8}
2012-02-14 11:28:03 -------- d-----w- C:\Users\xxxxx\AppData\Local\{62336AC2-1F83-40A1-829E-BA5CBAC46EBD}
2012-02-06 22:52:40 -------- d-----w- C:\Users\xxxxx\AppData\Local\{62B092FB-A5EB-4BD2-99B4-194BE03A50B3}
2012-02-06 22:52:29 -------- d-----w- C:\Users\xxxxx\AppData\Local\{819954E1-CABA-411E-80EA-376D5AFB865C}
2012-02-06 22:52:14 -------- d-----w- C:\Users\xxxxx\Tracing
2012-02-06 22:41:52 -------- d-----w- C:\Windows\en
2012-02-06 22:34:55 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-02-06 22:31:24 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-02-06 22:30:42 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f4532e7d1cce51e06\bingbarsetup.exe
2012-02-06 22:30:32 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\efa1b3731cce51e05\MeshBetaRemover.exe
2012-02-06 22:30:27 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ecc1e1b21cce51e04\DSETUP.dll
2012-02-06 22:30:27 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ecc1e1b21cce51e04\DXSETUP.exe
2012-02-06 22:30:27 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ecc1e1b21cce51e04\dsetup32.dll
2012-02-06 22:30:24 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e9c29eef1cce51e03\DSETUP.dll
2012-02-06 22:30:24 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e9c29eef1cce51e03\DXSETUP.exe
2012-02-06 22:30:24 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e9c29eef1cce51e03\dsetup32.dll
2012-02-06 22:30:00 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\db221ba91cce51e02\Silverlight.4.0.exe
2012-02-06 22:29:29 -------- d-----w- C:\Users\xxxxx\AppData\Local\Windows Live
2012-02-06 22:29:26 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
.
==================== Find3M ====================
.
2012-03-05 09:28:25 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2012-03-02 19:22:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 13:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2001-11-27 08:40:24 319488 ----a-w- C:\Program Files (x86)\setup.exe
2001-10-28 08:15:16 1867776 ----a-w- C:\Program Files (x86)\CasinoApp.exe
.
============= FINISH: 1:32:54.67 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/20/2011 6:06:05 PM
System Uptime: 3/5/2012 1:23:59 AM (0 hours ago)
.
Motherboard: MSI | | MS-7506
Processor: AMD Phenom™ 9550 Quad-Core Processor | CPU 1 | 2200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 1397 GiB total, 822.154 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 1397 GiB total, 1396.924 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
avast! Free Antivirus
Avidemux 2.5 (32-bit)
Bing Bar
calibre
CMUD 3.34
ConvertXtoDVD 4.0.12.327
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Elcomsoft Phone Password Breaker
ESET Online Scanner v3
Garmin City Navigator North America NT 2012.10 Update
Garmin City Navigator North America NT 2012.20 Update
Garmin Communicator Plugin
Garmin Lifetime Updater
Garmin USB Drivers
Google Chrome
Google Talk Plugin
Google Update Helper
Happy Chef 1.00
HiJackThis
Java Auto Updater
Java™ 6 Update 27
Junk Mail filter update
Kobo
Malwarebytes Anti-Malware version 1.60.1.1000
MapleStory
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
Nexon Game Manager
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Octoshape add-in for Adobe Flash Player
OJOsoft Total Video Converter
QuickTime
Rinse
Rootkit Unhooker LE 3.8 SR 2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype™ 5.5
Spotify
Total Video Converter 3.70 100621
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Vuze
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
Wizard101
Wondershare Video Converter Ultimate(Build 5.6.0.1)
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
2/27/2012 10:16:18 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {D5641912-E47A-429C-879E-CFE13EAC7A13} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -Embedding
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 05 March 2012 - 07:35 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 06 March 2012 - 03:48 PM

If I run it as combofix.exe(1) as it downloaded, I'm told I can not name it that and I have to change it. If I try to run from the download folder, it tells me I can not run it in compatibility mode :$

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 06 March 2012 - 05:24 PM

Hello


download with IE and save it to the desktop


Run it from the desktop



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 07 March 2012 - 12:04 AM

3 files were quarantined. I'll let you know how it goes. Thank you!


ComboFix 12-03-06.01 - XXXXXXX 03/06/2012 20:24:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1160 [GMT -8:00]
Running from: c:\users\XXXXXXX\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\XXXXXXX\Documents\~WRL0011.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 04:36 . 2012-03-07 04:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-07 04:36 . 2012-03-07 04:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 12:02 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C848277-33FF-4265-9EB8-ADAA179FD432}\mpengine.dll
2012-02-29 06:57 . 2012-02-29 06:57 -------- d-----w- c:\users\XXXXXXX\AppData\Roaming\Happy Chef
2012-02-29 03:19 . 2012-02-29 03:19 -------- d-----w- c:\program files (x86)\Elcomsoft Password Recovery
2012-02-29 03:19 . 2012-02-29 03:19 -------- d-----w- c:\programdata\Elcomsoft Password Recovery
2012-02-29 03:19 . 2012-02-29 03:19 -------- d-----w- c:\program files (x86)\Elcomsoft
2012-02-27 09:29 . 2012-02-27 09:29 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-02-18 04:04 . 2012-02-18 04:05 -------- d-----w- c:\users\XXXXXXX\AppData\Roaming\iPodtoComputer
2012-02-18 04:03 . 2008-12-17 20:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2012-02-18 04:03 . 2008-06-15 16:13 6144 ----a-w- c:\windows\system32\ff_acm.acm
2012-02-18 04:03 . 2008-06-15 05:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2012-02-18 04:03 . 2008-06-15 05:01 258352 ----a-w- c:\windows\system32\unicows.dll
2012-02-18 04:03 . 2003-03-25 01:49 98304 ----a-w- c:\windows\system32\L3CODECX.AX
2012-02-18 04:03 . 2003-03-18 16:14 499712 ----a-w- c:\windows\system32\MSVCP71.DLL
2012-02-18 04:03 . 2003-02-21 00:42 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2012-02-18 04:03 . 2003-03-18 17:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2012-02-18 04:03 . 2012-02-18 04:03 -------- d-----w- c:\program files\Cucusoft
2012-02-18 03:39 . 2012-02-18 03:47 -------- d-----w- c:\users\XXXXXXX\AppData\Roaming\WindSolutions
2012-02-18 03:39 . 2012-02-18 03:47 -------- d-----w- c:\programdata\WindSolutions
2012-02-18 03:09 . 2012-02-28 06:11 -------- d-----w- c:\program files (x86)\Daniusoft
2012-02-17 07:01 . 2012-02-28 07:12 -------- d-----w- c:\users\XXXXXXX\AppData\Roaming\MediaMonkey
2012-02-17 06:59 . 2012-02-17 09:07 -------- d-----w- c:\users\XXXXXXX\Mom's stuff
2012-02-16 03:29 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 03:29 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 03:29 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 03:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 03:29 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 03:29 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 03:29 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 03:29 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-06 22:52 . 2012-03-05 09:25 -------- d-----w- c:\users\XXXXXXX\Tracing
2012-02-06 22:41 . 2012-02-06 22:41 -------- d-----w- c:\windows\en
2012-02-06 22:34 . 2012-02-06 22:42 -------- d-----w- c:\program files (x86)\Windows Live
2012-02-06 22:34 . 2011-05-13 23:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-02-06 22:34 . 2012-02-06 22:34 -------- d-----w- c:\program files\Windows Live
2012-02-06 22:31 . 2012-02-06 22:31 -------- d-----w- c:\program files (x86)\Microsoft
2012-02-06 22:30 . 2012-02-16 11:28 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-02-06 22:29 . 2012-03-06 18:39 -------- d-----w- c:\users\XXXXXXX\AppData\Local\Windows Live
2012-02-06 22:29 . 2012-02-06 22:29 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 04:44 . 2011-08-02 05:20 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-03-02 19:22 . 2011-07-14 06:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 17:18 . 2011-02-24 21:11 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-06 22:34 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-10 23:24 . 2011-02-24 22:37 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2001-11-27 08:40 . 2011-07-22 07:00 319488 ----a-w- c:\program files (x86)\setup.exe
2001-10-28 08:15 . 2011-07-22 07:00 1867776 ----a-w- c:\program files (x86)\CasinoApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-08-02 1407336]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-20 5487488]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 Normandy;Normandy SR2; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxGuest;VBoxGuest;c:\windows\system32\drivers\VBoxGuest.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 05:14]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 05:14]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2859841285-3223766666-1130209648-1000Core.job
- c:\users\XXXXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 21:57]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2859841285-3223766666-1130209648-1000UA.job
- c:\users\XXXXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 21:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VBoxTray"="c:\windows\system32\VBoxTray.exe" [2011-02-17 1153840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\94fqh79w.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\07\04\0e\04\1a\0cL"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-03-06 20:51:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-07 04:51
.
Pre-Run: 959,405,084,672 bytes free
Post-Run: 961,844,846,592 bytes free
.
- - End Of File - - 198B56CC44C38A217EE68704A315D9BC

#8 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 07 March 2012 - 10:32 AM

I'm still getting redirects :( I think it took me too searchanswers.com but that said the frequency in which I'm hijacked has diminished significantly.

** just as I saved this, I searched some more. I got sent to happli.com :(

Edited by The Diva, 07 March 2012 - 10:33 AM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 07 March 2012 - 12:01 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 07 March 2012 - 12:45 PM

Hi Gringo, I ran those before I was told to escalate to here. If you click on the link from my first post it shows everything I did. I have absolutely no problem doing it again, but just want to make sure you want me to repeat.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 07 March 2012 - 12:52 PM

yes do them again I want to see if anything has changed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 09 March 2012 - 11:16 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 09 March 2012 - 11:58 PM

9:51:40.0388 4196 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
19:51:40.0896 4196 ============================================================
19:51:40.0896 4196 Current date / time: 2012/03/09 19:51:40.0896
19:51:40.0896 4196 SystemInfo:
19:51:40.0896 4196
19:51:40.0896 4196 OS Version: 6.1.7601 ServicePack: 1.0
19:51:40.0896 4196 Product type: Workstation
19:51:40.0896 4196 ComputerName: KAMAL-PC
19:51:40.0896 4196 UserName: Kamal
19:51:40.0896 4196 Windows directory: C:\Windows
19:51:40.0896 4196 System windows directory: C:\Windows
19:51:40.0896 4196 Running under WOW64
19:51:40.0896 4196 Processor architecture: Intel x64
19:51:40.0896 4196 Number of processors: 4
19:51:40.0896 4196 Page size: 0x1000
19:51:40.0896 4196 Boot type: Normal boot
19:51:40.0896 4196 ============================================================
19:51:50.0371 4196 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:51:50.0383 4196 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:51:50.0413 4196 \Device\Harddisk0\DR0:
19:51:50.0413 4196 MBR used
19:51:50.0413 4196 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
19:51:50.0413 4196 \Device\Harddisk1\DR1:
19:51:50.0413 4196 MBR used
19:51:50.0413 4196 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x85800
19:51:50.0413 4196 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x86000, BlocksNum 0xAEA01800
19:51:50.0483 4196 Initialize success
19:51:50.0483 4196 ============================================================
19:51:52.0858 6988 ============================================================
19:51:52.0858 6988 Scan started
19:51:52.0858 6988 Mode: Manual;
19:51:52.0858 6988 ============================================================
19:51:55.0762 6988 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:51:55.0765 6988 1394ohci - ok
19:51:55.0807 6988 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:51:55.0812 6988 ACPI - ok
19:51:55.0909 6988 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:51:55.0932 6988 AcpiPmi - ok
19:51:56.0055 6988 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:51:56.0061 6988 adp94xx - ok
19:51:56.0101 6988 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:51:56.0106 6988 adpahci - ok
19:51:56.0134 6988 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:51:56.0137 6988 adpu320 - ok
19:51:56.0193 6988 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:51:56.0199 6988 AFD - ok
19:51:56.0225 6988 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:51:56.0226 6988 agp440 - ok
19:51:56.0252 6988 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:51:56.0254 6988 aliide - ok
19:51:56.0279 6988 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:51:56.0280 6988 amdide - ok
19:51:56.0303 6988 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:51:56.0305 6988 AmdK8 - ok
19:51:56.0321 6988 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:51:56.0322 6988 AmdPPM - ok
19:51:56.0362 6988 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:51:56.0364 6988 amdsata - ok
19:51:56.0379 6988 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:51:56.0382 6988 amdsbs - ok
19:51:56.0394 6988 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:51:56.0395 6988 amdxata - ok
19:51:56.0454 6988 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:51:56.0466 6988 AppID - ok
19:51:56.0515 6988 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:51:56.0516 6988 arc - ok
19:51:56.0572 6988 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:51:56.0592 6988 arcsas - ok
19:51:56.0683 6988 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
19:51:56.0697 6988 aswFsBlk - ok
19:51:56.0770 6988 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
19:51:56.0772 6988 aswMonFlt - ok
19:51:56.0785 6988 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
19:51:56.0786 6988 aswRdr - ok
19:51:56.0904 6988 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
19:51:56.0920 6988 aswSnx - ok
19:51:56.0955 6988 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
19:51:56.0958 6988 aswSP - ok
19:51:56.0975 6988 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
19:51:56.0976 6988 aswTdi - ok
19:51:56.0991 6988 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:51:56.0997 6988 AsyncMac - ok
19:51:57.0007 6988 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:51:57.0008 6988 atapi - ok
19:51:57.0086 6988 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:51:57.0092 6988 b06bdrv - ok
19:51:57.0162 6988 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:51:57.0166 6988 b57nd60a - ok
19:51:57.0208 6988 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:51:57.0208 6988 Beep - ok
19:51:57.0236 6988 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:51:57.0263 6988 blbdrive - ok
19:51:57.0378 6988 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:51:57.0380 6988 bowser - ok
19:51:57.0409 6988 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:51:57.0410 6988 BrFiltLo - ok
19:51:57.0425 6988 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:51:57.0426 6988 BrFiltUp - ok
19:51:57.0458 6988 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:51:57.0460 6988 BridgeMP - ok
19:51:57.0482 6988 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:51:57.0487 6988 Brserid - ok
19:51:57.0502 6988 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:51:57.0503 6988 BrSerWdm - ok
19:51:57.0510 6988 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:51:57.0511 6988 BrUsbMdm - ok
19:51:57.0525 6988 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:51:57.0527 6988 BrUsbSer - ok
19:51:57.0535 6988 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:51:57.0537 6988 BTHMODEM - ok
19:51:57.0566 6988 catchme - ok
19:51:57.0590 6988 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:51:57.0592 6988 cdfs - ok
19:51:57.0631 6988 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:51:57.0634 6988 cdrom - ok
19:51:57.0660 6988 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:51:57.0670 6988 circlass - ok
19:51:57.0698 6988 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:51:57.0714 6988 CLFS - ok
19:51:57.0759 6988 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:51:57.0761 6988 CmBatt - ok
19:51:57.0782 6988 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:51:57.0784 6988 cmdide - ok
19:51:57.0830 6988 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:51:57.0835 6988 CNG - ok
19:51:57.0855 6988 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:51:57.0856 6988 Compbatt - ok
19:51:57.0875 6988 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:51:57.0877 6988 CompositeBus - ok
19:51:57.0903 6988 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:51:57.0904 6988 crcdisk - ok
19:51:57.0955 6988 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:51:57.0957 6988 DfsC - ok
19:51:57.0977 6988 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:51:57.0978 6988 discache - ok
19:51:58.0001 6988 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:51:58.0003 6988 Disk - ok
19:51:58.0056 6988 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:51:58.0057 6988 drmkaud - ok
19:51:58.0107 6988 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:51:58.0119 6988 DXGKrnl - ok
19:51:58.0144 6988 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:51:58.0147 6988 E1G60 - ok
19:51:58.0161 6988 EagleX64 - ok
19:51:58.0411 6988 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:51:58.0473 6988 ebdrv - ok
19:51:58.0506 6988 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:51:58.0513 6988 elxstor - ok
19:51:58.0533 6988 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:51:58.0534 6988 ErrDev - ok
19:51:58.0570 6988 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:51:58.0573 6988 exfat - ok
19:51:58.0588 6988 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:51:58.0591 6988 fastfat - ok
19:51:58.0624 6988 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:51:58.0625 6988 fdc - ok
19:51:58.0647 6988 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:51:58.0649 6988 FileInfo - ok
19:51:58.0667 6988 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:51:58.0668 6988 Filetrace - ok
19:51:58.0684 6988 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:51:58.0686 6988 flpydisk - ok
19:51:58.0733 6988 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:51:58.0737 6988 FltMgr - ok
19:51:58.0757 6988 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:51:58.0758 6988 FsDepends - ok
19:51:58.0786 6988 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
19:51:58.0788 6988 fssfltr - ok
19:51:58.0809 6988 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:51:58.0810 6988 Fs_Rec - ok
19:51:58.0850 6988 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:51:58.0853 6988 fvevol - ok
19:51:58.0861 6988 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:51:58.0863 6988 gagp30kx - ok
19:51:58.0912 6988 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:51:58.0914 6988 GEARAspiWDM - ok
19:51:58.0940 6988 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:51:58.0942 6988 hcw85cir - ok
19:51:58.0978 6988 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:51:58.0983 6988 HdAudAddService - ok
19:51:59.0008 6988 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:51:59.0010 6988 HDAudBus - ok
19:51:59.0035 6988 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:51:59.0036 6988 HidBatt - ok
19:51:59.0053 6988 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:51:59.0055 6988 HidBth - ok
19:51:59.0064 6988 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:51:59.0066 6988 HidIr - ok
19:51:59.0088 6988 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:51:59.0090 6988 HidUsb - ok
19:51:59.0122 6988 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:51:59.0124 6988 HpSAMD - ok
19:51:59.0193 6988 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:51:59.0202 6988 HTTP - ok
19:51:59.0208 6988 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:51:59.0210 6988 hwpolicy - ok
19:51:59.0233 6988 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:51:59.0235 6988 i8042prt - ok
19:51:59.0271 6988 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:51:59.0276 6988 iaStorV - ok
19:51:59.0332 6988 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:51:59.0333 6988 iirsp - ok
19:51:59.0354 6988 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:51:59.0356 6988 intelide - ok
19:51:59.0377 6988 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
19:51:59.0379 6988 intelppm - ok
19:51:59.0423 6988 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:51:59.0425 6988 IpFilterDriver - ok
19:51:59.0440 6988 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:51:59.0442 6988 IPMIDRV - ok
19:51:59.0463 6988 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:51:59.0466 6988 IPNAT - ok
19:51:59.0505 6988 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:51:59.0506 6988 IRENUM - ok
19:51:59.0513 6988 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:51:59.0515 6988 isapnp - ok
19:51:59.0539 6988 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:51:59.0542 6988 iScsiPrt - ok
19:51:59.0565 6988 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:51:59.0567 6988 kbdclass - ok
19:51:59.0585 6988 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:51:59.0586 6988 kbdhid - ok
19:51:59.0633 6988 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:51:59.0635 6988 KSecDD - ok
19:51:59.0672 6988 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:51:59.0674 6988 KSecPkg - ok
19:51:59.0695 6988 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:51:59.0696 6988 ksthunk - ok
19:51:59.0727 6988 libusb0 - ok
19:51:59.0762 6988 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:51:59.0763 6988 lltdio - ok
19:51:59.0821 6988 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:51:59.0823 6988 LSI_FC - ok
19:51:59.0858 6988 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:51:59.0861 6988 LSI_SAS - ok
19:51:59.0869 6988 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:51:59.0871 6988 LSI_SAS2 - ok
19:51:59.0891 6988 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:51:59.0894 6988 LSI_SCSI - ok
19:51:59.0921 6988 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:51:59.0923 6988 luafv - ok
19:51:59.0962 6988 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:51:59.0964 6988 MBAMProtector - ok
19:52:00.0004 6988 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:52:00.0005 6988 megasas - ok
19:52:00.0024 6988 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:52:00.0029 6988 MegaSR - ok
19:52:00.0056 6988 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:52:00.0057 6988 Modem - ok
19:52:00.0079 6988 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:52:00.0081 6988 monitor - ok
19:52:00.0100 6988 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:52:00.0102 6988 mouclass - ok
19:52:00.0125 6988 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:52:00.0125 6988 mouhid - ok
19:52:00.0165 6988 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:52:00.0166 6988 mountmgr - ok
19:52:00.0189 6988 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:52:00.0192 6988 mpio - ok
19:52:00.0210 6988 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:52:00.0212 6988 mpsdrv - ok
19:52:00.0252 6988 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:52:00.0255 6988 MRxDAV - ok
19:52:00.0276 6988 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:52:00.0278 6988 mrxsmb - ok
19:52:00.0310 6988 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:52:00.0314 6988 mrxsmb10 - ok
19:52:00.0331 6988 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:52:00.0333 6988 mrxsmb20 - ok
19:52:00.0351 6988 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:52:00.0352 6988 msahci - ok
19:52:00.0378 6988 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:52:00.0380 6988 msdsm - ok
19:52:00.0407 6988 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:52:00.0409 6988 Msfs - ok
19:52:00.0424 6988 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:52:00.0425 6988 mshidkmdf - ok
19:52:00.0432 6988 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:52:00.0434 6988 msisadrv - ok
19:52:00.0454 6988 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:52:00.0455 6988 MSKSSRV - ok
19:52:00.0473 6988 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:52:00.0474 6988 MSPCLOCK - ok
19:52:00.0494 6988 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:52:00.0496 6988 MSPQM - ok
19:52:00.0535 6988 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:52:00.0540 6988 MsRPC - ok
19:52:00.0549 6988 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:52:00.0551 6988 mssmbios - ok
19:52:00.0564 6988 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:52:00.0565 6988 MSTEE - ok
19:52:00.0584 6988 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:52:00.0585 6988 MTConfig - ok
19:52:00.0606 6988 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:52:00.0608 6988 Mup - ok
19:52:00.0782 6988 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:52:00.0787 6988 NativeWifiP - ok
19:52:00.0841 6988 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:52:00.0854 6988 NDIS - ok
19:52:00.0875 6988 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:52:00.0876 6988 NdisCap - ok
19:52:00.0895 6988 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:52:00.0896 6988 NdisTapi - ok
19:52:00.0916 6988 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:52:00.0918 6988 Ndisuio - ok
19:52:00.0938 6988 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:52:00.0941 6988 NdisWan - ok
19:52:00.0970 6988 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:52:00.0972 6988 NDProxy - ok
19:52:00.0991 6988 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:52:00.0993 6988 NetBIOS - ok
19:52:01.0035 6988 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:52:01.0039 6988 NetBT - ok
19:52:01.0101 6988 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:52:01.0102 6988 nfrd960 - ok
19:52:01.0121 6988 Normandy - ok
19:52:01.0144 6988 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:52:01.0146 6988 Npfs - ok
19:52:01.0173 6988 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:52:01.0175 6988 nsiproxy - ok
19:52:01.0249 6988 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:52:01.0281 6988 Ntfs - ok
19:52:01.0336 6988 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:52:01.0337 6988 Null - ok
19:52:01.0365 6988 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
19:52:01.0370 6988 NVENETFD - ok
19:52:01.0641 6988 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:52:01.0938 6988 nvlddmkm - ok
19:52:01.0980 6988 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:52:01.0983 6988 nvraid - ok
19:52:02.0005 6988 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:52:02.0008 6988 nvstor - ok
19:52:02.0046 6988 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:52:02.0049 6988 nv_agp - ok
19:52:02.0077 6988 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:52:02.0079 6988 ohci1394 - ok
19:52:02.0135 6988 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:52:02.0137 6988 Parport - ok
19:52:02.0222 6988 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:52:02.0229 6988 partmgr - ok
19:52:02.0386 6988 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:52:02.0389 6988 pci - ok
19:52:02.0397 6988 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:52:02.0398 6988 pciide - ok
19:52:02.0421 6988 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:52:02.0425 6988 pcmcia - ok
19:52:02.0485 6988 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
19:52:02.0500 6988 pcouffin - ok
19:52:02.0540 6988 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:52:02.0541 6988 pcw - ok
19:52:02.0569 6988 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:52:02.0578 6988 PEAUTH - ok
19:52:02.0640 6988 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:52:02.0642 6988 PptpMiniport - ok
19:52:02.0661 6988 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:52:02.0662 6988 Processor - ok
19:52:02.0724 6988 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:52:02.0726 6988 Psched - ok
19:52:02.0899 6988 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:52:02.0916 6988 ql2300 - ok
19:52:02.0934 6988 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:52:02.0937 6988 ql40xx - ok
19:52:02.0955 6988 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:52:02.0956 6988 QWAVEdrv - ok
19:52:02.0975 6988 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:52:02.0977 6988 RasAcd - ok
19:52:03.0001 6988 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:52:03.0003 6988 RasAgileVpn - ok
19:52:03.0041 6988 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:52:03.0043 6988 Rasl2tp - ok
19:52:03.0127 6988 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:52:03.0129 6988 RasPppoe - ok
19:52:03.0147 6988 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:52:03.0149 6988 RasSstp - ok
19:52:03.0173 6988 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:52:03.0178 6988 rdbss - ok
19:52:03.0185 6988 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:52:03.0187 6988 rdpbus - ok
19:52:03.0202 6988 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:52:03.0203 6988 RDPCDD - ok
19:52:03.0215 6988 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:52:03.0216 6988 RDPENCDD - ok
19:52:03.0227 6988 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:52:03.0228 6988 RDPREFMP - ok
19:52:03.0269 6988 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:52:03.0272 6988 RDPWD - ok
19:52:03.0312 6988 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:52:03.0315 6988 rdyboost - ok
19:52:03.0416 6988 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:52:03.0417 6988 RimUsb - ok
19:52:03.0646 6988 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:52:03.0738 6988 rspndr - ok
19:52:03.0856 6988 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:52:03.0857 6988 SASDIFSV - ok
19:52:03.0861 6988 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:52:03.0863 6988 SASKUTIL - ok
19:52:03.0880 6988 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:52:03.0882 6988 sbp2port - ok
19:52:03.0921 6988 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:52:03.0923 6988 scfilter - ok
19:52:03.0969 6988 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:52:03.0971 6988 secdrv - ok
19:52:04.0019 6988 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:52:04.0020 6988 Serenum - ok
19:52:04.0058 6988 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:52:04.0061 6988 Serial - ok
19:52:04.0077 6988 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:52:04.0079 6988 sermouse - ok
19:52:04.0109 6988 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:52:04.0111 6988 sffdisk - ok
19:52:04.0126 6988 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:52:04.0128 6988 sffp_mmc - ok
19:52:04.0144 6988 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:52:04.0146 6988 sffp_sd - ok
19:52:04.0167 6988 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:52:04.0168 6988 sfloppy - ok
19:52:04.0202 6988 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:52:04.0204 6988 SiSRaid2 - ok
19:52:04.0218 6988 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:52:04.0220 6988 SiSRaid4 - ok
19:52:04.0242 6988 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:52:04.0245 6988 Smb - ok
19:52:04.0272 6988 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:52:04.0273 6988 spldr - ok
19:52:04.0344 6988 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
19:52:04.0354 6988 sptd - ok
19:52:04.0395 6988 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:52:04.0402 6988 srv - ok
19:52:04.0429 6988 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:52:04.0434 6988 srv2 - ok
19:52:04.0465 6988 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:52:04.0468 6988 srvnet - ok
19:52:04.0527 6988 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:52:04.0529 6988 stexstor - ok
19:52:04.0564 6988 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:52:04.0565 6988 swenum - ok
19:52:04.0652 6988 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:52:04.0694 6988 Tcpip - ok
19:52:04.0744 6988 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:52:04.0756 6988 TCPIP6 - ok
19:52:04.0791 6988 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:52:04.0792 6988 tcpipreg - ok
19:52:04.0812 6988 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:52:04.0814 6988 TDPIPE - ok
19:52:04.0825 6988 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:52:04.0826 6988 TDTCP - ok
19:52:04.0866 6988 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:52:04.0868 6988 tdx - ok
19:52:04.0885 6988 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
19:52:04.0887 6988 TermDD - ok
19:52:04.0944 6988 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:52:04.0946 6988 tssecsrv - ok
19:52:04.0982 6988 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:52:04.0984 6988 TsUsbFlt - ok
19:52:05.0000 6988 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:52:05.0001 6988 TsUsbGD - ok
19:52:05.0023 6988 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:52:05.0025 6988 tunnel - ok
19:52:05.0191 6988 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:52:05.0193 6988 uagp35 - ok
19:52:05.0226 6988 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:52:05.0231 6988 udfs - ok
19:52:05.0259 6988 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:52:05.0261 6988 uliagpkx - ok
19:52:05.0274 6988 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:52:05.0276 6988 umbus - ok
19:52:05.0308 6988 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:52:05.0310 6988 UmPass - ok
19:52:05.0351 6988 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:52:05.0353 6988 USBAAPL64 - ok
19:52:05.0386 6988 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:52:05.0388 6988 usbaudio - ok
19:52:05.0424 6988 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:52:05.0426 6988 usbccgp - ok
19:52:05.0444 6988 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:52:05.0447 6988 usbcir - ok
19:52:05.0487 6988 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:52:05.0489 6988 usbehci - ok
19:52:05.0516 6988 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:52:05.0522 6988 usbhub - ok
19:52:05.0534 6988 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:52:05.0536 6988 usbohci - ok
19:52:05.0549 6988 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:52:05.0550 6988 usbprint - ok
19:52:05.0579 6988 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:52:05.0581 6988 USBSTOR - ok
19:52:05.0597 6988 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:52:05.0599 6988 usbuhci - ok
19:52:05.0636 6988 VBoxGuest (9e1d397be6d94627ac9e59380378cf84) C:\Windows\system32\drivers\VBoxGuest.sys
19:52:05.0639 6988 VBoxGuest - ok
19:52:05.0651 6988 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:52:05.0653 6988 vdrvroot - ok
19:52:05.0754 6988 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:52:05.0756 6988 vga - ok
19:52:05.0776 6988 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:52:05.0777 6988 VgaSave - ok
19:52:05.0811 6988 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:52:05.0815 6988 vhdmp - ok
19:52:05.0823 6988 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:52:05.0825 6988 viaide - ok
19:52:05.0833 6988 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:52:05.0835 6988 volmgr - ok
19:52:05.0877 6988 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:52:05.0882 6988 volmgrx - ok
19:52:05.0893 6988 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:52:05.0898 6988 volsnap - ok
19:52:05.0940 6988 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:52:05.0943 6988 vsmraid - ok
19:52:05.0957 6988 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:52:05.0958 6988 vwifibus - ok
19:52:05.0982 6988 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:52:05.0983 6988 WacomPen - ok
19:52:06.0027 6988 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:52:06.0029 6988 WANARP - ok
19:52:06.0033 6988 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:52:06.0035 6988 Wanarpv6 - ok
19:52:06.0079 6988 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:52:06.0080 6988 Wd - ok
19:52:06.0123 6988 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:52:06.0131 6988 Wdf01000 - ok
19:52:06.0165 6988 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:52:06.0166 6988 WfpLwf - ok
19:52:06.0182 6988 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:52:06.0183 6988 WIMMount - ok
19:52:06.0287 6988 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:52:06.0288 6988 WinUsb - ok
19:52:06.0345 6988 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:52:06.0346 6988 WmiAcpi - ok
19:52:06.0377 6988 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:52:06.0379 6988 ws2ifsl - ok
19:52:06.0425 6988 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:52:06.0427 6988 WudfPf - ok
19:52:06.0450 6988 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:52:06.0453 6988 WUDFRd - ok
19:52:06.0485 6988 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:52:06.0489 6988 \Device\Harddisk0\DR0 - ok
19:52:06.0523 6988 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:52:06.0569 6988 \Device\Harddisk1\DR1 - ok
19:52:06.0573 6988 Boot (0x1200) (de88263300dd91346e7981b87e52c863) \Device\Harddisk0\DR0\Partition0
19:52:06.0574 6988 \Device\Harddisk0\DR0\Partition0 - ok
19:52:06.0578 6988 Boot (0x1200) (054eababf08ead1e649291eb773e766e) \Device\Harddisk1\DR1\Partition0
19:52:06.0579 6988 \Device\Harddisk1\DR1\Partition0 - ok
19:52:06.0587 6988 Boot (0x1200) (da7b8fd90ac9e75f04aed5ec1f326833) \Device\Harddisk1\DR1\Partition1
19:52:06.0589 6988 \Device\Harddisk1\DR1\Partition1 - ok
19:52:06.0589 6988 ============================================================
19:52:06.0589 6988 Scan finished
19:52:06.0589 6988 ============================================================
19:52:06.0601 0188 Detected object count: 0
19:52:06.0601 0188 Actual detected object count: 0


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-09 19:53:37
-----------------------------
19:53:37.356 OS Version: Windows x64 6.1.7601 Service Pack 1
19:53:37.356 Number of processors: 4 586 0x203
19:53:37.357 ComputerName: xxxxxx-PC UserName: xxxxxx
19:53:40.444 Initialize success
19:53:40.592 AVAST engine defs: 12031000
19:54:00.821 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
19:54:00.823 Disk 0 Vendor: WDC_WD15EARS-00MVWB0 51.0AB51 Size: 1430799MB BusType: 3
19:54:00.829 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
19:54:00.832 Disk 1 Vendor: WDC_WD15EARS-00MVWB0 51.0AB51 Size: 1430799MB BusType: 3
19:54:00.859 Disk 1 MBR read successfully
19:54:00.862 Disk 1 MBR scan
19:54:00.865 Disk 1 Windows 7 default MBR code
19:54:00.869 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 267 MB offset 2048
19:54:00.907 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 1430531 MB offset 548864
19:54:00.917 Disk 1 scanning C:\Windows\system32\drivers
19:54:07.430 Service scanning
19:54:22.908 Modules scanning
19:54:22.916 Disk 1 trace - called modules:
19:54:22.945 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:54:22.950 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004a2c060]
19:54:22.955 3 CLASSPNP.SYS[fffff8800198643f] -> nt!IofCallDriver -> [0xfffffa8003ae59b0]
19:54:22.959 5 ACPI.sys[fffff88000f257a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0xfffffa8003add680]
19:54:24.147 AVAST engine scan C:\Windows
19:54:28.276 AVAST engine scan C:\Windows\system32
19:56:29.783 AVAST engine scan C:\Windows\system32\drivers
19:56:38.662 AVAST engine scan C:\Users\xxxxxx
20:34:44.623 AVAST engine scan C:\ProgramData
20:36:49.633 Scan finished successfully
20:56:13.224 Disk 1 MBR has been saved successfully to "C:\Users\xxxxxx\Downloads\MBR.dat"
20:56:13.230 The log file has been saved successfully to "C:\Users\xxxxxx\Downloads\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 10 March 2012 - 12:14 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 10 March 2012 - 03:57 PM

OTL logfile created on: 3/10/2012 12:39:21 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\XXXXXX\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 20.68% Memory free
8.00 Gb Paging File | 3.18 Gb Available in Paging File | 39.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.00 Gb Total Space | 895.64 Gb Free Space | 64.11% Space Free | Partition Type: NTFS
Drive D: | 3.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1397.26 Gb Total Space | 1396.92 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: XXXXXX-PC | User Name: XXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\XXXXXX\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Games\Happy Chef\HappyChef.exe ()
PRC - C:\Users\XXXXXX\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\avformat-53.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\gcswf32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b74e1ad9110a39851b12cb46b3954163\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\35b997b2652f8f564b062e6a6e59055f\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9dbdf77b1208ccfea1b67b50084c3f1a\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1702c5e18cdd96c022d87c38561f19c9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files (x86)\Games\Happy Chef\HappyChef.exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VBoxGuest) -- C:\Windows\SysNative\drivers\VBoxGuest.sys (Oracle Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6B 3D 93 2B 19 FC CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 22 B5 88 15 A1 01 B5 47 B2 B9 7C 46 9B 3C 7A 39 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\XXXXXX\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\XXXXXX\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\XXXXXX\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\XXXXXX\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\XXXXXX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/19 17:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/04 02:18:49 | 000,000,000 | ---D | M]

[2011/07/13 20:00:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\Mozilla\Extensions
[2012/03/03 13:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\94fqh79w.default\extensions
[2011/09/06 12:18:11 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\94fqh79w.default\extensions\{47b3e982-f1de-487d-8ba1-575edd6b52f2}
[2011/07/28 21:10:42 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\94fqh79w.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2012/01/21 21:38:53 | 000,000,000 | ---D | M] (Facebook Translate) -- C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\94fqh79w.default\extensions\facebook-translate@oliver.schloebe.de
[2011/07/13 22:18:57 | 000,002,055 | ---- | M] () -- C:\Users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\94fqh79w.default\searchplugins\daemon-search.xml
[2012/01/17 11:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/19 17:17:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 13:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/01/17 11:44:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/17 11:44:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\XXXXXX\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\XXXXXX\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\XXXXXX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/06 20:41:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [VBoxTray] C:\Windows\SysNative\VBoxTray.exe (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD3C03EB-07A9-44B7-BFA5-F5EBD542ACAF}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 20:41:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/06 20:21:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/06 20:21:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/06 20:21:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/06 20:21:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/06 20:18:31 | 004,428,059 | R--- | C] (Swearware) -- C:\Users\XXXXXX\Desktop\ComboFix.exe
[2012/03/06 10:39:41 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{CB59A10C-5053-456F-A33C-3B6CD07FB7CC}
[2012/03/06 10:39:30 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{1988717D-493E-44ED-AB41-09138BF36EC2}
[2012/03/05 22:39:15 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{43A24BF2-B2BA-4C71-A024-0B1119715F46}
[2012/03/05 22:38:50 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{CD3642A9-1450-4803-8802-0B9CD6155488}
[2012/03/05 10:38:35 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{23EDECA7-8A05-4B5B-B93F-4D4B0E193987}
[2012/03/05 10:38:10 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{EBBE065C-EE63-488C-8C47-E4F7BF9DA10E}
[2012/03/04 22:37:41 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{2EA06A34-B395-4F4A-B1B5-A8C543879658}
[2012/03/04 22:36:52 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{AB7C8933-1472-4E67-B5A3-5325A44C882F}
[2012/03/04 10:36:36 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{665D66F5-EF1E-43EE-ADF0-2931DC47D482}
[2012/03/04 10:36:10 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{FCA5F4DA-74C6-4B9C-BFB6-6EF811C06F6D}
[2012/03/03 22:35:54 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{AFCBA0BD-6905-4E10-B9D9-4663AB557842}
[2012/03/03 22:35:41 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{00397E62-7B9A-4240-B7A2-6D45D53D87D7}
[2012/03/03 13:05:41 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\Desktop\GooredFix Backups
[2012/03/03 10:35:28 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{73C94630-C54C-4007-9B0F-AD56250BD5AB}
[2012/03/03 10:35:17 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{3AFFFA89-24B7-424E-B536-4D79B4B00C3F}
[2012/03/02 22:35:03 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{AF3D2BEC-0DC4-495F-B1AB-2F268438CCEE}
[2012/03/02 22:34:52 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{BFDEA44B-520E-4BBA-ABD6-D8C45326509D}
[2012/03/02 10:34:23 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{31E71306-43A6-466A-900C-2374022E640A}
[2012/03/01 22:33:56 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{CCA4B29B-1C1F-4F65-886E-7FD5025F7F80}
[2012/03/01 10:33:12 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{6EACF512-D6C1-4A29-A7B2-FEBA0596E005}
[2012/02/29 22:32:42 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{EDC552BA-EDB5-40C2-83FF-A57BD3612737}
[2012/02/29 10:32:07 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{BA9BD803-F18B-4683-9F66-2AE8F9A4AD13}
[2012/02/28 22:57:46 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Happy Chef
[2012/02/28 22:31:10 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{A1194DD6-DC13-4374-B648-9A9338C4CFBF}
[2012/02/28 22:31:00 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{1D95662C-DBEF-4A44-BE9F-21D91367B8D8}
[2012/02/28 19:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
[2012/02/28 19:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Elcomsoft Password Recovery
[2012/02/28 19:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elcomsoft Password Recovery
[2012/02/28 19:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elcomsoft
[2012/02/28 10:30:28 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{5530983D-5A24-4324-BF0F-DD09021BDEF3}
[2012/02/27 22:30:01 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{56EE0650-4A46-4415-8F45-7C72DB53E570}
[2012/02/27 10:29:16 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{0A379C1B-739B-411B-9709-B8A6D8A983F7}
[2012/02/27 10:28:53 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{90F8A93A-FBEA-44FB-BBE3-98EBEC1651D3}
[2012/02/27 01:29:00 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/02/25 08:31:15 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{044A6260-C73F-40F1-8B21-C20EFE2167CC}
[2012/02/24 20:30:21 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{2DCABE61-9594-4060-BB50-DB4134B1757F}
[2012/02/24 08:30:10 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{3D6E6552-DD9C-4A3E-B1AB-14BCAA275B9C}
[2012/02/23 16:09:46 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{3149CD3A-7C69-4052-98A9-5AF80B2838B8}
[2012/02/23 16:09:18 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{92FC44E0-B48F-476E-8D76-CC74AEE86B5A}
[2012/02/23 04:09:03 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{ACA6F955-BBFF-405B-8DF4-F18A845F4816}
[2012/02/23 04:08:41 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{4A7E7D26-68E3-4D75-ADC1-00BBC67574F1}
[2012/02/22 16:08:26 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{154EE009-7856-4D29-8458-027DB2B10A28}
[2012/02/22 16:08:05 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{B1A89961-07F2-433A-AED6-00D9028AEA77}
[2012/02/22 04:07:51 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{4C666730-FB40-458E-BD15-45A63B4F1D27}
[2012/02/22 04:07:29 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{E7E3BA02-F899-4FD6-9F7A-448A5EFC137C}
[2012/02/21 16:07:14 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{0B38AB16-5229-4144-8A1C-F9638127BF6D}
[2012/02/21 16:07:03 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{5A181073-0CF8-4BE0-B4F8-88FEA88C7932}
[2012/02/21 04:06:48 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{0BACAD41-96BF-42B6-ACC9-D34FD27F4A80}
[2012/02/21 04:06:22 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{04235904-2C4C-423D-928F-051E671B8637}
[2012/02/20 16:06:07 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{4712E50E-312A-4D10-9006-23BBBA28E4CE}
[2012/02/20 16:05:54 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{0A4B04C9-4C07-47AD-97DE-EC6B8D1B761F}
[2012/02/20 15:57:51 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{8D58A53C-F9BD-410F-B8C8-05BC0E24C264}
[2012/02/20 15:57:32 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{10CDA527-F02F-49E9-AFD2-240FCF375C25}
[2012/02/17 20:04:43 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\iPodtoComputer
[2012/02/17 20:03:41 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unicows.dll
[2012/02/17 20:03:41 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysNative\pthreadGC2.dll
[2012/02/17 20:03:38 | 000,098,304 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\L3CODECX.AX
[2012/02/17 20:03:37 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVCP71.DLL
[2012/02/17 20:03:36 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVCR71.DLL
[2012/02/17 20:03:35 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFC71.DLL
[2012/02/17 20:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cucusoft
[2012/02/17 19:39:44 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\WindSolutions
[2012/02/17 19:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012/02/17 19:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daniusoft
[2012/02/16 23:01:24 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\MediaMonkey
[2012/02/16 22:59:59 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\Mom's stuff
[2012/02/16 15:32:37 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{9DCAD7F1-BB41-4544-98C1-06DCFF29972B}
[2012/02/16 15:32:23 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{C8D843BE-14E3-474E-B187-C7B1A76BAD49}
[2012/02/16 03:32:08 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{48662A8A-7D95-4C20-B202-957DD28150AE}
[2012/02/16 03:31:50 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{FE200C4F-A3BB-4BA4-9645-13E06FEF07A7}
[2012/02/16 03:00:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/16 03:00:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/16 03:00:34 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/16 03:00:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/16 03:00:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/16 03:00:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/16 03:00:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/16 03:00:32 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/16 03:00:32 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/16 03:00:31 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/16 03:00:30 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/15 19:29:51 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 19:29:47 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 19:29:47 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 19:29:37 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 15:30:37 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{7CC3F782-E6A1-47CE-BCC8-C3CCECF303A0}
[2012/02/15 15:29:57 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{A3C2DA53-D486-417A-B9CD-AC338F3544BF}
[2012/02/15 03:29:22 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{E636B630-1EC4-4123-9E25-2807BE75B57B}
[2012/02/15 03:29:08 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{BDB23301-3D40-4197-A000-7C7FAF3D9EA5}
[2012/02/14 15:28:53 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{617CEFAF-AD5E-4C55-A54F-D6988B7DCD42}
[2012/02/14 15:28:43 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{8FA7FB24-B98A-48C7-9357-480835E60489}
[2012/02/14 03:28:20 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{3957E4A0-C897-4D4B-B7E1-5E525381C6BF}
[2012/02/14 03:28:05 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{C1AE87B9-A77C-4625-B43B-9DDA21F10CF8}
[2012/02/14 03:28:03 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Local\{62336AC2-1F83-40A1-829E-BA5CBAC46EBD}
[2012/02/14 03:02:37 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/14 03:02:37 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/14 03:02:37 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/14 03:02:37 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/14 03:02:37 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/14 03:02:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/14 03:02:37 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/14 03:02:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/14 03:02:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/14 03:02:36 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/14 03:02:36 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/14 03:02:36 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/14 03:02:36 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/14 03:02:36 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/14 03:02:36 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/14 03:02:36 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/14 03:02:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/14 03:02:36 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/14 03:02:36 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/14 03:02:36 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/14 03:02:36 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/14 03:02:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/14 03:02:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/14 03:02:36 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/14 03:02:36 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/14 03:02:36 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/14 03:02:36 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/14 03:02:34 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/14 03:02:34 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/14 03:02:34 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/14 03:02:34 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/14 03:02:34 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/14 03:02:34 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/14 03:02:34 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/14 03:02:34 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/14 03:02:34 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/14 03:02:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/14 03:02:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/14 03:02:34 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/14 03:02:34 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/14 03:02:34 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/14 03:02:34 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/14 03:02:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/14 03:02:34 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/14 03:02:34 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/14 03:02:34 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/14 03:02:34 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/14 03:02:34 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/14 03:02:34 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/14 03:02:34 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/14 03:02:34 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/14 03:02:34 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/14 03:02:34 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/14 03:02:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/14 03:02:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/14 03:02:34 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/14 03:02:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/14 03:02:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/14 03:02:34 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/14 03:02:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/14 03:02:34 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/18 09:55:51 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\XXXXXX\AppData\Roaming\pcouffin.sys
[2011/07/21 23:00:19 | 001,867,776 | ---- | C] (Cat Daddy Games) -- C:\Program Files (x86)\CasinoApp.exe
[1 C:\Users\XXXXXX\Desktop\*.tmp files -> C:\Users\XXXXXX\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/10 12:43:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/10 12:02:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2859841285-3223766666-1130209648-1000UA.job
[2012/03/09 15:55:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/09 14:02:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2859841285-3223766666-1130209648-1000Core.job
[2012/03/08 14:44:46 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/06 22:07:13 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 22:07:13 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 22:03:49 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2012/03/06 21:56:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/06 21:56:20 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/06 21:36:55 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/03/06 20:41:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/06 20:18:44 | 004,428,059 | R--- | M] (Swearware) -- C:\Users\XXXXXX\Desktop\ComboFix.exe
[2012/03/05 01:21:34 | 000,000,188 | ---- | M] () -- C:\Users\XXXXXX\defogger_reenable
[2012/03/02 11:22:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/27 01:29:00 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/02/27 01:20:13 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2012/02/25 21:54:29 | 000,001,057 | ---- | M] () -- C:\Users\XXXXXX\AppData\Roaming\vso_ts_preview.xml
[2012/02/20 16:01:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/20 15:45:32 | 000,001,137 | ---- | M] () -- C:\Users\XXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/16 10:24:13 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/16 10:24:13 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/16 10:24:13 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/16 03:28:44 | 000,416,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/14 03:25:51 | 000,001,441 | ---- | M] () -- C:\Users\XXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/14 03:02:37 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/14 03:02:37 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/14 03:02:37 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/14 03:02:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/14 03:02:37 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/14 03:02:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/14 03:02:37 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/14 03:02:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/14 03:02:37 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/14 03:02:36 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/14 03:02:36 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/14 03:02:36 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/14 03:02:36 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/14 03:02:36 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/14 03:02:36 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/14 03:02:36 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/14 03:02:36 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/14 03:02:36 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/14 03:02:36 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/14 03:02:36 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/14 03:02:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/14 03:02:36 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/14 03:02:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/14 03:02:36 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/14 03:02:36 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/14 03:02:36 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/14 03:02:36 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/14 03:02:36 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/14 03:02:34 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/14 03:02:34 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/14 03:02:34 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/14 03:02:34 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/14 03:02:34 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/14 03:02:34 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/14 03:02:34 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/14 03:02:34 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/14 03:02:34 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/14 03:02:34 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/14 03:02:34 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/14 03:02:34 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/14 03:02:34 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/14 03:02:34 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/14 03:02:34 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/14 03:02:34 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/14 03:02:34 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/14 03:02:34 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/14 03:02:34 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/14 03:02:34 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/14 03:02:34 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/14 03:02:34 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/14 03:02:34 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/14 03:02:34 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/14 03:02:34 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/14 03:02:34 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/14 03:02:34 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/14 03:02:34 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/14 03:02:34 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/14 03:02:34 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/14 03:02:34 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/14 03:02:34 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/14 03:02:34 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/14 03:02:34 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/14 03:02:34 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[1 C:\Users\XXXXXX\Desktop\*.tmp files -> C:\Users\XXXXXX\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 20:21:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/06 20:21:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/06 20:21:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/06 20:21:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/06 20:21:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/05 01:21:33 | 000,000,188 | ---- | C] () -- C:\Users\XXXXXX\defogger_reenable
[2012/02/20 16:01:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/20 15:45:32 | 000,001,137 | ---- | C] () -- C:\Users\XXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/17 20:03:41 | 000,057,344 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2012/02/17 20:03:41 | 000,006,144 | ---- | C] () -- C:\Windows\SysNative\ff_acm.acm
[2012/02/14 03:02:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/14 03:02:34 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/09 23:41:05 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/06 22:23:08 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/08/18 09:57:35 | 000,001,057 | ---- | C] () -- C:\Users\XXXXXX\AppData\Roaming\vso_ts_preview.xml
[2011/08/18 09:55:51 | 000,099,384 | ---- | C] () -- C:\Users\XXXXXX\AppData\Roaming\inst.exe
[2011/08/18 09:55:51 | 000,007,859 | ---- | C] () -- C:\Users\XXXXXX\AppData\Roaming\pcouffin.cat
[2011/08/18 09:55:51 | 000,001,167 | ---- | C] () -- C:\Users\XXXXXX\AppData\Roaming\pcouffin.inf
[2011/08/16 21:37:19 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/07/21 23:00:32 | 000,027,612 | ---- | C] () -- C:\Program Files (x86)\DIVINE.AIF
[2011/07/21 23:00:31 | 012,201,076 | ---- | C] () -- C:\Program Files (x86)\DIVINE.ADF
[2011/07/21 23:00:19 | 000,319,488 | ---- | C] () -- C:\Program Files (x86)\setup.exe
[2011/07/21 23:00:17 | 000,000,469 | ---- | C] () -- C:\Program Files (x86)\FILE_ID.DIZ
[2011/07/19 11:40:06 | 000,156,160 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2011/07/13 22:48:15 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/07/13 22:26:59 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:27D40D6F
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:6A4D7243
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E6EC5C2A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:73B78E79
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C9BC8592

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users