Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

looks like google redirect virus has me bad


  • This topic is locked This topic is locked
79 replies to this topic

#1 fixMeMommy

fixMeMommy

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 22 June 2012 - 01:47 AM

Started getting redirects with nearly every click on a link in T'bird. Also notice IE is running twice in the background and cannot be shut down. Everyone says you maestros are the ones to come to. Head bowed, hat in hand . . .

Here's the dds logfile:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by jonnyMondo at 23:35:04 on 2012-06-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7935.5797 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Studio 2\SMonitor.exe
C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [OS2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Studio 2\SMonitor.exe"
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [CDDB] rundll32.exe C:\Users\jonnyMondo\AppData\Local\CDDB\fmbseqhn.dll,AllocatePfxEngineClient
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe
StartupFolder: C:\Users\JONNYM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D19FB9AA-F84F-4A9B-9AB8-45395E86DD79} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-8-24 21880]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AODDriver;AODDriver;C:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\aoddriver.sys [2011-11-4 52280]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-22 04:40:53 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{268FEFBA-CE6D-4BED-BCF8-B652839660BE}\offreg.dll
2012-06-22 04:40:49 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-22 04:25:41 98816 ----a-w- C:\Windows\sed.exe
2012-06-22 04:25:41 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-22 04:25:41 256000 ----a-w- C:\Windows\PEV.exe
2012-06-22 04:25:41 208896 ----a-w- C:\Windows\MBR.exe
2012-06-21 19:34:28 -------- d-----w- C:\Users\jonnyMondo\AppData\Local\{DAF3DE41-97BB-11E1-826E-B8AC6F996F26}
2012-06-21 19:11:28 -------- d-----w- C:\Users\jonnyMondo\AppData\Roaming\SUPERAntiSpyware.com
2012-06-21 19:10:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-21 19:10:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-21 19:08:41 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-21 19:08:41 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-17 07:16:45 -------- d-----w- C:\Users\jonnyMondo\AppData\Local\CDDB
2012-06-16 21:08:53 -------- d-----w- C:\Users\jonnyMondo\AppData\Roaming\Thinstall
2012-06-16 21:08:53 -------- d-----w- C:\Users\jonnyMondo\AppData\Local\Thinstall
.
==================== Find3M ====================
.
2012-05-18 17:45:18 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 17:45:18 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-05 17:20:13 376832 ----a-w- C:\Program Files\Ultimate Windows Tweaker.exe
.
============= FINISH: 23:35:15.94 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 22 June 2012 - 01:55 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 23 June 2012 - 05:22 PM

Hey Gringo, thanx for your prompt and thoughtful reply.

As requested here are the files from Security Check and comboFix:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 11.2.202.235 Flash Player out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox 6.0 Firefox out of Date!
Mozilla Thunderbird (3.1.7) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



ComboFix 12-06-23.05 - jonnyMondo 06/23/2012 14:36:33.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7935.6473 [GMT -7:00]
Running from: c:\users\jonnyMondo\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jonnyMondo\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 21:40 . 2012-06-23 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 21:40 . 2012-06-23 21:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-22 23:26 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 23:26 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 23:26 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 23:26 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 23:26 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 23:26 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 23:26 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 23:26 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 23:26 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 21:15 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-22 21:15 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-22 21:15 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-22 21:15 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-22 21:15 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-22 21:15 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-22 21:15 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-22 21:14 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-22 21:14 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-22 21:14 . 2012-06-22 21:14 -------- d-----w- c:\programdata\AVAST Software
2012-06-22 21:14 . 2012-06-22 21:14 -------- d-----w- c:\program files\AVAST Software
2012-06-22 21:05 . 2012-06-22 21:05 -------- d-----w- c:\program files (x86)\WhiteSmoke_US
2012-06-21 19:34 . 2012-06-21 19:34 -------- d-----w- c:\users\jonnyMondo\AppData\Local\{DAF3DE41-97BB-11E1-826E-B8AC6F996F26}
2012-06-21 19:11 . 2012-06-21 19:11 -------- d-----w- c:\users\jonnyMondo\AppData\Roaming\SUPERAntiSpyware.com
2012-06-21 19:10 . 2012-06-21 19:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-21 19:10 . 2012-06-21 19:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-21 19:08 . 2012-06-21 19:08 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-21 19:08 . 2012-06-21 19:08 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-21 19:08 . 2012-06-21 19:08 -------- d-----w- c:\program files\Java
2012-06-17 07:16 . 2012-06-17 07:16 -------- d-----w- c:\users\jonnyMondo\AppData\Local\CDDB
2012-06-16 21:08 . 2012-06-16 21:08 -------- d-----w- c:\users\jonnyMondo\AppData\Roaming\Thinstall
2012-06-16 21:08 . 2012-06-16 21:08 -------- d-----w- c:\users\jonnyMondo\AppData\Local\Thinstall
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-18 17:45 . 2012-05-18 17:45 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-18 17:45 . 2011-11-07 05:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 22:56 . 2011-11-04 17:33 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 17:20 . 2011-11-05 22:02 376832 ----a-w- c:\program files\Ultimate Windows Tweaker.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-11-04 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-11-04 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-06-22_04.32.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-22 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-23 21:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-23 21:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-22 04:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-22 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 21:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-22 20:13 34322 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-23 21:18 42314 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-11-04 06:39 . 2012-06-12 15:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-04 06:39 . 2012-06-23 21:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-04 06:39 . 2012-06-23 21:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-04 06:39 . 2012-06-12 15:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 21:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-12 15:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-02 22:19 . 2012-06-02 22:19 79232 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2009-07-14 04:46 . 2012-06-23 21:06 99064 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-11-04 09:04 . 2012-06-22 04:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-04 09:04 . 2012-06-23 21:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-04 09:04 . 2012-06-22 04:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-04 09:04 . 2012-06-23 21:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-04 06:45 . 2012-06-23 21:18 8730 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2482551037-1996235705-2633259471-1000_UserData.bin
- 2012-06-22 04:31 . 2012-06-22 04:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-23 21:42 . 2012-06-23 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-23 21:42 . 2012-06-23 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-22 04:31 . 2012-06-22 04:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-21 20:04 625532 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-23 21:21 625532 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-21 20:04 106898 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-23 21:21 106898 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-23 21:40 396972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-22 04:30 396972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2012-06-22 23:38 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-01-01 01:08 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 04:45 . 2012-06-23 20:36 7087352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-03-15 04:21 7087352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-11-04 18:02 . 2012-06-23 21:40 30207420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2482551037-1996235705-2633259471-1000-8192.dat
- 2011-11-04 18:02 . 2012-06-22 04:30 30207420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2482551037-1996235705-2633259471-1000-8192.dat
+ 2011-11-04 18:02 . 2012-06-23 21:15 27017460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2482551037-1996235705-2633259471-1000-12288.dat
- 2011-11-04 18:02 . 2012-05-18 17:35 27017460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2482551037-1996235705-2633259471-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cce665dd-f6dd-4808-968e-eaec971f70ef}"= "c:\program files (x86)\WhiteSmoke_US\prxtbWhit.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{cce665dd-f6dd-4808-968e-eaec971f70ef}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{cce665dd-f6dd-4808-968e-eaec971f70ef}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\WhiteSmoke_US\prxtbWhit.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{cce665dd-f6dd-4808-968e-eaec971f70ef}"= "c:\program files (x86)\WhiteSmoke_US\prxtbWhit.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{cce665dd-f6dd-4808-968e-eaec971f70ef}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"OS2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Studio 2\SMonitor.exe" [2007-12-01 95536]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"CDDB"="c:\users\jonnyMondo\AppData\Local\CDDB\fmbseqhn.dll" [2012-01-27 339968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2003-12-13 33792]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\jonnyMondo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736]
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-12-24 292240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-24 641832]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-08-24 21880]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AODDriver;AODDriver;c:\program files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys [2010-03-12 52280]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AODDRIVER
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspxctid=CT3198785&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{CCE665DD-F6DD-4808-968E-EAEC971F70EF} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-06-23 14:46:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 21:46
ComboFix2.txt 2012-06-22 04:35
.
Pre-Run: 4,736,708,608 bytes free
Post-Run: 4,705,697,792 bytes free
.
- - End Of File - - 2326F59C6D7A6B1DBE08997F15F838B1

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 23 June 2012 - 08:54 PM

Greetings

please give a small status update after each step so I have an idea on how things are progressing



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 24 June 2012 - 12:01 AM

Hey gringo,

Sorry there's been nothing to report as to progress (still redirecting on nearly every link I try in firefox and still multiple instances of IE running in the background--nine at the moment).

Here are the text files from tdsskiller and aswmbr your requested (thanx a meg dude):

21:45:32.0840 1756 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
21:45:33.0370 1756 ============================================================
21:45:33.0370 1756 Current date / time: 2012/06/23 21:45:33.0370
21:45:33.0370 1756 SystemInfo:
21:45:33.0370 1756
21:45:33.0370 1756 OS Version: 6.1.7601 ServicePack: 1.0
21:45:33.0370 1756 Product type: Workstation
21:45:33.0370 1756 ComputerName: WANDAJUNE
21:45:33.0370 1756 UserName: jonnyMondo
21:45:33.0370 1756 Windows directory: C:\Windows
21:45:33.0370 1756 System windows directory: C:\Windows
21:45:33.0370 1756 Running under WOW64
21:45:33.0370 1756 Processor architecture: Intel x64
21:45:33.0370 1756 Number of processors: 2
21:45:33.0370 1756 Page size: 0x1000
21:45:33.0370 1756 Boot type: Normal boot
21:45:33.0370 1756 ============================================================
21:45:34.0290 1756 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:45:34.0306 1756 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:45:43.0058 1756 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:45:43.0058 1756 Drive \Device\Harddisk4\DR4 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:45:43.0073 1756 ============================================================
21:45:43.0073 1756 \Device\Harddisk0\DR0:
21:45:43.0089 1756 MBR partitions:
21:45:43.0089 1756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5D26781
21:45:43.0089 1756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5D267C0, BlocksNum 0x37E7D01
21:45:43.0089 1756 \Device\Harddisk1\DR1:
21:45:43.0089 1756 MBR partitions:
21:45:43.0089 1756 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702
21:45:43.0089 1756 \Device\Harddisk2\DR2:
21:45:43.0089 1756 MBR partitions:
21:45:43.0089 1756 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
21:45:43.0089 1756 \Device\Harddisk4\DR4:
21:45:43.0089 1756 MBR partitions:
21:45:43.0089 1756 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD5299
21:45:43.0089 1756 ============================================================
21:45:43.0120 1756 C: <-> \Device\Harddisk0\DR0\Partition0
21:45:43.0120 1756 F: <-> \Device\Harddisk1\DR1\Partition0
21:45:43.0120 1756 L: <-> \Device\Harddisk4\DR4\Partition0
21:45:43.0120 1756 M: <-> \Device\Harddisk2\DR2\Partition0
21:45:43.0229 1756 E: <-> \Device\Harddisk0\DR0\Partition1
21:45:43.0229 1756 ============================================================
21:45:43.0229 1756 Initialize success
21:45:43.0229 1756 ============================================================
21:45:45.0491 4040 ============================================================
21:45:45.0491 4040 Scan started
21:45:45.0491 4040 Mode: Manual;
21:45:45.0491 4040 ============================================================
21:45:47.0223 4040 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:45:47.0223 4040 !SASCORE - ok
21:45:47.0613 4040 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:45:47.0613 4040 1394ohci - ok
21:45:47.0660 4040 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
21:45:47.0660 4040 61883 - ok
21:45:47.0722 4040 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:45:47.0738 4040 ACPI - ok
21:45:47.0753 4040 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:45:47.0753 4040 AcpiPmi - ok
21:45:47.0909 4040 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:45:47.0925 4040 AdobeARMservice - ok
21:45:47.0987 4040 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:45:48.0018 4040 adp94xx - ok
21:45:48.0081 4040 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:45:48.0096 4040 adpahci - ok
21:45:48.0159 4040 adpu160m (3bfb2b189ba0310fc160afee9917ff99) C:\Windows\system32\DRIVERS\adpu160m.sys
21:45:48.0174 4040 adpu160m - ok
21:45:48.0190 4040 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:45:48.0206 4040 adpu320 - ok
21:45:48.0237 4040 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:45:48.0237 4040 AeLookupSvc - ok
21:45:48.0299 4040 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:45:48.0315 4040 AFD - ok
21:45:48.0346 4040 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:45:48.0346 4040 agp440 - ok
21:45:48.0377 4040 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:45:48.0393 4040 ALG - ok
21:45:48.0408 4040 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:45:48.0408 4040 aliide - ok
21:45:48.0455 4040 AMD External Events Utility (e0fd88ead5d8b1fae64a500d1d825c6d) C:\Windows\system32\atiesrxx.exe
21:45:48.0471 4040 AMD External Events Utility - ok
21:45:48.0486 4040 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:45:48.0486 4040 amdide - ok
21:45:48.0518 4040 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:45:48.0518 4040 AmdK8 - ok
21:45:48.0830 4040 amdkmdag (9337b5fabc03ca44cd355f700da9b25b) C:\Windows\system32\DRIVERS\atipmdag.sys
21:45:49.0001 4040 amdkmdag - ok
21:45:49.0110 4040 amdkmdap (560688a447e7a87f43774a2ff23a3e52) C:\Windows\system32\DRIVERS\atikmpag.sys
21:45:49.0110 4040 amdkmdap - ok
21:45:49.0142 4040 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:45:49.0142 4040 AmdPPM - ok
21:45:49.0173 4040 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
21:45:49.0188 4040 amdsata - ok
21:45:49.0204 4040 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:45:49.0220 4040 amdsbs - ok
21:45:49.0235 4040 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
21:45:49.0235 4040 amdxata - ok
21:45:49.0329 4040 AODDriver (b934322c68c30dceca96c0274a51f7b0) C:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys
21:45:49.0329 4040 AODDriver - ok
21:45:49.0407 4040 APC Data Service (437a8fd32c54b9b072663127df6f4a26) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
21:45:49.0407 4040 APC Data Service - ok
21:45:49.0500 4040 APC UPS Service (05111648d41351d1f0eba05c9165b3da) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
21:45:49.0516 4040 APC UPS Service - ok
21:45:49.0532 4040 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:45:49.0532 4040 AppID - ok
21:45:49.0563 4040 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:45:49.0563 4040 AppIDSvc - ok
21:45:49.0594 4040 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:45:49.0594 4040 Appinfo - ok
21:45:49.0641 4040 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:45:49.0656 4040 AppMgmt - ok
21:45:49.0703 4040 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:45:49.0719 4040 arc - ok
21:45:49.0734 4040 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:45:49.0750 4040 arcsas - ok
21:45:49.0844 4040 AsIO (a82c01606dc27d05d9d3bfb6bb807e32) C:\Windows\syswow64\drivers\AsIO.sys
21:45:49.0844 4040 AsIO - ok
21:45:49.0890 4040 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
21:45:49.0890 4040 aswFsBlk - ok
21:45:49.0937 4040 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
21:45:49.0937 4040 aswMonFlt - ok
21:45:49.0968 4040 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
21:45:49.0968 4040 aswRdr - ok
21:45:50.0062 4040 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
21:45:50.0078 4040 aswSnx - ok
21:45:50.0109 4040 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
21:45:50.0109 4040 aswSP - ok
21:45:50.0124 4040 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
21:45:50.0124 4040 aswTdi - ok
21:45:50.0140 4040 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:45:50.0140 4040 AsyncMac - ok
21:45:50.0156 4040 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:45:50.0156 4040 atapi - ok
21:45:50.0218 4040 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
21:45:50.0234 4040 AtiHdmiService - ok
21:45:50.0280 4040 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:45:50.0280 4040 AtiPcie - ok
21:45:50.0358 4040 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:45:50.0390 4040 AudioEndpointBuilder - ok
21:45:50.0405 4040 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:45:50.0405 4040 AudioSrv - ok
21:45:50.0499 4040 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:45:50.0499 4040 avast! Antivirus - ok
21:45:50.0546 4040 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
21:45:50.0546 4040 Avc - ok
21:45:50.0592 4040 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:45:50.0608 4040 AxInstSV - ok
21:45:50.0686 4040 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:45:50.0702 4040 b06bdrv - ok
21:45:50.0748 4040 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:45:50.0764 4040 b57nd60a - ok
21:45:50.0811 4040 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:45:50.0811 4040 BDESVC - ok
21:45:50.0826 4040 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:45:50.0826 4040 Beep - ok
21:45:50.0889 4040 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:45:50.0904 4040 BFE - ok
21:45:50.0967 4040 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:45:50.0998 4040 BITS - ok
21:45:51.0060 4040 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:45:51.0060 4040 blbdrive - ok
21:45:51.0138 4040 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:45:51.0138 4040 Bonjour Service - ok
21:45:51.0185 4040 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:45:51.0201 4040 bowser - ok
21:45:51.0216 4040 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:45:51.0216 4040 BrFiltLo - ok
21:45:51.0232 4040 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:45:51.0232 4040 BrFiltUp - ok
21:45:51.0279 4040 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:45:51.0279 4040 BridgeMP - ok
21:45:51.0310 4040 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:45:51.0326 4040 Browser - ok
21:45:51.0357 4040 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:45:51.0372 4040 Brserid - ok
21:45:51.0372 4040 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:45:51.0372 4040 BrSerWdm - ok
21:45:51.0388 4040 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:45:51.0388 4040 BrUsbMdm - ok
21:45:51.0388 4040 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:45:51.0388 4040 BrUsbSer - ok
21:45:51.0404 4040 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:45:51.0404 4040 BTHMODEM - ok
21:45:51.0435 4040 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:45:51.0450 4040 bthserv - ok
21:45:51.0450 4040 catchme - ok
21:45:51.0482 4040 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:45:51.0482 4040 cdfs - ok
21:45:51.0528 4040 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:45:51.0528 4040 cdrom - ok
21:45:51.0544 4040 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:45:51.0560 4040 CertPropSvc - ok
21:45:51.0575 4040 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:45:51.0575 4040 circlass - ok
21:45:51.0606 4040 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:45:51.0622 4040 CLFS - ok
21:45:51.0669 4040 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:45:51.0684 4040 clr_optimization_v2.0.50727_32 - ok
21:45:51.0716 4040 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:45:51.0731 4040 clr_optimization_v2.0.50727_64 - ok
21:45:51.0794 4040 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:45:51.0794 4040 clr_optimization_v4.0.30319_32 - ok
21:45:51.0825 4040 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:45:51.0840 4040 clr_optimization_v4.0.30319_64 - ok
21:45:51.0872 4040 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:45:51.0872 4040 CmBatt - ok
21:45:51.0903 4040 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:45:51.0903 4040 cmdide - ok
21:45:51.0934 4040 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:45:51.0950 4040 CNG - ok
21:45:51.0965 4040 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:45:51.0965 4040 Compbatt - ok
21:45:51.0981 4040 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:45:51.0981 4040 CompositeBus - ok
21:45:51.0996 4040 COMSysApp - ok
21:45:51.0996 4040 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:45:51.0996 4040 crcdisk - ok
21:45:52.0043 4040 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:45:52.0043 4040 CryptSvc - ok
21:45:52.0121 4040 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:45:52.0152 4040 CSC - ok
21:45:52.0199 4040 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:45:52.0230 4040 CscService - ok
21:45:52.0433 4040 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:45:52.0480 4040 DcomLaunch - ok
21:45:52.0527 4040 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:45:52.0542 4040 defragsvc - ok
21:45:52.0589 4040 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:45:52.0605 4040 DfsC - ok
21:45:52.0652 4040 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:45:52.0667 4040 Dhcp - ok
21:45:52.0683 4040 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:45:52.0683 4040 discache - ok
21:45:52.0714 4040 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:45:52.0714 4040 Disk - ok
21:45:52.0730 4040 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
21:45:52.0745 4040 dmvsc - ok
21:45:52.0776 4040 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:45:52.0792 4040 Dnscache - ok
21:45:52.0808 4040 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:45:52.0823 4040 dot3svc - ok
21:45:52.0839 4040 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:45:52.0854 4040 DPS - ok
21:45:52.0870 4040 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:45:52.0870 4040 drmkaud - ok
21:45:52.0948 4040 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:45:52.0948 4040 DXGKrnl - ok
21:45:52.0979 4040 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:45:52.0979 4040 EapHost - ok
21:45:53.0166 4040 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:45:53.0276 4040 ebdrv - ok
21:45:53.0369 4040 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
21:45:53.0369 4040 EFS - ok
21:45:53.0432 4040 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:45:53.0447 4040 ehRecvr - ok
21:45:53.0463 4040 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:45:53.0463 4040 ehSched - ok
21:45:53.0541 4040 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:45:53.0556 4040 elxstor - ok
21:45:53.0572 4040 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:45:53.0572 4040 ErrDev - ok
21:45:53.0634 4040 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:45:53.0634 4040 EventSystem - ok
21:45:53.0666 4040 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:45:53.0666 4040 exfat - ok
21:45:53.0681 4040 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:45:53.0697 4040 fastfat - ok
21:45:53.0759 4040 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:45:53.0790 4040 Fax - ok
21:45:53.0806 4040 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:45:53.0806 4040 fdc - ok
21:45:53.0837 4040 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:45:53.0837 4040 fdPHost - ok
21:45:53.0837 4040 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:45:53.0853 4040 FDResPub - ok
21:45:53.0868 4040 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:45:53.0868 4040 FileInfo - ok
21:45:53.0884 4040 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:45:53.0884 4040 Filetrace - ok
21:45:53.0993 4040 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:45:54.0009 4040 FLEXnet Licensing Service - ok
21:45:54.0024 4040 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:45:54.0024 4040 flpydisk - ok
21:45:54.0056 4040 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:45:54.0056 4040 FltMgr - ok
21:45:54.0134 4040 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
21:45:54.0165 4040 FontCache - ok
21:45:54.0243 4040 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:45:54.0243 4040 FontCache3.0.0.0 - ok
21:45:54.0290 4040 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:45:54.0290 4040 FsDepends - ok
21:45:54.0305 4040 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:45:54.0305 4040 Fs_Rec - ok
21:45:54.0336 4040 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:45:54.0352 4040 fvevol - ok
21:45:54.0368 4040 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:45:54.0368 4040 gagp30kx - ok
21:45:54.0430 4040 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:45:54.0446 4040 gpsvc - ok
21:45:54.0461 4040 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:45:54.0461 4040 hcw85cir - ok
21:45:54.0508 4040 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:45:54.0524 4040 HdAudAddService - ok
21:45:54.0570 4040 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:45:54.0586 4040 HDAudBus - ok
21:45:54.0586 4040 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:45:54.0602 4040 HidBatt - ok
21:45:54.0617 4040 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:45:54.0633 4040 HidBth - ok
21:45:54.0633 4040 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:45:54.0633 4040 HidIr - ok
21:45:54.0664 4040 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:45:54.0664 4040 hidserv - ok
21:45:54.0711 4040 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:45:54.0711 4040 HidUsb - ok
21:45:54.0742 4040 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:45:54.0758 4040 hkmsvc - ok
21:45:54.0789 4040 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:45:54.0804 4040 HomeGroupListener - ok
21:45:54.0836 4040 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:45:54.0851 4040 HomeGroupProvider - ok
21:45:54.0867 4040 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:45:54.0867 4040 HpSAMD - ok
21:45:54.0914 4040 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:45:54.0945 4040 HTTP - ok
21:45:54.0960 4040 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:45:54.0960 4040 hwpolicy - ok
21:45:54.0976 4040 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:45:54.0992 4040 i8042prt - ok
21:45:55.0023 4040 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
21:45:55.0038 4040 iaStorV - ok
21:45:55.0116 4040 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:45:55.0132 4040 IDriverT - ok
21:45:55.0272 4040 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:45:55.0288 4040 idsvc - ok
21:45:55.0382 4040 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:45:55.0382 4040 iirsp - ok
21:45:55.0475 4040 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:45:55.0506 4040 IKEEXT - ok
21:45:55.0678 4040 IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys
21:45:55.0694 4040 IntcAzAudAddService - ok
21:45:55.0772 4040 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:45:55.0787 4040 intelide - ok
21:45:55.0803 4040 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
21:45:55.0818 4040 intelppm - ok
21:45:55.0850 4040 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:45:55.0850 4040 IPBusEnum - ok
21:45:55.0865 4040 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:45:55.0865 4040 IpFilterDriver - ok
21:45:55.0896 4040 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:45:55.0928 4040 iphlpsvc - ok
21:45:55.0928 4040 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:45:55.0928 4040 IPMIDRV - ok
21:45:55.0943 4040 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:45:55.0943 4040 IPNAT - ok
21:45:55.0959 4040 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:45:55.0959 4040 IRENUM - ok
21:45:55.0974 4040 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:45:55.0974 4040 isapnp - ok
21:45:55.0990 4040 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\DRIVERS\msiscsi.sys
21:45:56.0006 4040 iScsiPrt - ok
21:45:56.0021 4040 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:45:56.0021 4040 kbdclass - ok
21:45:56.0052 4040 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:45:56.0052 4040 kbdhid - ok
21:45:56.0068 4040 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:45:56.0068 4040 KeyIso - ok
21:45:56.0084 4040 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:45:56.0084 4040 KSecDD - ok
21:45:56.0099 4040 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:45:56.0099 4040 KSecPkg - ok
21:45:56.0115 4040 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:45:56.0115 4040 ksthunk - ok
21:45:56.0162 4040 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:45:56.0177 4040 KtmRm - ok
21:45:56.0224 4040 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:45:56.0240 4040 LanmanServer - ok
21:45:56.0271 4040 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:45:56.0302 4040 LanmanWorkstation - ok
21:45:56.0333 4040 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:45:56.0349 4040 lltdio - ok
21:45:56.0396 4040 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:45:56.0411 4040 lltdsvc - ok
21:45:56.0427 4040 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:45:56.0442 4040 lmhosts - ok
21:45:56.0474 4040 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:45:56.0489 4040 LSI_FC - ok
21:45:56.0520 4040 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:45:56.0520 4040 LSI_SAS - ok
21:45:56.0536 4040 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:45:56.0536 4040 LSI_SAS2 - ok
21:45:56.0567 4040 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:45:56.0567 4040 LSI_SCSI - ok
21:45:56.0598 4040 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:45:56.0598 4040 luafv - ok
21:45:56.0630 4040 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:45:56.0630 4040 Mcx2Svc - ok
21:45:56.0645 4040 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:45:56.0645 4040 megasas - ok
21:45:56.0676 4040 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:45:56.0676 4040 MegaSR - ok
21:45:56.0708 4040 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:45:56.0708 4040 MMCSS - ok
21:45:56.0723 4040 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:45:56.0723 4040 Modem - ok
21:45:56.0754 4040 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:45:56.0754 4040 monitor - ok
21:45:56.0770 4040 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:45:56.0770 4040 mouclass - ok
21:45:56.0801 4040 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:45:56.0801 4040 mouhid - ok
21:45:56.0817 4040 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:45:56.0817 4040 mountmgr - ok
21:45:56.0848 4040 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:45:56.0864 4040 mpio - ok
21:45:56.0879 4040 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:45:56.0879 4040 mpsdrv - ok
21:45:56.0942 4040 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:45:56.0957 4040 MpsSvc - ok
21:45:56.0973 4040 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:45:56.0988 4040 MRxDAV - ok
21:45:57.0035 4040 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:45:57.0051 4040 mrxsmb - ok
21:45:57.0082 4040 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:45:57.0098 4040 mrxsmb10 - ok
21:45:57.0113 4040 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:45:57.0129 4040 mrxsmb20 - ok
21:45:57.0160 4040 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:45:57.0160 4040 msahci - ok
21:45:57.0191 4040 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:45:57.0191 4040 msdsm - ok
21:45:57.0238 4040 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:45:57.0254 4040 MSDTC - ok
21:45:57.0300 4040 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
21:45:57.0316 4040 MSDV - ok
21:45:57.0332 4040 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:45:57.0332 4040 Msfs - ok
21:45:57.0347 4040 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:45:57.0347 4040 mshidkmdf - ok
21:45:57.0363 4040 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:45:57.0363 4040 msisadrv - ok
21:45:57.0394 4040 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:45:57.0410 4040 MSiSCSI - ok
21:45:57.0410 4040 msiserver - ok
21:45:57.0441 4040 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:45:57.0441 4040 MSKSSRV - ok
21:45:57.0441 4040 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:45:57.0441 4040 MSPCLOCK - ok
21:45:57.0456 4040 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:45:57.0472 4040 MSPQM - ok
21:45:57.0488 4040 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:45:57.0503 4040 MsRPC - ok
21:45:57.0519 4040 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:45:57.0519 4040 mssmbios - ok
21:45:57.0519 4040 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:45:57.0534 4040 MSTEE - ok
21:45:57.0534 4040 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:45:57.0534 4040 MTConfig - ok
21:45:57.0581 4040 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
21:45:57.0581 4040 MTsensor - ok
21:45:57.0597 4040 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:45:57.0597 4040 Mup - ok
21:45:57.0628 4040 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:45:57.0659 4040 napagent - ok
21:45:57.0690 4040 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:45:57.0706 4040 NativeWifiP - ok
21:45:57.0862 4040 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files (x86)\Nero\Update\NASvc.exe
21:45:57.0878 4040 NAUpdate - ok
21:45:57.0940 4040 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:45:57.0971 4040 NDIS - ok
21:45:57.0987 4040 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:45:58.0002 4040 NdisCap - ok
21:45:58.0018 4040 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:45:58.0018 4040 NdisTapi - ok
21:45:58.0034 4040 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:45:58.0034 4040 Ndisuio - ok
21:45:58.0049 4040 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:45:58.0065 4040 NdisWan - ok
21:45:58.0080 4040 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:45:58.0080 4040 NDProxy - ok
21:45:58.0096 4040 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:45:58.0096 4040 NetBIOS - ok
21:45:58.0127 4040 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:45:58.0127 4040 NetBT - ok
21:45:58.0158 4040 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:45:58.0158 4040 Netlogon - ok
21:45:58.0205 4040 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:45:58.0221 4040 Netman - ok
21:45:58.0268 4040 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:45:58.0283 4040 netprofm - ok
21:45:58.0377 4040 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:45:58.0392 4040 NetTcpPortSharing - ok
21:45:58.0408 4040 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:45:58.0424 4040 nfrd960 - ok
21:45:58.0470 4040 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:45:58.0502 4040 NlaSvc - ok
21:45:58.0502 4040 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:45:58.0502 4040 Npfs - ok
21:45:58.0517 4040 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:45:58.0517 4040 nsi - ok
21:45:58.0533 4040 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:45:58.0533 4040 nsiproxy - ok
21:45:58.0626 4040 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
21:45:58.0673 4040 Ntfs - ok
21:45:58.0751 4040 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:45:58.0751 4040 Null - ok
21:45:58.0782 4040 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:45:58.0798 4040 nusb3hub - ok
21:45:58.0814 4040 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:45:58.0814 4040 nusb3xhc - ok
21:45:58.0845 4040 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
21:45:58.0860 4040 nvraid - ok
21:45:58.0876 4040 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
21:45:58.0892 4040 nvstor - ok
21:45:58.0923 4040 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:45:58.0938 4040 nv_agp - ok
21:45:58.0954 4040 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:45:58.0954 4040 ohci1394 - ok
21:45:58.0985 4040 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:45:59.0001 4040 p2pimsvc - ok
21:45:59.0048 4040 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:45:59.0063 4040 p2psvc - ok
21:45:59.0079 4040 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:45:59.0079 4040 Parport - ok
21:45:59.0110 4040 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:45:59.0110 4040 partmgr - ok
21:45:59.0126 4040 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:45:59.0141 4040 PcaSvc - ok
21:45:59.0157 4040 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:45:59.0157 4040 pci - ok
21:45:59.0172 4040 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:45:59.0172 4040 pciide - ok
21:45:59.0188 4040 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:45:59.0204 4040 pcmcia - ok
21:45:59.0219 4040 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:45:59.0219 4040 pcw - ok
21:45:59.0266 4040 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:45:59.0282 4040 PEAUTH - ok
21:45:59.0375 4040 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:45:59.0406 4040 PeerDistSvc - ok
21:45:59.0469 4040 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:45:59.0484 4040 PerfHost - ok
21:45:59.0625 4040 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:45:59.0656 4040 pla - ok
21:45:59.0718 4040 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:45:59.0734 4040 PlugPlay - ok
21:45:59.0750 4040 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:45:59.0750 4040 PNRPAutoReg - ok
21:45:59.0781 4040 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:45:59.0781 4040 PNRPsvc - ok
21:45:59.0843 4040 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:45:59.0859 4040 PolicyAgent - ok
21:45:59.0874 4040 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:45:59.0890 4040 Power - ok
21:45:59.0937 4040 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:45:59.0952 4040 PptpMiniport - ok
21:45:59.0968 4040 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:45:59.0984 4040 Processor - ok
21:46:00.0046 4040 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:46:00.0046 4040 ProfSvc - ok
21:46:00.0077 4040 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:46:00.0077 4040 ProtectedStorage - ok
21:46:00.0108 4040 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:46:00.0108 4040 Psched - ok
21:46:00.0140 4040 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:46:00.0140 4040 PxHlpa64 - ok
21:46:00.0452 4040 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:46:00.0514 4040 ql2300 - ok
21:46:01.0653 4040 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:46:01.0668 4040 ql40xx - ok
21:46:01.0700 4040 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:46:01.0731 4040 QWAVE - ok
21:46:01.0746 4040 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:46:01.0746 4040 QWAVEdrv - ok
21:46:01.0762 4040 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:46:01.0762 4040 RasAcd - ok
21:46:01.0793 4040 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:46:01.0793 4040 RasAgileVpn - ok
21:46:01.0824 4040 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:46:01.0840 4040 RasAuto - ok
21:46:01.0856 4040 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:46:01.0871 4040 Rasl2tp - ok
21:46:01.0887 4040 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:46:01.0902 4040 RasMan - ok
21:46:01.0934 4040 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:46:01.0934 4040 RasPppoe - ok
21:46:01.0965 4040 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:46:01.0965 4040 RasSstp - ok
21:46:01.0996 4040 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:46:02.0012 4040 rdbss - ok
21:46:02.0027 4040 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:46:02.0027 4040 rdpbus - ok
21:46:02.0043 4040 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:46:02.0043 4040 RDPCDD - ok
21:46:02.0121 4040 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:46:02.0121 4040 RDPDR - ok
21:46:02.0152 4040 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:46:02.0152 4040 RDPENCDD - ok
21:46:02.0168 4040 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:46:02.0168 4040 RDPREFMP - ok
21:46:02.0199 4040 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:46:02.0199 4040 RdpVideoMiniport - ok
21:46:02.0214 4040 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:46:02.0230 4040 RDPWD - ok
21:46:02.0261 4040 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:46:02.0261 4040 rdyboost - ok
21:46:02.0324 4040 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:46:02.0324 4040 RemoteAccess - ok
21:46:02.0339 4040 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:46:02.0355 4040 RemoteRegistry - ok
21:46:02.0370 4040 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:46:02.0386 4040 RpcEptMapper - ok
21:46:02.0402 4040 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:46:02.0402 4040 RpcLocator - ok
21:46:02.0433 4040 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:46:02.0448 4040 RpcSs - ok
21:46:02.0480 4040 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:46:02.0480 4040 rspndr - ok
21:46:02.0526 4040 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:46:02.0526 4040 RTL8167 - ok
21:46:02.0589 4040 RtNdPt60 (e16b7c030a05ef649b18fab0a93d871f) C:\Windows\system32\DRIVERS\RtNdPt60.sys
21:46:02.0589 4040 RtNdPt60 - ok
21:46:02.0620 4040 RTTEAMPT (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:46:02.0620 4040 RTTEAMPT - ok
21:46:02.0636 4040 RTVLANPT (b1018aa1b5735f5fa89fd4dadf4bea7a) C:\Windows\system32\DRIVERS\RtVlan60.sys
21:46:02.0636 4040 RTVLANPT - ok
21:46:02.0651 4040 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:46:02.0651 4040 s3cap - ok
21:46:02.0698 4040 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:46:02.0698 4040 SamSs - ok
21:46:02.0838 4040 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:46:02.0838 4040 SASDIFSV - ok
21:46:02.0870 4040 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:46:02.0885 4040 SASKUTIL - ok
21:46:02.0901 4040 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:46:02.0901 4040 sbp2port - ok
21:46:02.0948 4040 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:46:02.0963 4040 SCardSvr - ok
21:46:03.0275 4040 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
21:46:03.0275 4040 SCDEmu - ok
21:46:03.0369 4040 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:46:03.0400 4040 scfilter - ok
21:46:03.0634 4040 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:46:03.0696 4040 Schedule - ok
21:46:03.0712 4040 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:46:03.0728 4040 SCPolicySvc - ok
21:46:03.0743 4040 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:46:03.0743 4040 SDRSVC - ok
21:46:03.0790 4040 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:46:03.0806 4040 secdrv - ok
21:46:03.0806 4040 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:46:03.0821 4040 seclogon - ok
21:46:03.0821 4040 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:46:03.0837 4040 SENS - ok
21:46:03.0852 4040 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:46:03.0852 4040 SensrSvc - ok
21:46:03.0868 4040 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:46:03.0868 4040 Serenum - ok
21:46:03.0899 4040 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:46:03.0899 4040 Serial - ok
21:46:03.0915 4040 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:46:03.0915 4040 sermouse - ok
21:46:03.0946 4040 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:46:03.0962 4040 SessionEnv - ok
21:46:03.0962 4040 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:46:03.0962 4040 sffdisk - ok
21:46:03.0977 4040 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:46:03.0977 4040 sffp_mmc - ok
21:46:03.0977 4040 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:46:03.0977 4040 sffp_sd - ok
21:46:03.0977 4040 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:46:03.0993 4040 sfloppy - ok
21:46:04.0024 4040 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:46:04.0040 4040 SharedAccess - ok
21:46:04.0071 4040 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:46:04.0086 4040 ShellHWDetection - ok
21:46:04.0118 4040 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:46:04.0118 4040 SiSRaid2 - ok
21:46:04.0133 4040 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:46:04.0133 4040 SiSRaid4 - ok
21:46:04.0164 4040 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:46:04.0164 4040 Smb - ok
21:46:04.0180 4040 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:46:04.0180 4040 SNMPTRAP - ok
21:46:04.0196 4040 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:46:04.0196 4040 spldr - ok
21:46:04.0242 4040 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:46:04.0274 4040 Spooler - ok
21:46:04.0944 4040 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:46:05.0069 4040 sppsvc - ok
21:46:05.0693 4040 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:46:05.0724 4040 sppuinotify - ok
21:46:05.0896 4040 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:46:05.0943 4040 srv - ok
21:46:05.0990 4040 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:46:06.0005 4040 srv2 - ok
21:46:06.0036 4040 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:46:06.0052 4040 srvnet - ok
21:46:06.0099 4040 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:46:06.0130 4040 SSDPSRV - ok
21:46:06.0161 4040 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:46:06.0161 4040 SstpSvc - ok
21:46:06.0208 4040 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:46:06.0208 4040 stexstor - ok
21:46:06.0302 4040 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:46:06.0333 4040 stisvc - ok
21:46:06.0348 4040 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:46:06.0364 4040 storflt - ok
21:46:06.0380 4040 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:46:06.0380 4040 storvsc - ok
21:46:06.0395 4040 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:46:06.0395 4040 swenum - ok
21:46:06.0692 4040 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:46:06.0723 4040 SwitchBoard - ok
21:46:06.0801 4040 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:46:06.0832 4040 swprv - ok
21:46:06.0863 4040 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
21:46:06.0879 4040 Synth3dVsc - ok
21:46:07.0690 4040 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:46:07.0768 4040 SysMain - ok
21:46:08.0922 4040 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:46:08.0938 4040 TabletInputService - ok
21:46:08.0969 4040 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:46:09.0000 4040 TapiSrv - ok
21:46:09.0047 4040 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:46:09.0047 4040 TBS - ok
21:46:09.0983 4040 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:46:10.0046 4040 Tcpip - ok
21:46:11.0777 4040 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:46:11.0808 4040 TCPIP6 - ok
21:46:13.0665 4040 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:46:13.0680 4040 tcpipreg - ok
21:46:13.0696 4040 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:46:13.0696 4040 TDPIPE - ok
21:46:13.0696 4040 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:46:13.0696 4040 TDTCP - ok
21:46:13.0712 4040 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:46:13.0727 4040 tdx - ok
21:46:13.0758 4040 TEAM (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:46:13.0758 4040 TEAM - ok
21:46:13.0961 4040 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:46:13.0961 4040 TermDD - ok
21:46:14.0102 4040 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
21:46:14.0117 4040 terminpt - ok
21:46:14.0445 4040 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:46:14.0492 4040 TermService - ok
21:46:14.0523 4040 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:46:14.0554 4040 Themes - ok
21:46:14.0585 4040 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:46:14.0585 4040 THREADORDER - ok
21:46:14.0616 4040 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:46:14.0648 4040 TrkWks - ok
21:46:14.0726 4040 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:46:14.0741 4040 TrustedInstaller - ok
21:46:14.0772 4040 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:46:14.0772 4040 tssecsrv - ok
21:46:14.0804 4040 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:46:14.0804 4040 TsUsbFlt - ok
21:46:14.0819 4040 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:46:14.0819 4040 TsUsbGD - ok
21:46:14.0850 4040 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
21:46:14.0866 4040 tsusbhub - ok
21:46:14.0882 4040 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:46:14.0897 4040 tunnel - ok
21:46:14.0913 4040 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:46:14.0913 4040 uagp35 - ok
21:46:14.0944 4040 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:46:14.0960 4040 udfs - ok
21:46:14.0975 4040 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:46:14.0991 4040 UI0Detect - ok
21:46:15.0006 4040 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:46:15.0022 4040 uliagpkx - ok
21:46:15.0038 4040 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:46:15.0038 4040 umbus - ok
21:46:15.0038 4040 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:46:15.0053 4040 UmPass - ok
21:46:15.0084 4040 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:46:15.0116 4040 UmRdpService - ok
21:46:15.0178 4040 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:46:15.0194 4040 upnphost - ok
21:46:15.0225 4040 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
21:46:15.0225 4040 usbccgp - ok
21:46:15.0256 4040 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:46:15.0256 4040 usbcir - ok
21:46:15.0272 4040 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
21:46:15.0272 4040 usbehci - ok
21:46:15.0318 4040 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
21:46:15.0334 4040 usbhub - ok
21:46:15.0350 4040 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:46:15.0350 4040 usbohci - ok
21:46:15.0365 4040 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:46:15.0365 4040 usbprint - ok
21:46:15.0381 4040 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:46:15.0396 4040 USBSTOR - ok
21:46:15.0396 4040 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
21:46:15.0412 4040 usbuhci - ok
21:46:15.0428 4040 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:46:15.0443 4040 UxSms - ok
21:46:15.0474 4040 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:46:15.0474 4040 VaultSvc - ok
21:46:15.0490 4040 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:46:15.0506 4040 vdrvroot - ok
21:46:15.0537 4040 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:46:15.0568 4040 vds - ok
21:46:15.0584 4040 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:46:15.0584 4040 vga - ok
21:46:15.0599 4040 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:46:15.0599 4040 VgaSave - ok
21:46:15.0599 4040 VGPU - ok
21:46:15.0646 4040 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:46:15.0646 4040 vhdmp - ok
21:46:15.0662 4040 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:46:15.0662 4040 viaide - ok
21:46:15.0693 4040 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:46:15.0708 4040 vmbus - ok
21:46:15.0724 4040 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:46:15.0724 4040 VMBusHID - ok
21:46:15.0755 4040 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:46:15.0755 4040 volmgr - ok
21:46:15.0786 4040 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:46:15.0802 4040 volmgrx - ok
21:46:15.0818 4040 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:46:15.0833 4040 volsnap - ok
21:46:15.0911 4040 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
21:46:15.0911 4040 vpcbus - ok
21:46:15.0958 4040 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:46:15.0974 4040 vpcnfltr - ok
21:46:15.0989 4040 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
21:46:16.0005 4040 vpcusb - ok
21:46:16.0067 4040 vpcuxd (14578ff302b4c985c9740a0f327ae3c0) C:\Windows\system32\DRIVERS\vpcuxd.sys
21:46:16.0067 4040 vpcuxd - ok
21:46:16.0208 4040 vpcvmm (510d250a08c09850f5c78ca2011b3b62) C:\Windows\system32\drivers\vpcvmm.sys
21:46:16.0208 4040 vpcvmm - ok
21:46:16.0660 4040 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:46:16.0660 4040 vsmraid - ok
21:46:17.0674 4040 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:46:17.0752 4040 VSS - ok
21:46:18.0048 4040 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:46:18.0064 4040 vwifibus - ok
21:46:18.0111 4040 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:46:18.0142 4040 W32Time - ok
21:46:18.0158 4040 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:46:18.0158 4040 WacomPen - ok
21:46:18.0204 4040 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:46:18.0204 4040 WANARP - ok
21:46:18.0220 4040 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:46:18.0220 4040 Wanarpv6 - ok
21:46:18.0657 4040 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:46:18.0704 4040 WatAdminSvc - ok
21:46:18.0984 4040 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:46:19.0140 4040 wbengine - ok
21:46:19.0905 4040 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:46:19.0936 4040 WbioSrvc - ok
21:46:20.0170 4040 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:46:20.0201 4040 wcncsvc - ok
21:46:20.0217 4040 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:46:20.0232 4040 WcsPlugInService - ok
21:46:20.0264 4040 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:46:20.0264 4040 Wd - ok
21:46:20.0342 4040 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:46:20.0373 4040 Wdf01000 - ok
21:46:20.0404 4040 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:46:20.0420 4040 WdiServiceHost - ok
21:46:20.0420 4040 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:46:20.0435 4040 WdiSystemHost - ok
21:46:20.0700 4040 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:46:20.0732 4040 WebClient - ok
21:46:20.0778 4040 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:46:20.0794 4040 Wecsvc - ok
21:46:20.0825 4040 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:46:20.0841 4040 wercplsupport - ok
21:46:20.0872 4040 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:46:20.0888 4040 WerSvc - ok
21:46:20.0934 4040 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:46:20.0934 4040 WfpLwf - ok
21:46:20.0950 4040 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:46:20.0966 4040 WIMMount - ok
21:46:20.0997 4040 WinDefend - ok
21:46:21.0012 4040 WinHttpAutoProxySvc - ok
21:46:21.0543 4040 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:46:21.0558 4040 Winmgmt - ok
21:46:22.0026 4040 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:46:22.0104 4040 WinRM - ok
21:46:23.0664 4040 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:46:23.0696 4040 Wlansvc - ok
21:46:23.0789 4040 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:46:23.0789 4040 WmiAcpi - ok
21:46:24.0320 4040 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:46:24.0351 4040 wmiApSrv - ok
21:46:24.0491 4040 WMPNetworkSvc - ok
21:46:24.0538 4040 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:46:24.0554 4040 WPCSvc - ok
21:46:24.0585 4040 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:46:24.0600 4040 WPDBusEnum - ok
21:46:24.0632 4040 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:46:24.0632 4040 ws2ifsl - ok
21:46:24.0678 4040 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:46:24.0678 4040 wscsvc - ok
21:46:24.0694 4040 WSearch - ok
21:46:25.0599 4040 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:46:25.0692 4040 wuauserv - ok
21:46:26.0660 4040 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:46:26.0675 4040 WudfPf - ok
21:46:26.0706 4040 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:46:26.0722 4040 WUDFRd - ok
21:46:26.0738 4040 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:46:26.0753 4040 wudfsvc - ok
21:46:26.0769 4040 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:46:26.0784 4040 WwanSvc - ok
21:46:26.0816 4040 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:46:28.0422 4040 \Device\Harddisk0\DR0 - ok
21:46:28.0438 4040 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:46:28.0438 4040 \Device\Harddisk1\DR1 - ok
21:46:28.0454 4040 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
21:46:28.0454 4040 \Device\Harddisk2\DR2 - ok
21:46:28.0469 4040 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
21:46:28.0469 4040 \Device\Harddisk4\DR4 - ok
21:46:28.0485 4040 Boot (0x1200) (63bd29215555ff48bf1eba0be51e67e8) \Device\Harddisk0\DR0\Partition0
21:46:28.0516 4040 \Device\Harddisk0\DR0\Partition0 - ok
21:46:28.0578 4040 Boot (0x1200) (d8bfea8c5a48a7557d9a96c4aa411d6c) \Device\Harddisk0\DR0\Partition1
21:46:28.0610 4040 \Device\Harddisk0\DR0\Partition1 - ok
21:46:28.0610 4040 Boot (0x1200) (5f130a5ad820ebfba13a6dd9f399e92e) \Device\Harddisk1\DR1\Partition0
21:46:28.0610 4040 \Device\Harddisk1\DR1\Partition0 - ok
21:46:28.0625 4040 Boot (0x1200) (71fdd16d599e518ed7bfcc6af994ff56) \Device\Harddisk2\DR2\Partition0
21:46:28.0625 4040 \Device\Harddisk2\DR2\Partition0 - ok
21:46:28.0641 4040 Boot (0x1200) (cb44a4619f90490e47922e790aae9ee2) \Device\Harddisk4\DR4\Partition0
21:46:28.0641 4040 \Device\Harddisk4\DR4\Partition0 - ok
21:46:28.0641 4040 ============================================================
21:46:28.0641 4040 Scan finished
21:46:28.0641 4040 ============================================================
21:46:28.0672 0856 Detected object count: 0
21:46:28.0672 0856 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 21:48:50
-----------------------------
21:48:50.165 OS Version: Windows x64 6.1.7601 Service Pack 1
21:48:50.165 Number of processors: 2 586 0x603
21:48:50.165 ComputerName: WANDAJUNE UserName:
21:48:50.477 Initialize success
21:48:50.540 AVAST engine defs: 12062301
21:49:07.013 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-6
21:49:07.013 Disk 0 Vendor: ST380817AS 3.42 Size: 76319MB BusType: 3
21:49:07.044 Disk 0 MBR read successfully
21:49:07.060 Disk 0 MBR scan
21:49:07.060 Disk 0 Windows 7 default MBR code
21:49:07.060 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 47692 MB offset 63
21:49:07.091 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 28623 MB offset 97675200
21:49:07.122 Disk 0 scanning C:\Windows\system32\drivers
21:49:14.688 Service scanning
21:49:28.260 Modules scanning
21:49:28.276 Disk 0 trace - called modules:
21:49:28.276 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:49:28.276 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800769f060]
21:49:28.791 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80075c9c60]
21:49:28.791 5 ACPI.sys[fffff88000ef67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-6[0xfffffa80075cf060]
21:49:29.087 AVAST engine scan C:\Windows
21:49:31.380 AVAST engine scan C:\Windows\system32
21:51:14.715 AVAST engine scan C:\Windows\system32\drivers
21:51:25.557 AVAST engine scan C:\Users\jonnyMondo
21:52:57.582 File: C:\Users\jonnyMondo\Downloads\installer_poweriso.exe **INFECTED** NSIS:Toggle-C [Adw]
21:53:14.445 AVAST engine scan C:\ProgramData
21:54:35.300 Scan finished successfully
21:55:33.176 Disk 0 MBR has been saved successfully to "C:\Users\jonnyMondo\Documents\readables\notes\security\MBR.dat"
21:55:33.176 The log file has been saved successfully to "C:\Users\jonnyMondo\Documents\readables\notes\security\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 24 June 2012 - 12:05 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 24 June 2012 - 03:10 AM

Wow, this one was tricky. From the Advanced Boot Options, I was offered no Repair your computer item--and then using my win7 install disk, I was not offered the Repair your computer option till after I'd booted into the X64 recovery mode, and then only after the keyboard and language settings had been chosen. (Agonizingly slow compared to a normal boot as nearly the entire OS has to load from the DVD).

But with instructions as explicit as yours Gringo, I was bound to suss it out; here's the FRST.txt file you requested:

Scan result of Farbar Recovery Scan Tool Version: 23-06-2012
Ran by SYSTEM at 24-06-2012 00:56:19
Running from I:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11057768 2010-07-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe [33792 2003-12-12] ()
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\jonnyMondo\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\jonnyMondo\...\Run: [OS2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Studio 2\SMonitor.exe" [95536 2007-11-30] (OLYMPUS IMAGING CORP.)
HKU\jonnyMondo\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\jonnyMondo\...\Run: [CDDB] rundll32.exe C:\Users\jonnyMondo\AppData\Local\CDDB\fmbseqhn.dll,AllocatePfxEngineClient [339968 2012-01-26] (Cyberlink)
HKU\jonnyMondo\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-06-11] (SUPERAntiSpyware.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\Users\jonnyMondo\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 APC Data Service; "C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe" [21880 2011-08-24] (Schneider Electric)
2 APC UPS Service; "C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe" [705912 2011-08-24] (Schneider Electric)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 EventSystem; C:\Windows\SysWow64\es.dll [271360 2009-07-13] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-03] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
2 RtNdPt60; C:\Windows\System32\Drivers\RtNdPt60.sys [32544 2010-01-14] (Realtek )
3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [48416 2010-01-14] (Realtek Corporation)
3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [29472 2010-01-14] (Windows ® Codename Longhorn DDK provider)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [48416 2010-01-14] (Realtek Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-24 00:56 - 2012-06-24 00:56 - 00000000 ____D C:\FRST
2012-06-23 20:43 - 2012-06-21 12:35 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\jonnyMondo\Desktop\tdsskiller.exe
2012-06-23 13:46 - 2012-06-23 13:46 - 00022700 ____A C:\ComboFix.txt
2012-06-23 13:27 - 2012-06-23 12:59 - 00881475 ____A C:\Users\jonnyMondo\Desktop\SecurityCheck.exe
2012-06-22 15:26 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 15:26 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 15:26 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 15:26 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 15:26 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 15:26 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 15:26 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 15:26 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 15:26 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-22 13:15 - 2012-06-22 13:15 - 00001841 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-06-22 13:15 - 2012-06-22 13:15 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-22 13:15 - 2012-03-06 15:15 - 00258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-22 13:15 - 2012-03-06 15:04 - 00819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-06-22 13:15 - 2012-03-06 15:04 - 00337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-06-22 13:15 - 2012-03-06 15:02 - 00053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-06-22 13:15 - 2012-03-06 15:01 - 00069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-06-22 13:15 - 2012-03-06 15:01 - 00059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-06-22 13:15 - 2012-03-06 15:01 - 00024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-22 13:14 - 2012-06-22 13:14 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-22 13:14 - 2012-06-22 13:14 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-22 13:14 - 2012-03-06 15:15 - 00201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-06-22 13:14 - 2012-03-06 15:15 - 00041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-22 12:42 - 2012-06-22 10:00 - 00000441 ____A C:\Users\jonnyMondo\Documents\indexfile.txt
2012-06-22 12:09 - 2012-06-22 11:51 - 01932256 ____A (Symantec Corporation) C:\Users\jonnyMondo\Desktop\FixTDSS.exe
2012-06-22 10:01 - 2012-06-22 10:01 - 363102888 ____A C:\Users\jonnyMondo\Documents\Thunderbird 3.1.7 (en-US) - 2012-06-22.pcv
2012-06-22 10:00 - 2012-06-22 10:00 - 16786323 ____A C:\Users\jonnyMondo\Documents\Firefox 6.0 (en-US) - 2012-06-22.pcv
2012-06-22 09:57 - 2012-06-22 09:53 - 04731392 ____A (AVAST Software) C:\Users\jonnyMondo\Desktop\aswMBR.exe
2012-06-21 23:32 - 2012-06-21 23:32 - 00000000 ____D C:\Windows\pss
2012-06-21 22:44 - 2012-06-21 22:44 - 00005935 ____A C:\Users\jonnyMondo\Desktop\Attach.txt
2012-06-21 22:34 - 2012-06-21 22:36 - 00013246 ____A C:\Users\jonnyMondo\Desktop\DDS.txt
2012-06-21 22:26 - 2012-06-21 22:26 - 00607260 ____R (Swearware) C:\Users\jonnyMondo\Desktop\dds.scr
2012-06-21 20:46 - 2012-06-23 13:34 - 04565820 ____R (Swearware) C:\Users\jonnyMondo\Desktop\ComboFix.exe
2012-06-21 20:25 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-21 20:25 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-21 20:25 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-21 20:25 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-21 20:25 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-21 20:25 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-21 20:25 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-21 20:25 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-21 20:21 - 2012-06-23 13:46 - 00000000 ____D C:\Qoobox
2012-06-21 20:21 - 2012-06-21 20:34 - 00000000 ____D C:\Windows\erdnt
2012-06-21 11:48 - 2012-06-21 11:48 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-21 11:34 - 2012-06-21 11:34 - 00000000 ____D C:\Users\jonnyMondo\AppData\Local\{DAF3DE41-97BB-11E1-826E-B8AC6F996F26}
2012-06-21 11:11 - 2012-06-21 11:11 - 00001808 ____A C:\Users\Public\Desktop\AntiSpy.lnk
2012-06-21 11:11 - 2012-06-21 11:11 - 00000000 ____D C:\Users\jonnyMondo\AppData\Roaming\SUPERAntiSpyware.com
2012-06-21 11:10 - 2012-06-21 11:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-21 11:10 - 2012-06-21 11:10 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-21 11:08 - 2012-06-21 11:08 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-21 11:08 - 2012-06-21 11:08 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-21 11:08 - 2012-06-21 11:08 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-21 11:08 - 2012-06-21 11:08 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-21 11:08 - 2012-06-21 11:08 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-21 11:08 - 2012-06-21 11:08 - 00000000 ____D C:\Program Files\Java
2012-06-16 23:16 - 2012-06-16 23:16 - 00000000 ____D C:\Users\jonnyMondo\AppData\Local\CDDB
2012-06-16 13:15 - 2012-06-16 13:15 - 00000000 ____D C:\Users\Administrator\Documents\Wondershare DVD Creator
2012-06-16 13:09 - 2012-06-16 13:09 - 00000000 ____D C:\Users\jonnyMondo\Documents\Wondershare DVD Creator
2012-06-16 13:08 - 2012-06-16 13:08 - 00000000 ____D C:\Users\jonnyMondo\AppData\Roaming\Thinstall
2012-06-16 13:08 - 2012-06-16 13:08 - 00000000 ____D C:\Users\jonnyMondo\AppData\Local\Thinstall
2012-06-09 20:45 - 2012-06-09 20:45 - 00000000 ____D C:\Users\jonnyMondo\Downloads\4flash

============ 3 Months Modified Files and Folders =============

2012-06-23 23:21 - 2011-11-03 22:34 - 01694305 ____A C:\Windows\WindowsUpdate.log
2012-06-23 23:16 - 2011-11-05 14:04 - 00000000 ____D C:\Users\jonnyMondo\Documents\readables
2012-06-23 23:14 - 2011-11-03 23:10 - 00000000 ____A C:\Users\All Users\Gpu.log
2012-06-23 23:13 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-23 23:13 - 2009-07-13 20:51 - 00032722 ____A C:\Windows\setupact.log
2012-06-23 17:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-23 15:26 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-23 14:57 - 2012-01-15 19:24 - 00000000 ____D C:\Users\jonnyMondo\AppData\Local\Conduit
2012-06-23 13:46 - 2012-06-23 13:46 - 00022700 ____A C:\ComboFix.txt
2012-06-23 13:46 - 2012-06-21 20:21 - 00000000 ____D C:\Qoobox
2012-06-23 13:42 - 2009-07-13 18:34 - 00000242 ____A C:\Windows\system.ini
2012-06-23 13:41 - 2010-11-20 19:47 - 00015424 ____A C:\Windows\PFRO.log
2012-06-23 13:34 - 2012-06-21 20:46 - 04565820 ____R (Swearware) C:\Users\jonnyMondo\Desktop\ComboFix.exe
2012-06-23 13:15 - 2009-07-13 20:45 - 00020640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-23 13:15 - 2009-07-13 20:45 - 00020640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-23 12:59 - 2012-06-23 13:27 - 00881475 ____A C:\Users\jonnyMondo\Desktop\SecurityCheck.exe
2012-06-23 12:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2012-06-23 11:38 - 2011-11-05 09:34 - 00000000 ____D C:\Users\jonnyMondo\AppData\Roaming\Vso
2012-06-23 11:10 - 2011-11-10 17:48 - 00000000 ____D C:\Users\jonnyMondo\Documents\ConvertXToDVD
2012-06-23 09:21 - 2011-11-05 19:12 - 00000000 ____D C:\Users\jonnyMondo\AppData\Roaming\vlc
2012-06-23 08:43 - 2011-11-05 09:37 - 00000000 ____D C:\Users\jonnyMondo\AppData\Roaming\Azureus
2012-06-22 19:26 - 2011-11-12 13:02 - 00000000 ____D C:\Users\jonnyMondo\Documents\myVidzProc
2012-06-22 13:15 - 2012-06-22 13:15 - 00001841 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-06-22 13:15 - 2012-06-22 13:15 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-22 13:14 - 2012-06-22 13:14 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-22 13:14 - 2012-06-22 13:14 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-22 11:51 - 2012-06-22 12:09 - 01932256 ____A (Symantec Corporation) C:\Users\jonnyMondo\Desktop\FixTDSS.exe
2012-06-22 10:16 - 2011-11-03 22:41 - 00000000 ____D C:\Recovery
2012-06-22 10:04 - 2011-11-03 22:43 - 00000000 ____D C:\users\jonnyMondo
2012-06-22 10:01 - 2012-06-22 10:01 - 363102888 ____A C:\Users\jonnyMondo\Documents\Thunderbird 3.1.7 (en-US) - 2012-06-22.pcv
2012-06-22 10:00 - 2012-06-22 12:42 - 00000441 ____A C:\Users\jonnyMondo\Documents\indexfile.txt
2012-06-22 10:00 - 2012-06-22 10:00 - 16786323 ____A C:\Users\jonnyMondo\Documents\Firefox 6.0 (en-US) - 2012-06-22.pcv
2012-06-22 09:53 - 2012-06-22 09:57 - 04731392 ____A (AVAST Software) C:\Users\jonnyMondo\Desktop\aswMBR.exe
2012-06-21 23:32 - 2012-06-21 23:32 - 00000000 ____D C:\Windows\pss
2012-06-21 23:22 - 2011-11-30 09:51 - 00000000 ____D C:\Users\jonnyMondo\Downloads\vidz
2012-06-21 22:44 - 2012-06-21 22:44 - 00005935 ____A C:\Users\jonnyMondo\Desktop\Attach.txt
2012-06-21 22:36 - 2012-06-21 22:34 - 00013246 ____A C:\Users\jonnyMondo\Desktop\DDS.txt
2012-06-21 22:26 - 2012-06-21 22:26 - 00607260 ____R (Swearware) C:\Users\jonnyMondo\Desktop\dds.scr
2012-06-21 20:35 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-21 20:34 - 2012-06-21 20:21 - 00000000 ____D C:\Windows\erdnt
2012-06-21 12:35 - 2012-06-23 20:43 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\jonnyMondo\Desktop\tdsskiller.exe
2012-06-21 11:51 - 2011-11-04 09:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-21 11:48 - 2012-06-21 11:48 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-21 11:34 - 2012-06-21 11:34 - 00000000 ____D C:\Users\jonnyMondo\AppData\Local\{DAF3DE41-97BB-11E1-826E-B8AC6F996F26}
2012-06-21 11:11 - 2012-06-21 11:11 - 00001808 ____A C:\Users\Public\Desktop\AntiSpy.lnk
2012-06-21 11:11 - 2012-06-21 11:11 - 00000000 ____D C:\Users\jonnyMondo\AppData\Roaming\SUPERAntiSpyware.com
2012-06-21 11:11 - 2012-06-21 11:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-21 11:10 - 2012-06-21 11:10 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-21 11:08 - 2012-06-21 11:08 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-21 11:08 - 2012-06-21 11:08 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-21 11:08 - 2012-06-21 11:08 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-21 11:08 - 2012-06-21 11:08 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-21 11:08 - 2012-06-21 11:08 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-21 11:08 - 2012-06-21 11:08 - 00000000 ____D C:\Program Files\Java
2012-06-21 11:02 - 2011-11-03 22:44 - 00000000 ____D C:\Users\jonnyMondo\AppData\Local\VirtualStore
2012-06-21 10:46 - 2011-11-21 13:13 - 00000000 ____D C:\Users\jonnyMondo\Downloads\software
2012-06-19 09:43 - 2011-11-07 19:27 - 00000000 ____D C:\Users\jonnyMondo\Downloads\t'rents
2012-06-19 09:39 - 2012-01-04 12:37 - 00000000 ____D C:\Users\jonnyMondo\AppData\Roaming\dvdcss
2012-06-16 23:16 - 2012-06-16 23:16 - 00000000 ____D C:\Users\jonnyMondo\AppData\Local\CDDB
2012-06-16 13:15 - 2012-06-16 13:15 - 00000000 ____D C:\Users\Administrator\Documents\Wondershare DVD Creator
2012-06-16 13:15 - 2010-11-20 18:50 - 00000000 ____D C:\users\Administrator
2012-06-16 13:09 - 2012-06-16 13:09 - 00000000 ____D C:\Users\jonnyMondo\Documents\Wondershare DVD Creator
2012-06-16 13:08 - 2012-06-16 13:08 - 00000000 ____D C:\Users\jonnyMondo\AppData\Roaming\Thinstall
2012-06-16 13:08 - 2012-06-16 13:08 - 00000000 ____D C:\Users\jonnyMondo\AppData\Local\Thinstall
2012-06-16 12:53 - 2011-11-05 13:59 - 00000000 ____D C:\Users\jonnyMondo\Downloads\4video
2012-06-09 20:45 - 2012-06-09 20:45 - 00000000 ____D C:\Users\jonnyMondo\Downloads\4flash
2012-06-09 14:23 - 2012-03-04 17:49 - 00000000 ____D C:\HDW30_TMP
2012-06-08 17:55 - 2011-11-09 11:04 - 00000000 ____D C:\Users\jonnyMondo\Documents\Camtasia Studio
2012-06-08 11:46 - 2011-11-08 15:35 - 00033792 ____A C:\Users\jonnyMondo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-05 16:17 - 2011-11-24 14:08 - 00000000 ____D C:\Users\jonnyMondo\Downloads\4fireworks
2012-06-02 14:19 - 2012-06-22 15:26 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 15:26 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 15:26 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-22 15:26 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 15:26 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 15:26 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 15:26 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 15:26 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-22 15:26 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-22 16:14 - 2012-02-10 20:49 - 00000205 ____A C:\Users\jonnyMondo\Desktop\selco.url
2012-05-22 13:23 - 2011-11-05 11:57 - 00000000 ____D C:\Users\jonnyMondo\Downloads\pix
2012-05-18 09:45 - 2012-05-18 09:45 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-18 09:45 - 2011-11-06 21:04 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-16 20:20 - 2012-03-30 10:54 - 00000000 ____D C:\Users\jonnyMondo\AppData\Roaming\DVDFab
2012-05-10 19:18 - 2012-05-10 19:18 - 00001001 ____A C:\Users\jonnyMondo\Desktop\winUAE.lnk
2012-05-01 17:13 - 2012-05-01 17:13 - 00001106 ____A C:\Users\jonnyMondo\Desktop\write.lnk
2012-04-28 17:44 - 2012-04-28 14:28 - 00000000 ____D C:\Users\jonnyMondo\Downloads\medicare
2012-04-26 20:26 - 2011-11-21 10:54 - 00000000 ____D C:\Users\jonnyMondo\Downloads\userManuals
2012-04-17 19:36 - 2012-04-17 19:36 - 00000000 ____D C:\Users\jonnyMondo\Downloads\recipes
2012-04-17 09:38 - 2012-04-17 09:38 - 00000000 ____D C:\Users\jonnyMondo\AppData\Roaming\PACE Anti-Piracy
2012-04-14 18:56 - 2012-04-14 18:56 - 00001759 ____A C:\Users\jonnyMondo\Desktop\MediaCache 1.lnk
2012-04-14 18:56 - 2012-04-14 18:56 - 00001705 ____A C:\Users\jonnyMondo\Desktop\MediaCache.lnk
2012-04-14 16:04 - 2011-11-04 12:32 - 00000000 ____D C:\Users\jonnyMondo\AppData\Roaming\Adobe
2012-04-10 20:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-04-04 14:56 - 2011-11-04 09:33 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 10:54 - 2012-03-29 20:31 - 00000000 ____D C:\Users\jonnyMondo\Documents\DVDFab
2012-03-30 09:06 - 2012-03-30 09:06 - 00000000 ____D C:\Users\All Users\dvdfab
2012-03-30 08:57 - 2012-03-30 08:57 - 00001020 ____A C:\Users\jonnyMondo\Desktop\DVDFab 8 Qt.lnk
2012-03-30 08:57 - 2012-03-30 08:57 - 00000000 ____D C:\Program Files (x86)\DVDFab 8 Qt


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 7935.18 MB
Available physical RAM: 7169.55 MB
Total Pagefile: 7933.38 MB
Available Pagefile: 7165.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:46.58 GB) (Free:4.63 GB) NTFS
2 Drive e: (Win7_sp1_32-64_EN-faXcooL) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF
6 Drive i: (HP v100w) (Removable) (Total:7.46 GB) (Free:6.46 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: () (Fixed) (Total:27.95 GB) (Free:23.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 74 GB 1024 KB
Disk 1 Online 1397 GB 1024 KB
Disk 2 Online 232 GB 0 B
Disk 3 Online 189 GB 5120 KB
Disk 4 Online 7650 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 46 GB 31 KB
Partition 2 Primary 27 GB 46 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 46 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y NTFS Partition 27 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Unkno Partition 1397 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 1024 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Unkno Partition 232 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 189 GB 31 KB

======================================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H Unkno Partition 189 GB Healthy

======================================================================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7646 MB 4032 KB

======================================================================================================

Disk: 4
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I HP v100w FAT32 Removable 7646 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-17 23:09

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 24 June 2012 - 03:25 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Users\jonnyMondo\AppData\Local\Conduit
C:\Users\jonnyMondo\Downloads\installer_poweriso.exe


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 24 June 2012 - 12:13 PM

Feels great to be doing something instead of shaking my head in frustration--and it's all thanx to you Gringo.

Here's the Fixlog.txt you requested:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 23-06-2012
Ran by SYSTEM at 2012-06-24 10:00:27 Run:1
Running from I:\

==============================================

C:\Users\jonnyMondo\AppData\Local\Conduit moved successfully.
C:\Users\jonnyMondo\Downloads\installer_poweriso.exe moved successfully.

==== End of Fixlog ====

(Assume this is only a step in the process and not a final fix as I'm still getting redirects and running 5 incidents of IE in the background).

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 24 June 2012 - 10:01 PM

how are things running now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 24 June 2012 - 10:59 PM

Ooh. Sounds like from your query that things should be better.

Regret to say they're anything but better. Among the random annoyances I've found so far: the host file is being randomly re-written with every boot or so; various folders on the boot drive are now locked and I have to go into security and reset permissions just to open them; there's now no volume control icon in my toolbar. Never mind the redirects and the 11 instances of IE running in the background.

Heaven knows what's going on that I ain't discovered yet.

Just to keep from fretting I spent the day making voluminous notes on all the software that's installed and where to find copies of it should I decide to do what first occurred to me a week ago when I began to experience this nightmare: wipe the boot drive and re-install windows.

So is this infection truly unstoppable?

Thanx Gringo for all your attention with this.

Best,
m

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 24 June 2012 - 11:02 PM

Hello

I haven't given up yet - we have some more checks to do

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 25 June 2012 - 01:29 AM

Hey Gringo,

Thanx for your determination.

Here's the log per your instructions:

ComboFix 12-06-24.03 - jonnyMondo 06/24/2012 21:46:47.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7935.6210 [GMT -7:00]
Running from: c:\users\jonnyMondo\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jonnyMondo\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 04:51 . 2012-06-25 04:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 04:51 . 2012-06-25 04:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-24 20:47 . 2012-06-24 20:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-24 20:47 . 2012-06-24 20:46 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-24 20:46 . 2012-06-24 20:46 -------- d-----w- c:\program files (x86)\Java
2012-06-24 08:56 . 2012-06-24 08:56 -------- d-----w- C:\FRST
2012-06-22 23:26 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 23:26 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 23:26 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 23:26 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 23:26 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 23:26 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 23:26 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 23:26 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 23:26 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 21:15 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-22 21:15 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-22 21:15 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-22 21:15 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-22 21:15 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-22 21:15 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-22 21:15 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-22 21:14 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-22 21:14 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-22 21:14 . 2012-06-22 21:14 -------- d-----w- c:\programdata\AVAST Software
2012-06-22 21:14 . 2012-06-22 21:14 -------- d-----w- c:\program files\AVAST Software
2012-06-21 19:34 . 2012-06-21 19:34 -------- d-----w- c:\users\jonnyMondo\AppData\Local\{DAF3DE41-97BB-11E1-826E-B8AC6F996F26}
2012-06-21 19:11 . 2012-06-21 19:11 -------- d-----w- c:\users\jonnyMondo\AppData\Roaming\SUPERAntiSpyware.com
2012-06-21 19:10 . 2012-06-21 19:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-21 19:10 . 2012-06-21 19:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-21 19:08 . 2012-06-24 19:19 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-21 19:08 . 2012-06-24 19:19 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-17 07:16 . 2012-06-17 07:16 -------- d-----w- c:\users\jonnyMondo\AppData\Local\CDDB
2012-06-16 21:08 . 2012-06-16 21:08 -------- d-----w- c:\users\jonnyMondo\AppData\Roaming\Thinstall
2012-06-16 21:08 . 2012-06-16 21:08 -------- d-----w- c:\users\jonnyMondo\AppData\Local\Thinstall
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 20:46 . 2011-11-05 17:30 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-18 17:45 . 2012-05-18 17:45 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-18 17:45 . 2011-11-07 05:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 22:56 . 2011-11-04 17:33 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 17:20 . 2011-11-05 22:02 376832 ----a-w- c:\program files\Ultimate Windows Tweaker.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-11-04 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-11-04 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-06-22_04.32.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-25 04:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-22 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-25 04:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-22 04:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-22 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-25 04:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-24 22:32 36986 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-24 22:32 43082 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-11-04 06:39 . 2012-06-12 15:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-04 06:39 . 2012-06-24 12:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-04 06:39 . 2012-06-12 15:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-04 06:39 . 2012-06-24 12:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-24 12:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-12 15:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-23 21:06 99064 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-04 09:04 . 2012-06-25 04:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-04 09:04 . 2012-06-22 04:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-04 09:04 . 2012-06-25 04:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-04 09:04 . 2012-06-22 04:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-04 06:45 . 2012-06-24 22:32 9236 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2482551037-1996235705-2633259471-1000_UserData.bin
- 2012-06-22 04:31 . 2012-06-22 04:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-25 04:53 . 2012-06-25 04:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-22 04:31 . 2012-06-22 04:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-25 04:53 . 2012-06-25 04:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-24 20:47 . 2012-06-24 20:46 227824 c:\windows\SysWOW64\javaws.exe
+ 2012-06-24 20:46 . 2012-06-24 20:46 174064 c:\windows\SysWOW64\javaw.exe
+ 2012-06-24 20:46 . 2012-06-24 20:46 174064 c:\windows\SysWOW64\java.exe
+ 2009-07-14 02:36 . 2012-06-23 23:26 625532 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-21 20:04 625532 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-23 23:26 106898 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-21 20:04 106898 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-25 04:52 396972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-22 04:30 396972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-24 20:47 . 2012-06-24 20:47 179200 c:\windows\Installer\1ca179.msi
+ 2012-06-24 20:46 . 2012-06-24 20:46 867328 c:\windows\Installer\1ca170.msi
+ 2009-07-14 02:34 . 2012-06-22 23:38 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-01-01 01:08 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 04:45 . 2012-03-15 04:21 7087352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-23 20:36 7087352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-11-04 18:02 . 2012-06-22 04:30 30207420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2482551037-1996235705-2633259471-1000-8192.dat
+ 2011-11-04 18:02 . 2012-06-25 04:52 30207420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2482551037-1996235705-2633259471-1000-8192.dat
- 2011-11-04 18:02 . 2012-05-18 17:35 27017460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2482551037-1996235705-2633259471-1000-12288.dat
+ 2011-11-04 18:02 . 2012-06-23 21:15 27017460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2482551037-1996235705-2633259471-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"OS2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Studio 2\SMonitor.exe" [2007-12-01 95536]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"CDDB"="c:\users\jonnyMondo\AppData\Local\CDDB\fmbseqhn.dll" [2012-01-27 339968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2003-12-13 33792]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\jonnyMondo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736]
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-12-24 292240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-24 641832]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-08-24 21880]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AODDriver;AODDriver;c:\program files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys [2010-03-12 52280]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AODDRIVER
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspxctid=CT3198785&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{cce665dd-f6dd-4808-968e-eaec971f70ef} - (no file)
WebBrowser-{CCE665DD-F6DD-4808-968E-EAEC971F70EF} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
.
**************************************************************************
.
Completion time: 2012-06-24 21:57:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-25 04:57
ComboFix2.txt 2012-06-23 21:46
ComboFix3.txt 2012-06-22 04:35
.
Pre-Run: 5,245,841,408 bytes free
Post-Run: 5,532,545,024 bytes free
.
- - End Of File - - EFE0EB18C3D460EF678CC8B78AA97138

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 25 June 2012 - 02:24 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 25 June 2012 - 12:54 PM

You're a trouper Gringo. Here's the OTL.txt you requested:

OTL logfile created on: 6/25/2012 10:46:05 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\jonnyMondo\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 79.18% Memory free
15.50 Gb Paging File | 13.79 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 46.58 Gb Total Space | 4.63 Gb Free Space | 9.94% Space Free | Partition Type: NTFS
Drive E: | 27.95 Gb Total Space | 23.70 Gb Free Space | 84.77% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 668.92 Gb Free Space | 47.87% Space Free | Partition Type: NTFS
Drive L: | 189.92 Gb Total Space | 65.55 Gb Free Space | 34.51% Space Free | Partition Type: NTFS
Drive M: | 232.88 Gb Total Space | 103.33 Gb Free Space | 44.37% Space Free | Partition Type: NTFS

Computer Name: WANDAJUNE | User Name: jonnyMondo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\jonnyMondo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric)
PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)
PRC - C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe (Schneider Electric)
PRC - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\OLYMPUS\OLYMPUS Studio 2\SMonitor.exe (OLYMPUS IMAGING CORP.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\ASUS\GPU Boost Driver\platform.dll ()
MOD - C:\Program Files (x86)\ASUS\GPU Boost Driver\device.dll ()
MOD - C:\Program Files (x86)\Winamp\winampa.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (APC Data Service) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (AODDriver) -- C:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\aoddriver.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2482551037-1996235705-2633259471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3198785
IE - HKU\S-1-5-21-2482551037-1996235705-2633259471-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2482551037-1996235705-2633259471-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2482551037-1996235705-2633259471-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
IE - HKU\S-1-5-21-2482551037-1996235705-2633259471-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2482551037-1996235705-2633259471-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke US Customized Web Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/ctid=CT3198785&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.049
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.9
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspxctid=CT3198785&SearchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/06/22 14:14:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/04 13:12:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/09 10:44:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/04 13:12:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DAF3DE41-97BB-11E1-826E-B8AC6F996F26}: C:\Users\jonnyMondo\AppData\Local\{DAF3DE41-97BB-11E1-826E-B8AC6F996F26}\ [2012/06/21 12:34:28 | 000,000,000 | ---D | M]

[2011/11/04 01:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Extensions
[2011/11/04 01:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/06/22 14:07:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\extensions
[2012/06/22 13:42:21 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\extensions\FasterFox_Lite@BigRedBrent
[2012/06/22 13:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\oepjsowq.uzeThiz\extensions
[2012/06/22 13:42:23 | 000,000,000 | ---D | M] ("Forecastfox") -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\oepjsowq.uzeThiz\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/06/22 13:42:23 | 000,000,000 | ---D | M] ("FireFTP") -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\oepjsowq.uzeThiz\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2012/06/22 13:42:23 | 000,000,000 | ---D | M] ("Fasterfox") -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\oepjsowq.uzeThiz\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2012/06/22 13:42:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\oepjsowq.uzeThiz\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/06/22 13:42:23 | 000,000,000 | ---D | M] (VeriSign EV Green Bar Extension) -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\oepjsowq.uzeThiz\extensions\evcextension@verisign.com
[2012/06/22 13:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\oepjsowq.uzeThiz\extensions\keyconfig@dorando
[2012/06/22 13:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\oepjsowq.uzeThiz\extensions\evcextension@verisign.com\certs
[2012/06/22 13:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\oepjsowq.uzeThiz\extensions\evcextension@verisign.com\chrome
[2012/06/22 13:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonnyMondo\AppData\Roaming\Mozilla\Firefox\Profiles\wbuage7p.default\oepjsowq.uzeThiz\extensions\evcextension@verisign.com\META-INF
[2012/06/23 15:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/05 10:30:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/06/22 14:14:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/21 12:34:28 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\JONNYMONDO\APPDATA\LOCAL\{DAF3DE41-97BB-11E1-826E-B8AC6F996F26}
[2012/04/12 17:47:30 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\JONNYMONDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBUAGE7P.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/01/05 14:10:14 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\JONNYMONDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBUAGE7P.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/11 22:37:36 | 000,145,972 | ---- | M] () (No name found) -- C:\USERS\JONNYMONDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBUAGE7P.DEFAULT\EXTENSIONS\UNPLUG@COMPUNACH.XPI
[2011/08/11 22:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/11 20:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/06/24 21:54:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-2482551037-1996235705-2633259471-1000..\Run: [CDDB] C:\Users\jonnyMondo\AppData\Local\CDDB\fmbseqhn.dll (Cyberlink)
O4 - HKU\S-1-5-21-2482551037-1996235705-2633259471-1000..\Run: [OS2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Studio 2\SMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-2482551037-1996235705-2633259471-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2482551037-1996235705-2633259471-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2482551037-1996235705-2633259471-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\jonnyMondo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2482551037-1996235705-2633259471-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2482551037-1996235705-2633259471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D19FB9AA-F84F-4A9B-9AB8-45395E86DD79}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 10:42:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\jonnyMondo\Desktop\OTL.exe
[2012/06/24 23:23:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/24 21:43:39 | 004,567,243 | R--- | C] (Swearware) -- C:\Users\jonnyMondo\Desktop\ComboFix.exe
[2012/06/24 13:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/24 13:47:05 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/24 13:47:05 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/24 13:46:53 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/24 13:46:53 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/24 13:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/24 01:56:10 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/23 21:43:20 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jonnyMondo\Desktop\tdsskiller.exe
[2012/06/22 16:26:51 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/22 16:26:51 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/22 16:26:51 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/22 16:26:42 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/22 16:26:41 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/22 16:26:41 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/22 16:26:26 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/22 16:26:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/22 14:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/22 14:15:16 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/22 14:15:16 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/22 14:15:14 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/06/22 14:15:12 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/22 14:15:08 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/22 14:15:02 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/22 14:15:02 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/22 14:14:40 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/22 14:14:39 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/06/22 14:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/22 14:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/22 13:09:53 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\jonnyMondo\Desktop\FixTDSS.exe
[2012/06/22 10:57:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\jonnyMondo\Desktop\aswMBR.exe
[2012/06/22 00:32:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/21 23:26:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\jonnyMondo\Desktop\dds.scr
[2012/06/21 21:25:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/21 21:25:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/21 21:25:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/21 21:21:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/21 21:21:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/21 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\jonnyMondo\AppData\Local\{DAF3DE41-97BB-11E1-826E-B8AC6F996F26}
[2012/06/21 12:11:28 | 000,000,000 | ---D | C] -- C:\Users\jonnyMondo\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/21 12:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/21 12:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/21 12:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/21 12:08:41 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/21 12:08:41 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/17 00:16:45 | 000,000,000 | ---D | C] -- C:\Users\jonnyMondo\AppData\Local\CDDB
[2012/06/16 14:09:46 | 000,000,000 | ---D | C] -- C:\Users\jonnyMondo\Documents\Wondershare DVD Creator
[2012/06/16 14:08:53 | 000,000,000 | ---D | C] -- C:\Users\jonnyMondo\AppData\Roaming\Thinstall
[2012/06/16 14:08:53 | 000,000,000 | ---D | C] -- C:\Users\jonnyMondo\AppData\Local\Thinstall
[2011/12/02 19:47:25 | 008,975,736 | ---- | C] (Schneider Electric) -- C:\Users\jonnyMondo\PCPE Setup.exe
[2011/12/02 19:47:25 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\jonnyMondo\mfc80u.dll
[2011/12/02 19:47:25 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\jonnyMondo\msvcr80.dll
[2011/12/02 19:47:25 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\jonnyMondo\grm_res.dll
[2011/12/02 19:47:25 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\jonnyMondo\fr_res.dll
[2011/12/02 19:47:25 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\jonnyMondo\pt_res.dll
[2011/12/02 19:47:25 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\jonnyMondo\it_res.dll
[2011/12/02 19:47:25 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\jonnyMondo\es_res.dll
[2011/12/02 19:47:25 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\jonnyMondo\en_res.dll
[2011/12/02 19:47:25 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\jonnyMondo\ru_res.dll
[2011/12/02 19:47:25 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\jonnyMondo\jp_res.dll

========== Files - Modified Within 30 Days ==========

[2012/06/25 10:04:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\jonnyMondo\Desktop\OTL.exe
[2012/06/24 23:23:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/24 23:23:20 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/24 21:54:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/24 21:20:14 | 004,567,243 | R--- | M] (Swearware) -- C:\Users\jonnyMondo\Desktop\ComboFix.exe
[2012/06/24 13:46:45 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/24 13:46:45 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/06/24 13:46:45 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/24 13:46:45 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/24 13:46:45 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/24 12:19:55 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/24 12:19:55 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/23 16:26:58 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/23 16:26:58 | 000,625,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/23 16:26:58 | 000,106,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/23 14:15:13 | 000,020,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 14:15:13 | 000,020,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 13:59:03 | 000,881,475 | ---- | M] () -- C:\Users\jonnyMondo\Desktop\SecurityCheck.exe
[2012/06/22 14:15:17 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/22 14:15:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/22 12:51:01 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\jonnyMondo\Desktop\FixTDSS.exe
[2012/06/22 10:53:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\jonnyMondo\Desktop\aswMBR.exe
[2012/06/21 23:26:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\jonnyMondo\Desktop\dds.scr
[2012/06/21 13:35:02 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jonnyMondo\Desktop\tdsskiller.exe
[2012/06/21 12:48:42 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/21 12:11:01 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\AntiSpy.lnk
[2012/06/08 12:46:15 | 000,033,792 | ---- | M] () -- C:\Users\jonnyMondo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/02 15:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 15:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 15:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 15:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/02 15:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

========== Files Created - No Company Name ==========

[2012/06/23 14:27:52 | 000,881,475 | ---- | C] () -- C:\Users\jonnyMondo\Desktop\SecurityCheck.exe
[2012/06/22 14:15:17 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/22 14:15:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/21 21:25:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/21 21:25:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/21 21:25:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/21 21:25:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/21 21:25:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/21 12:48:42 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/21 12:11:01 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\AntiSpy.lnk
[2012/03/11 18:58:52 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/03/11 18:58:49 | 000,018,123 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/02/12 13:59:08 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini
[2012/01/03 18:08:30 | 000,306,688 | ---- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2012/01/03 18:08:30 | 000,095,232 | ---- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2011/12/05 17:58:01 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/05 17:58:01 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/02 19:47:26 | 008,398,848 | ---- | C] () -- C:\Users\jonnyMondo\PCPE_3.0.1.msi
[2011/11/13 13:39:27 | 000,001,339 | ---- | C] () -- C:\Windows\ntbackup.ini
[2011/11/08 17:11:01 | 000,130,560 | ---- | C] () -- C:\Windows\SysWow64\cedocida.dll
[2011/11/08 16:35:42 | 000,033,792 | ---- | C] () -- C:\Users\jonnyMondo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/05 15:02:57 | 000,376,832 | ---- | C] () -- C:\Program Files\Ultimate Windows Tweaker.exe
[2011/11/04 13:36:15 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2011/11/04 09:27:29 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/11/04 00:10:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/04 00:05:36 | 006,918,144 | ---- | C] () -- C:\Users\jonnyMondo\PCPE_3.0.msi
[2011/11/03 23:58:43 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/11/03 23:58:43 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/11/03 23:58:41 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/11/03 23:58:41 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/11/03 23:54:55 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/11/03 23:46:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/11/03 23:46:49 | 000,035,145 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users