Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing consrv.dll virus (ZeroAccess rootkit)


  • This topic is locked This topic is locked
41 replies to this topic

#1 Cyjon

Cyjon

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 02 September 2011 - 04:39 PM

Below I've repeated the information from my thread at http://www.bleepingcomputer.com/forums/topic416742.html, posted DDS.txt, and attached Attach.txt. This is a 64-bit Windows 7 system so I didn't run GMER

-----------------
My brother-in-law asked me to look at his computer because the McAfee firewall kept turning off. It's a Windows 7 system.

I scanned with McAfee, Spyware S&D and Malware Bytes, all fully updated, and they found nothing. I booted the Antivir rescue disk and it found three viruses. The first two were in C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup. The files were idko.exe and umaqe.exe and Antivir said they were both examples of TR/Obfuscate.QG.184. The third was C:\Windows\System32\consrv.dll and Antivir said it was the TR/ATRAPS.Gen2. It renamed all three files and I rebooted.

Windows wouldn't boot, even in safe mode. It would start and then reboot before it got very far. From my research, the problem was consrv.dll. There is apparently a registry entry which needs to be changed to point to winsrv.dll instead of consrv.dll to delete the virus cleanly.

I used BartPE to boot and rename the file back to consrv.dll. The system booted fine. I tried to make the registry change and it would immediately revert back. Since then I have also tried the Kapersky rescue disk, fully updated, and it doesn't even see the virus.

I have since deleted the two viruses in Startup with no harm. However if I do anything to consrv.dll, the system becomes unbootable. I have no idea what the next step would be, short of a complete reformat and reinstall.

To complicate matters, I have access to this computer only Mondays and Fridays during the time I'm taking care of their daughter, so it's hard to really focus on the problem.
------------------------




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Manolis at 16:26:08 on 2011-09-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1931 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\jucheck.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyServer = http=127.0.0.1:61596
uURLSearchHooks: Free TV Bar Toolbar: {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files (x86)\Free_TV_Bar\prxtbFre0.dll
mURLSearchHooks: Free TV Bar Toolbar: {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files (x86)\Free_TV_Bar\prxtbFre0.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110528000027.dll
BHO: Free TV Bar Toolbar: {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files (x86)\Free_TV_Bar\prxtbFre0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Free TV Bar Toolbar: {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files (x86)\Free_TV_Bar\prxtbFre0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Manolis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D1DF5E9-EBCC-4913-ADE1-5A0F145683C5} : DhcpNameServer = 192.168.1.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110528000027.dll
BHO-X64: scriptproxy - No File
BHO-X64: Free TV Bar Toolbar: {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files (x86)\Free_TV_Bar\prxtbFre0.dll
BHO-X64: Free TV Bar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Free TV Bar Toolbar: {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files (x86)\Free_TV_Bar\prxtbFre0.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Manolis\AppData\Roaming\Mozilla\Firefox\Profiles\qefvsarx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-10-23 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-10-23 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-10-23 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-10-23 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-2-26 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-2-20 656624]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-20 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-10-23 355440]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-20 136176]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-30 00:48:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-30 00:48:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-29 17:11:32 37888 ----a-w- C:\Windows\System32\consrv.dll
2011-08-19 23:38:29 -------- d-----w- C:\Windows\System32\SPReview
2011-08-19 23:37:28 -------- d-----w- C:\Windows\System32\EventProviders
2011-08-12 18:09:00 -------- d-----w- C:\Users\Manolis\AppData\Roaming\Malwarebytes
2011-08-12 18:08:55 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-12 18:08:55 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-12 18:08:51 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-12 18:08:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-12 18:05:51 -------- d-----w- C:\Users\Manolis\AppData\Roaming\McAfee
2011-08-11 10:01:35 -------- d-sh--w- C:\Windows\System32\%APPDATA%
.
==================== Find3M ====================
.
2011-08-19 23:46:25 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-08-19 23:46:24 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 16:27:04.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:24 PM

Posted 03 September 2011 - 07:04 AM

Hi Cyjon,

Welcome to Bleeping Computer. I will assist you with the issue.

You need to download and run the FRST64 version:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 Cyjon

Cyjon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 05 September 2011 - 11:49 AM

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.1
Ran by SYSTEM at 2011-09-05 12:48:57
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762224 2009-06-30] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [118624 2009-07-24] (Microsoft Corporation)
HKLM-x32\...\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2010-01-07] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1486392 2011-06-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKU\Manolis\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [509416 2010-10-07] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2011-04-14] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2011-04-14] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [149032 2011-04-14] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2009-06-18] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-11-11] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-11-11] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)
3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1224704 2009-07-24] (VIA Technologies, Inc.)
3 VX3000; C:\Windows\System32\DRIVERS\VX3000.sys [2060144 2009-06-30] (Microsoft Corporation)
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-09-05 13:45 - 2011-09-05 13:45 - 0000000 ____D C:\Users\Manolis\AppData\Roaming\U3
2011-09-05 12:48 - 2011-09-05 12:48 - 0000000 ____D C:\FRST
2011-09-02 18:29 - 2011-09-02 18:29 - 0000000 ____D C:\Users\Manolis\Downloads\gmer
2011-09-02 18:28 - 2011-09-02 18:28 - 0294216 ____A C:\Users\Manolis\Downloads\gmer.zip
2011-09-02 18:28 - 2011-09-02 18:28 - 0007328 ____A C:\Users\Manolis\My Documents\Attach.txt
2011-09-02 18:28 - 2011-09-02 18:28 - 0007328 ____A C:\Users\Manolis\Documents\Attach.txt
2011-09-02 18:27 - 2011-09-02 18:27 - 0017982 ____A C:\Users\Manolis\My Documents\DDS.txt
2011-09-02 18:27 - 2011-09-02 18:27 - 0017982 ____A C:\Users\Manolis\Documents\DDS.txt
2011-09-02 18:25 - 2011-09-02 18:25 - 0607260 ____R (Swearware) C:\Users\Manolis\Downloads\dds.scr
2011-08-29 22:34 - 2011-08-29 22:34 - 0000365 ____A C:\rkill.log
2011-08-29 22:33 - 2011-08-29 20:19 - 0302592 ____A C:\Users\Manolis\Desktop\sndsbhde.exe
2011-08-29 19:57 - 2011-08-29 19:58 - 0064330 ____A C:\TDSSKiller.2.5.17.0_29.08.2011_17.57.46_log.txt
2011-08-29 19:57 - 2011-08-29 19:57 - 1406768 ____A (Kaspersky Lab ZAO) C:\Users\Manolis\Downloads\tdsskiller.exe
2011-08-29 19:48 - 2011-07-09 00:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-08-29 19:48 - 2011-07-08 23:29 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-08-29 19:39 - 2011-08-29 19:39 - 301640502 ____A C:\Windows\MEMORY.DMP
2011-08-29 19:39 - 2011-08-29 19:39 - 0274864 ____A C:\Windows\Minidump\082911-22417-01.dmp
2011-08-29 19:39 - 2011-08-29 19:39 - 0000000 ____D C:\Windows\Minidump
2011-08-29 12:11 - 2009-07-13 20:39 - 0037888 ____A (Microsoft Corporation) C:\Windows\System32\consrv.dll
2011-08-22 21:17 - 2011-08-22 21:17 - 0124290 ____A C:\Windows\ntbtlog.txt
2011-08-19 18:38 - 2011-08-19 18:38 - 0000000 ____D C:\Windows\System32\SPReview
2011-08-19 18:37 - 2011-08-19 18:37 - 0000000 ____D C:\Windows\System32\EventProviders
2011-08-12 13:09 - 2011-08-12 13:09 - 0000000 ____D C:\Users\Manolis\Application Data\Malwarebytes
2011-08-12 13:09 - 2011-08-12 13:09 - 0000000 ____D C:\Users\Manolis\AppData\Roaming\Malwarebytes
2011-08-12 13:08 - 2011-08-12 13:08 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-08-12 13:08 - 2011-08-12 13:08 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2011-08-12 13:08 - 2011-08-12 13:08 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-08-12 13:08 - 2011-08-12 13:08 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-12 13:08 - 2011-07-06 21:52 - 0041272 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2011-08-12 13:08 - 2011-07-06 21:52 - 0025912 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-08-12 13:07 - 2011-08-12 13:08 - 9466208 ____A (Malwarebytes Corporation ) C:\Users\Manolis\Downloads\mbam-setup-1.51.1.1800.exe
2011-08-12 13:05 - 2011-08-12 13:05 - 0000000 ____D C:\Users\Manolis\Application Data\McAfee
2011-08-12 13:05 - 2011-08-12 13:05 - 0000000 ____D C:\Users\Manolis\AppData\Roaming\McAfee
2011-08-11 05:01 - 2011-08-11 05:01 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2011-08-11 05:00 - 2011-07-22 00:52 - 17782272 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-08-11 05:00 - 2011-07-22 00:42 - 2303488 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-08-11 05:00 - 2011-07-22 00:40 - 10886144 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-08-11 05:00 - 2011-07-22 00:36 - 1389056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-08-11 05:00 - 2011-07-22 00:36 - 1344512 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-08-11 05:00 - 2011-07-22 00:35 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-08-11 05:00 - 2011-07-22 00:34 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-08-11 05:00 - 2011-07-22 00:33 - 2143232 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-08-11 05:00 - 2011-07-22 00:33 - 0818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-08-11 05:00 - 2011-07-22 00:32 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-08-11 05:00 - 2011-07-22 00:32 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-08-11 05:00 - 2011-07-22 00:30 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-08-11 05:00 - 2011-07-21 21:54 - 1797632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-08-11 05:00 - 2011-07-21 21:54 - 12273664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-08-11 05:00 - 2011-07-21 21:51 - 9704448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-08-11 05:00 - 2011-07-21 21:49 - 1102848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-08-11 05:00 - 2011-07-21 21:48 - 1126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-08-11 05:00 - 2011-07-21 21:47 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-08-11 05:00 - 2011-07-21 21:46 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-08-11 05:00 - 2011-07-21 21:45 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-08-11 05:00 - 2011-07-21 21:44 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-08-11 05:00 - 2011-07-21 21:44 - 1791488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-08-11 05:00 - 2011-07-21 21:44 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-08-11 05:00 - 2011-07-21 21:43 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-08-10 12:42 - 2011-07-16 00:41 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-08-10 12:42 - 2011-07-16 00:41 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-08-10 12:42 - 2011-07-16 00:41 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-08-10 12:42 - 2011-07-16 00:39 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-08-10 12:42 - 2011-07-16 00:37 - 1162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-08-10 12:42 - 2011-07-16 00:37 - 0421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 12:42 - 2011-07-16 00:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:29 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-08-10 12:42 - 2011-07-15 23:25 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-08-10 12:42 - 2011-07-15 23:24 - 1114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-08-10 12:42 - 2011-07-15 23:24 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-08-10 12:42 - 2011-07-15 23:24 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 23:15 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 21:21 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-08-10 12:42 - 2011-07-15 21:21 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-08-10 12:42 - 2011-07-15 21:17 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 21:17 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 21:17 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 12:42 - 2011-07-15 21:17 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 12:42 - 2011-07-08 21:46 - 0288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-08-10 12:42 - 2011-06-24 00:34 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-08-10 12:42 - 2011-06-24 00:25 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-08-10 12:42 - 2011-06-23 00:43 - 5561216 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-08-10 12:42 - 2011-06-22 23:33 - 3967872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-08-10 12:42 - 2011-06-22 23:33 - 3912576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-08-10 12:42 - 2011-06-21 01:34 - 1923968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-08-10 12:42 - 2011-06-16 00:49 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2011-08-10 12:42 - 2011-06-15 23:33 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2011-08-10 12:42 - 2011-06-15 05:02 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2011-08-10 12:42 - 2011-06-15 05:02 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2011-08-10 12:42 - 2011-06-15 05:02 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2011-08-10 12:42 - 2011-06-15 05:02 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2011-08-10 12:42 - 2011-06-15 03:55 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2011-08-10 12:42 - 2011-06-15 03:55 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2011-08-10 12:42 - 2011-06-15 03:55 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2011-08-10 12:42 - 2011-06-15 03:55 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2011-08-10 12:42 - 2011-06-15 03:55 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll


============ 3 Months Modified Files and Folders =============

2011-09-05 13:46 - 2009-07-14 00:10 - 1745289 ____A C:\Windows\WindowsUpdate.log
2011-09-05 13:46 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-09-05 13:46 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-09-05 13:45 - 2011-09-05 13:45 - 0000000 ____D C:\Users\Manolis\Application Data\U3
2011-09-05 13:45 - 2011-09-05 13:45 - 0000000 ____D C:\Users\Manolis\AppData\Roaming\U3
2011-09-05 13:45 - 2009-07-13 23:51 - 0038194 ____A C:\Windows\setupact.log
2011-09-05 13:17 - 2011-03-20 19:57 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-09-05 12:48 - 2011-09-05 12:48 - 0000000 ____D C:\FRST
2011-09-05 07:01 - 2010-02-28 14:39 - 0524288 __ASH C:\Windows\System32\config\components{ecc9af2e-24a0-11df-bf21-a4badbe74e4e}.TMContainer00000000000000000001.regtrans-ms
2011-09-05 07:01 - 2010-02-28 14:39 - 0065536 __ASH C:\Windows\System32\config\components{ecc9af2e-24a0-11df-bf21-a4badbe74e4e}.TM.blf
2011-09-05 06:17 - 2011-03-20 19:57 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-09-02 18:29 - 2011-09-02 18:29 - 0000000 ____D C:\Users\Manolis\Downloads\gmer
2011-09-02 18:28 - 2011-09-02 18:28 - 0294216 ____A C:\Users\Manolis\Downloads\gmer.zip
2011-09-02 18:28 - 2011-09-02 18:28 - 0007328 ____A C:\Users\Manolis\My Documents\Attach.txt
2011-09-02 18:28 - 2011-09-02 18:28 - 0007328 ____A C:\Users\Manolis\Documents\Attach.txt
2011-09-02 18:27 - 2011-09-02 18:27 - 0017982 ____A C:\Users\Manolis\My Documents\DDS.txt
2011-09-02 18:27 - 2011-09-02 18:27 - 0017982 ____A C:\Users\Manolis\Documents\DDS.txt
2011-09-02 18:25 - 2011-09-02 18:25 - 0607260 ____R (Swearware) C:\Users\Manolis\Downloads\dds.scr
2011-09-01 02:15 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\rescache
2011-09-01 01:03 - 2009-07-14 00:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2011-09-01 01:01 - 2010-03-12 17:55 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-09-01 00:58 - 2010-02-20 13:58 - 3019202560 __ASH C:\hiberfil.sys
2011-09-01 00:58 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-08-29 22:34 - 2011-08-29 22:34 - 0000365 ____A C:\rkill.log
2011-08-29 22:26 - 2010-02-20 13:58 - 0492716 ____A C:\Windows\PFRO.log
2011-08-29 20:19 - 2011-08-29 22:33 - 0302592 ____A C:\Users\Manolis\Desktop\sndsbhde.exe
2011-08-29 19:58 - 2011-08-29 19:57 - 0064330 ____A C:\TDSSKiller.2.5.17.0_29.08.2011_17.57.46_log.txt
2011-08-29 19:57 - 2011-08-29 19:57 - 1406768 ____A (Kaspersky Lab ZAO) C:\Users\Manolis\Downloads\tdsskiller.exe
2011-08-29 19:39 - 2011-08-29 19:39 - 301640502 ____A C:\Windows\MEMORY.DMP
2011-08-29 19:39 - 2011-08-29 19:39 - 0274864 ____A C:\Windows\Minidump\082911-22417-01.dmp
2011-08-29 19:39 - 2011-08-29 19:39 - 0000000 ____D C:\Windows\Minidump
2011-08-29 19:14 - 2009-07-13 23:45 - 0316856 ____A C:\Windows\System32\FNTCACHE.DAT
2011-08-22 21:17 - 2011-08-22 21:17 - 0124290 ____A C:\Windows\ntbtlog.txt
2011-08-22 18:12 - 2010-02-20 12:34 - 0000072 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2011-08-22 18:12 - 2010-02-20 12:16 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2011-08-19 21:02 - 2010-02-26 13:51 - 0000402 __ASH C:\Users\Manolis\My Documents\desktop.ini
2011-08-19 21:02 - 2010-02-26 13:51 - 0000174 ___SH C:\Users\Manolis\Start Menu\Programs\Startup\desktop.ini
2011-08-19 21:02 - 2010-02-26 13:51 - 0000174 ___SH C:\Users\Manolis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-08-19 20:51 - 2009-07-14 02:45 - 0000000 ____D C:\Program Files\Windows Journal
2011-08-19 20:51 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-08-19 20:51 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2011-08-19 20:51 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-08-19 20:51 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Defender
2011-08-19 20:51 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-08-19 20:51 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-08-19 20:51 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2011-08-19 20:51 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2011-08-19 20:51 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2011-08-19 20:51 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2011-08-19 20:51 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2011-08-19 20:51 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-08-19 20:51 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2011-08-19 20:51 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2011-08-19 20:51 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2011-08-19 20:51 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2011-08-19 20:51 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2011-08-19 20:51 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2011-08-19 20:51 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\servicing
2011-08-19 20:50 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sppui
2011-08-19 20:50 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Setup
2011-08-19 20:50 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\oobe
2011-08-19 20:50 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\migwiz
2011-08-19 20:50 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\manifeststore
2011-08-19 20:50 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\es-ES
2011-08-19 20:50 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Dism
2011-08-19 20:50 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\da-DK
2011-08-19 20:50 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2011-08-19 20:50 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2011-08-19 18:47 - 2010-02-20 12:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-08-19 18:46 - 2009-07-13 21:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2011-08-19 18:46 - 2009-07-13 21:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2011-08-19 18:38 - 2011-08-19 18:38 - 0000000 ____D C:\Windows\System32\SPReview
2011-08-19 18:37 - 2011-08-19 18:37 - 0000000 ____D C:\Windows\System32\EventProviders
2011-08-14 03:00 - 2010-05-05 20:58 - 0000000 ____D C:\Users\Manolis\Local Settings\ElevatedDiagnostics
2011-08-14 03:00 - 2010-05-05 20:58 - 0000000 ____D C:\Users\Manolis\Local Settings\Application Data\ElevatedDiagnostics
2011-08-14 03:00 - 2010-05-05 20:58 - 0000000 ____D C:\Users\Manolis\AppData\Local\ElevatedDiagnostics
2011-08-12 14:30 - 2009-07-13 21:34 - 0436542 ____R C:\Windows\System32\Drivers\etc\hosts
2011-08-12 14:18 - 2011-01-27 03:26 - 0000000 ____D C:\Users\Manolis\Application Data\Ynqia
2011-08-12 14:18 - 2011-01-27 03:26 - 0000000 ____D C:\Users\Manolis\AppData\Roaming\Ynqia
2011-08-12 14:18 - 2010-04-13 11:28 - 0000000 ____D C:\Users\Manolis\Application Data\Cehe
2011-08-12 14:18 - 2010-04-13 11:28 - 0000000 ____D C:\Users\Manolis\AppData\Roaming\Cehe
2011-08-12 13:09 - 2011-08-12 13:09 - 0000000 ____D C:\Users\Manolis\Application Data\Malwarebytes
2011-08-12 13:09 - 2011-08-12 13:09 - 0000000 ____D C:\Users\Manolis\AppData\Roaming\Malwarebytes
2011-08-12 13:08 - 2011-08-12 13:08 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-08-12 13:08 - 2011-08-12 13:08 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2011-08-12 13:08 - 2011-08-12 13:08 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-08-12 13:08 - 2011-08-12 13:08 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-12 13:08 - 2011-08-12 13:07 - 9466208 ____A (Malwarebytes Corporation ) C:\Users\Manolis\Downloads\mbam-setup-1.51.1.1800.exe
2011-08-12 13:05 - 2011-08-12 13:05 - 0000000 ____D C:\Users\Manolis\Application Data\McAfee
2011-08-12 13:05 - 2011-08-12 13:05 - 0000000 ____D C:\Users\Manolis\AppData\Roaming\McAfee
2011-08-12 13:04 - 2010-02-20 12:28 - 0000000 ____D C:\Users\All Users\McAfee
2011-08-12 13:04 - 2010-02-20 12:28 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2011-08-12 13:04 - 2010-02-20 12:28 - 0000000 ____D C:\ProgramData\McAfee
2011-08-12 13:04 - 2010-02-20 12:28 - 0000000 ____D C:\Program Files (x86)\McAfee
2011-08-11 22:14 - 2010-09-01 21:35 - 0000000 ____D C:\Users\Manolis\Application Data\Fahiby
2011-08-11 22:14 - 2010-09-01 21:35 - 0000000 ____D C:\Users\Manolis\AppData\Roaming\Fahiby
2011-08-11 05:19 - 2011-07-25 04:26 - 0000106 ____A C:\Windows\SysWOW64\503763432
2011-08-11 05:08 - 2011-07-13 05:04 - 0000276 ____A C:\Windows\System32\MRT.INI
2011-08-11 05:06 - 2010-02-26 14:49 - 54065608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-08-11 05:01 - 2011-08-11 05:01 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2011-08-10 12:52 - 2010-02-28 14:39 - 0524288 __ASH C:\Windows\System32\config\components{ecc9af2e-24a0-11df-bf21-a4badbe74e4e}.TMContainer00000000000000000002.regtrans-ms
2011-08-05 20:40 - 2010-02-26 15:58 - 0000072 ____A C:\Users\Public\LMDebug.log
2011-07-29 06:48 - 2009-07-14 00:08 - 0020192 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-07-27 15:24 - 2011-07-27 15:24 - 0000000 ____D C:\Windows\system64
2011-07-26 08:53 - 2011-07-26 08:53 - 0000000 ___AH C:\Users\Manolis\Desktop\wflozrmwuy.tmp
2011-07-24 12:58 - 2010-04-04 10:55 - 0000000 ____D C:\Users\All Users\Application Data\AlawarWrapper
2011-07-24 12:58 - 2010-04-04 10:55 - 0000000 ____D C:\Users\All Users\AlawarWrapper
2011-07-24 12:58 - 2010-04-04 10:55 - 0000000 ____D C:\ProgramData\AlawarWrapper
2011-07-22 00:52 - 2011-08-11 05:00 - 17782272 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-07-22 00:42 - 2011-08-11 05:00 - 2303488 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-07-22 00:40 - 2011-08-11 05:00 - 10886144 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-07-22 00:36 - 2011-08-11 05:00 - 1389056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-07-22 00:36 - 2011-08-11 05:00 - 1344512 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-07-22 00:35 - 2011-08-11 05:00 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-07-22 00:34 - 2011-08-11 05:00 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-07-22 00:33 - 2011-08-11 05:00 - 2143232 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-07-22 00:33 - 2011-08-11 05:00 - 0818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-07-22 00:32 - 2011-08-11 05:00 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-07-22 00:32 - 2011-08-11 05:00 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-07-22 00:30 - 2011-08-11 05:00 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-07-21 21:54 - 2011-08-11 05:00 - 1797632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-07-21 21:54 - 2011-08-11 05:00 - 12273664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-07-21 21:51 - 2011-08-11 05:00 - 9704448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-07-21 21:49 - 2011-08-11 05:00 - 1102848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-07-21 21:48 - 2011-08-11 05:00 - 1126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-07-21 21:47 - 2011-08-11 05:00 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-07-21 21:46 - 2011-08-11 05:00 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-07-21 21:45 - 2011-08-11 05:00 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-07-21 21:44 - 2011-08-11 05:00 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-07-21 21:44 - 2011-08-11 05:00 - 1791488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-07-21 21:44 - 2011-08-11 05:00 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-07-21 21:43 - 2011-08-11 05:00 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-07-16 00:41 - 2011-08-10 12:42 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-07-16 00:41 - 2011-08-10 12:42 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-07-16 00:41 - 2011-08-10 12:42 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-07-16 00:39 - 2011-08-10 12:42 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-07-16 00:37 - 2011-08-10 12:42 - 1162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-07-16 00:37 - 2011-08-10 12:42 - 0421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 00:21 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-07-15 23:29 - 2011-08-10 12:42 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-07-15 23:25 - 2011-08-10 12:42 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-07-15 23:24 - 2011-08-10 12:42 - 1114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-07-15 23:24 - 2011-08-10 12:42 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-07-15 23:24 - 2011-08-10 12:42 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-15 23:15 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-15 21:21 - 2011-08-10 12:42 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-07-15 21:21 - 2011-08-10 12:42 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-07-15 21:17 - 2011-08-10 12:42 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-15 21:17 - 2011-08-10 12:42 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-15 21:17 - 2011-08-10 12:42 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-15 21:17 - 2011-08-10 12:42 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 22:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\NDF
2011-07-13 22:04 - 2011-07-13 22:03 - 0001976 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2011-07-13 22:04 - 2011-07-13 22:03 - 0001976 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2011-07-13 22:03 - 2010-03-09 08:45 - 0000000 ____D C:\Users\Manolis\Local Settings\Application Data\Adobe
2011-07-13 22:03 - 2010-03-09 08:45 - 0000000 ____D C:\Users\Manolis\Local Settings\Adobe
2011-07-13 22:03 - 2010-03-09 08:45 - 0000000 ____D C:\Users\Manolis\AppData\Local\Adobe
2011-07-13 22:03 - 2010-02-20 12:06 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2011-07-13 22:03 - 2010-02-20 12:06 - 0000000 ____D C:\Users\All Users\Adobe
2011-07-13 22:03 - 2010-02-20 12:06 - 0000000 ____D C:\ProgramData\Adobe
2011-07-11 23:56 - 2011-07-05 20:04 - 0013067 ____A C:\Users\Manolis\Application Data\84FA.AAA
2011-07-11 23:56 - 2011-07-05 20:04 - 0013067 ____A C:\Users\Manolis\AppData\Roaming\84FA.AAA
2011-07-09 00:26 - 2011-08-29 19:48 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-07-08 23:29 - 2011-08-29 19:48 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-07-08 21:46 - 2011-08-10 12:42 - 0288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-07-06 21:52 - 2011-08-12 13:08 - 0041272 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2011-07-06 21:52 - 2011-08-12 13:08 - 0025912 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-06-24 00:34 - 2011-08-10 12:42 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-06-24 00:25 - 2011-08-10 12:42 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-06-23 00:43 - 2011-08-10 12:42 - 5561216 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-06-22 23:33 - 2011-08-10 12:42 - 3967872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-06-22 23:33 - 2011-08-10 12:42 - 3912576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-06-21 01:34 - 2011-08-10 12:42 - 1923968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-06-16 05:21 - 2010-03-05 22:49 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-06-16 05:03 - 2010-02-20 12:08 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-06-16 05:03 - 2010-02-20 12:08 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2011-06-16 05:03 - 2010-02-20 12:08 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-06-16 00:49 - 2011-08-10 12:42 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2011-06-15 23:33 - 2011-08-10 12:42 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2011-06-15 05:02 - 2011-08-10 12:42 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2011-06-15 05:02 - 2011-08-10 12:42 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2011-06-15 05:02 - 2011-08-10 12:42 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2011-06-15 05:02 - 2011-08-10 12:42 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2011-06-15 03:55 - 2011-08-10 12:42 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2011-06-15 03:55 - 2011-08-10 12:42 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2011-06-15 03:55 - 2011-08-10 12:42 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2011-06-15 03:55 - 2011-08-10 12:42 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2011-06-15 03:55 - 2011-08-10 12:42 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2011-06-10 22:07 - 2011-07-12 18:05 - 3137536 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3839.12 MB
Available physical RAM: 3257.69 MB
Total Pagefile: 3837.27 MB
Available Pagefile: 3243.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:383.75 GB) NTFS
3 Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:1.9 GB) (Free:1.89 GB) FAT32
5 Drive g: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.39 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==========================================================

Last Boot: 2011-09-02 02:25

======================= End Of Log ==========================

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:24 PM

Posted 05 September 2011 - 12:32 PM

  • You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    • First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup
      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
    • Then download ResetTeaTimer.exe to your desktop.
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    HKU\Manolis\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    SubSystems: [Windows] ==> ZeroAccess
    2011-08-29 12:11 - 2009-07-13 20:39 - 0037888 ____A (Microsoft Corporation) C:\Windows\System32\consrv.dll
    cmd : type c:\tdss*.txt
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the BartPE CD.
    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Reboot the computer and run TDSSKiller once more and post the log it makes.


#5 Cyjon

Cyjon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 05 September 2011 - 01:28 PM

Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.2.1)
Ran by SYSTEM at 2011-09-05 15:18:54 R:1
Running from G:\

==============================================

HKEY_USERS\Manolis\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer Value not found.
HKEY_LOCAL_MACHINE\999\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Windows\System32\consrv.dll moved successfully.

==== End of Fixlog ====

--------------------------------------------------
2011/09/05 15:23:27.0877 4360 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/05 15:23:32.0746 4360 Perform update action was selected
2011/09/05 15:23:32.0746 4352 Deinitialize success

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:24 PM

Posted 05 September 2011 - 01:53 PM

Well done. Please proceed with the rest. :thumbup2:

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:24 PM

Posted 05 September 2011 - 01:56 PM

Is this the log of TDSSKiller?

There are two logs on the C: driver (go to Start => Computer => open C: drive). Please post the content of both of them.

#8 Cyjon

Cyjon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 05 September 2011 - 01:59 PM

Proceed with the rest? That's everything you told me to do. System appears clean (consrv.dll is gone, firewall is not getting turned off) but I just wanted to be sure to get the OK from you before celebrating.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:24 PM

Posted 05 September 2011 - 02:03 PM

We removed it alright but we are not done yet to make sure other components are gone too.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#10 Cyjon

Cyjon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 05 September 2011 - 02:35 PM

That's posted above. It's only three lines long, but it's at the very bottom

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:24 PM

Posted 05 September 2011 - 02:43 PM

That is not the full log, that is the reason I'm asking it. Please remove your copy of TDSSKiller, download the latest one, run as instructed and get the log as instructed. As long as you can't get a full log it is not safe. It will save both of us running a bunch of other tools.

Edited by farbar, 05 September 2011 - 02:54 PM.


#12 Cyjon

Cyjon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 05 September 2011 - 02:47 PM

Oops - I opened the wrong log file. Here's the real one.

2011/09/05 16:31:13.0228 3476 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
2011/09/05 16:31:14.0616 3476 ================================================================================
2011/09/05 16:31:14.0616 3476 SystemInfo:
2011/09/05 16:31:14.0616 3476
2011/09/05 16:31:14.0616 3476 OS Version: 6.1.7601 ServicePack: 1.0
2011/09/05 16:31:14.0616 3476 Product type: Workstation
2011/09/05 16:31:14.0616 3476 ComputerName: MANOLIS-PC
2011/09/05 16:31:14.0616 3476 UserName: Manolis
2011/09/05 16:31:14.0616 3476 Windows directory: C:\Windows
2011/09/05 16:31:14.0616 3476 System windows directory: C:\Windows
2011/09/05 16:31:14.0616 3476 Running under WOW64
2011/09/05 16:31:14.0616 3476 Processor architecture: Intel x64
2011/09/05 16:31:14.0616 3476 Number of processors: 2
2011/09/05 16:31:14.0616 3476 Page size: 0x1000
2011/09/05 16:31:14.0616 3476 Boot type: Normal boot
2011/09/05 16:31:14.0616 3476 ================================================================================
2011/09/05 16:31:15.0412 3476 Initialize success
2011/09/05 16:31:17.0112 4720 ================================================================================
2011/09/05 16:31:17.0112 4720 Scan started
2011/09/05 16:31:17.0112 4720 Mode: Manual;
2011/09/05 16:31:17.0112 4720 ================================================================================
2011/09/05 16:31:17.0752 4720 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/09/05 16:31:17.0799 4720 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/09/05 16:31:17.0830 4720 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/09/05 16:31:17.0877 4720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/05 16:31:17.0924 4720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/05 16:31:17.0955 4720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/05 16:31:18.0017 4720 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/09/05 16:31:18.0064 4720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/09/05 16:31:18.0095 4720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/09/05 16:31:18.0142 4720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/09/05 16:31:18.0173 4720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/05 16:31:18.0220 4720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/05 16:31:18.0251 4720 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/09/05 16:31:18.0267 4720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/05 16:31:18.0282 4720 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/09/05 16:31:18.0314 4720 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/09/05 16:31:18.0376 4720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/05 16:31:18.0392 4720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/05 16:31:18.0407 4720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/05 16:31:18.0454 4720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/09/05 16:31:18.0485 4720 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
2011/09/05 16:31:18.0610 4720 atikmdag (80793852021864a9ed344843eeba5fdb) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/05 16:31:18.0688 4720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/05 16:31:18.0735 4720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/05 16:31:18.0782 4720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/05 16:31:18.0828 4720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/05 16:31:18.0875 4720 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/05 16:31:18.0906 4720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/05 16:31:18.0938 4720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/05 16:31:18.0953 4720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/05 16:31:18.0984 4720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/05 16:31:19.0000 4720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/05 16:31:19.0016 4720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/05 16:31:19.0031 4720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/05 16:31:19.0062 4720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/05 16:31:19.0109 4720 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/05 16:31:19.0156 4720 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
2011/09/05 16:31:19.0203 4720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/05 16:31:19.0250 4720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/05 16:31:19.0296 4720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/05 16:31:19.0343 4720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/09/05 16:31:19.0390 4720 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/09/05 16:31:19.0406 4720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/05 16:31:19.0437 4720 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/09/05 16:31:19.0468 4720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/05 16:31:19.0530 4720 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/09/05 16:31:19.0577 4720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/05 16:31:19.0608 4720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/05 16:31:19.0671 4720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/05 16:31:19.0733 4720 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/05 16:31:19.0827 4720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/05 16:31:19.0889 4720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/05 16:31:19.0936 4720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/09/05 16:31:19.0983 4720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/05 16:31:19.0998 4720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/05 16:31:20.0030 4720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/05 16:31:20.0076 4720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/05 16:31:20.0108 4720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/05 16:31:20.0139 4720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/05 16:31:20.0170 4720 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/09/05 16:31:20.0201 4720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/05 16:31:20.0310 4720 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/05 16:31:20.0373 4720 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/05 16:31:20.0404 4720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/05 16:31:20.0466 4720 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/05 16:31:20.0529 4720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/05 16:31:20.0576 4720 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/09/05 16:31:20.0591 4720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/05 16:31:20.0622 4720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/05 16:31:20.0638 4720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/05 16:31:20.0685 4720 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/09/05 16:31:20.0732 4720 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/09/05 16:31:20.0778 4720 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/09/05 16:31:20.0810 4720 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/05 16:31:20.0856 4720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/09/05 16:31:20.0903 4720 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/09/05 16:31:20.0934 4720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/05 16:31:20.0981 4720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/09/05 16:31:21.0012 4720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/05 16:31:21.0059 4720 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/05 16:31:21.0106 4720 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/09/05 16:31:21.0137 4720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/05 16:31:21.0168 4720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/05 16:31:21.0200 4720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/09/05 16:31:21.0246 4720 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/09/05 16:31:21.0278 4720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/09/05 16:31:21.0324 4720 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/09/05 16:31:21.0371 4720 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/05 16:31:21.0418 4720 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/05 16:31:21.0449 4720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/05 16:31:21.0496 4720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/05 16:31:21.0543 4720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/05 16:31:21.0558 4720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/05 16:31:21.0590 4720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/05 16:31:21.0605 4720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/05 16:31:21.0621 4720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/05 16:31:21.0683 4720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/05 16:31:21.0714 4720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/05 16:31:21.0746 4720 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
2011/09/05 16:31:21.0777 4720 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
2011/09/05 16:31:21.0839 4720 mfebopk (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
2011/09/05 16:31:21.0902 4720 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
2011/09/05 16:31:21.0948 4720 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
2011/09/05 16:31:21.0995 4720 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/09/05 16:31:22.0042 4720 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
2011/09/05 16:31:22.0089 4720 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
2011/09/05 16:31:22.0120 4720 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
2011/09/05 16:31:22.0167 4720 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
2011/09/05 16:31:22.0198 4720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/05 16:31:22.0245 4720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/05 16:31:22.0276 4720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/09/05 16:31:22.0323 4720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/05 16:31:22.0370 4720 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/09/05 16:31:22.0416 4720 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/09/05 16:31:22.0448 4720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/05 16:31:22.0479 4720 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/09/05 16:31:22.0510 4720 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/05 16:31:22.0572 4720 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/05 16:31:22.0588 4720 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/05 16:31:22.0604 4720 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/09/05 16:31:22.0650 4720 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/09/05 16:31:22.0697 4720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/05 16:31:22.0713 4720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/05 16:31:22.0744 4720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/09/05 16:31:22.0775 4720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/05 16:31:22.0791 4720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/05 16:31:22.0806 4720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/05 16:31:22.0853 4720 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/09/05 16:31:22.0869 4720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/09/05 16:31:22.0884 4720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/05 16:31:22.0916 4720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/05 16:31:22.0931 4720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/05 16:31:22.0978 4720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/05 16:31:23.0056 4720 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/09/05 16:31:23.0103 4720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/05 16:31:23.0134 4720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/05 16:31:23.0165 4720 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/05 16:31:23.0212 4720 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/05 16:31:23.0259 4720 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/09/05 16:31:23.0274 4720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/05 16:31:23.0321 4720 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/05 16:31:23.0384 4720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/05 16:31:23.0399 4720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/05 16:31:23.0430 4720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/05 16:31:23.0508 4720 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/09/05 16:31:23.0540 4720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/05 16:31:23.0602 4720 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/09/05 16:31:23.0618 4720 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/09/05 16:31:23.0649 4720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/09/05 16:31:23.0680 4720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/09/05 16:31:23.0727 4720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/05 16:31:23.0758 4720 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/09/05 16:31:23.0789 4720 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/09/05 16:31:23.0805 4720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/09/05 16:31:23.0820 4720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/05 16:31:23.0852 4720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/05 16:31:23.0883 4720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/05 16:31:23.0961 4720 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/05 16:31:23.0992 4720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/05 16:31:24.0054 4720 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/05 16:31:24.0086 4720 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/09/05 16:31:24.0148 4720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/05 16:31:24.0195 4720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/05 16:31:24.0226 4720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/05 16:31:24.0257 4720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/05 16:31:24.0288 4720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/05 16:31:24.0320 4720 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/05 16:31:24.0366 4720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/05 16:31:24.0382 4720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/05 16:31:24.0413 4720 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/05 16:31:24.0444 4720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/05 16:31:24.0476 4720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/05 16:31:24.0491 4720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/05 16:31:24.0507 4720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/05 16:31:24.0554 4720 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/09/05 16:31:24.0585 4720 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/09/05 16:31:24.0632 4720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/05 16:31:24.0678 4720 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/09/05 16:31:24.0741 4720 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/09/05 16:31:24.0803 4720 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/05 16:31:24.0834 4720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/05 16:31:24.0866 4720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/05 16:31:24.0897 4720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/05 16:31:24.0928 4720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/05 16:31:24.0990 4720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/09/05 16:31:25.0006 4720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/05 16:31:25.0022 4720 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/05 16:31:25.0053 4720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/05 16:31:25.0100 4720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/05 16:31:25.0115 4720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/05 16:31:25.0146 4720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/05 16:31:25.0178 4720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/05 16:31:25.0240 4720 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/09/05 16:31:25.0271 4720 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/05 16:31:25.0302 4720 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/05 16:31:25.0334 4720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/05 16:31:25.0396 4720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/09/05 16:31:25.0521 4720 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/09/05 16:31:25.0583 4720 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/05 16:31:25.0630 4720 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/05 16:31:25.0661 4720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/05 16:31:25.0677 4720 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/05 16:31:25.0708 4720 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/05 16:31:25.0724 4720 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/09/05 16:31:25.0786 4720 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/05 16:31:25.0833 4720 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/09/05 16:31:25.0880 4720 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/05 16:31:25.0911 4720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/05 16:31:25.0942 4720 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/05 16:31:25.0989 4720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/05 16:31:26.0036 4720 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/09/05 16:31:26.0067 4720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/05 16:31:26.0114 4720 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
2011/09/05 16:31:26.0145 4720 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/09/05 16:31:26.0176 4720 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
2011/09/05 16:31:26.0223 4720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/09/05 16:31:26.0254 4720 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/05 16:31:26.0301 4720 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/05 16:31:26.0332 4720 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/05 16:31:26.0363 4720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/05 16:31:26.0379 4720 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/05 16:31:26.0410 4720 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/09/05 16:31:26.0457 4720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/09/05 16:31:26.0488 4720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/05 16:31:26.0519 4720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/05 16:31:26.0550 4720 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/09/05 16:31:26.0628 4720 VIAHdAudAddService (a6cf4aaaa85ec6f655c9922593e407ab) C:\Windows\system32\drivers\viahduaa.sys
2011/09/05 16:31:26.0675 4720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/09/05 16:31:26.0706 4720 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/09/05 16:31:26.0769 4720 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/09/05 16:31:26.0800 4720 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/09/05 16:31:26.0847 4720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/05 16:31:26.0894 4720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/09/05 16:31:26.0987 4720 VX3000 (e13b31e0ada64cf1513d993f436ca39d) C:\Windows\system32\DRIVERS\VX3000.sys
2011/09/05 16:31:27.0050 4720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/05 16:31:27.0096 4720 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 16:31:27.0128 4720 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 16:31:27.0190 4720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/05 16:31:27.0221 4720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/05 16:31:27.0299 4720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/05 16:31:27.0330 4720 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/09/05 16:31:27.0362 4720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/05 16:31:27.0424 4720 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/05 16:31:27.0440 4720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/05 16:31:27.0486 4720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/05 16:31:27.0549 4720 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/09/05 16:31:27.0580 4720 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/05 16:31:27.0627 4720 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/09/05 16:31:27.0642 4720 Boot (0x1200) (6acab21db5bc6b3c0a5af312cdc4616f) \Device\Harddisk0\DR0\Partition0
2011/09/05 16:31:27.0658 4720 Boot (0x1200) (7d90a231eec9b4f59f4d2e08a061ef1c) \Device\Harddisk0\DR0\Partition1
2011/09/05 16:31:27.0658 4720 ================================================================================
2011/09/05 16:31:27.0658 4720 Scan finished
2011/09/05 16:31:27.0658 4720 ================================================================================
2011/09/05 16:31:27.0674 2072 Detected object count: 0
2011/09/05 16:31:27.0674 2072 Actual detected object count: 0
2011/09/05 16:47:39.0339 3488 ================================================================================
2011/09/05 16:47:39.0339 3488 Scan started
2011/09/05 16:47:39.0339 3488 Mode: Manual;
2011/09/05 16:47:39.0339 3488 ================================================================================
2011/09/05 16:47:39.0698 3488 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/09/05 16:47:39.0729 3488 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/09/05 16:47:39.0760 3488 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/09/05 16:47:39.0823 3488 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/05 16:47:39.0854 3488 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/05 16:47:39.0885 3488 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/05 16:47:39.0932 3488 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/09/05 16:47:39.0963 3488 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/09/05 16:47:39.0994 3488 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/09/05 16:47:40.0026 3488 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/09/05 16:47:40.0057 3488 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/05 16:47:40.0072 3488 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/05 16:47:40.0088 3488 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/09/05 16:47:40.0119 3488 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/05 16:47:40.0135 3488 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/09/05 16:47:40.0182 3488 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/09/05 16:47:40.0228 3488 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/05 16:47:40.0244 3488 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/05 16:47:40.0275 3488 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/05 16:47:40.0306 3488 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/09/05 16:47:40.0338 3488 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
2011/09/05 16:47:40.0494 3488 atikmdag (80793852021864a9ed344843eeba5fdb) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/05 16:47:40.0603 3488 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/05 16:47:40.0634 3488 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/05 16:47:40.0650 3488 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/05 16:47:40.0681 3488 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/05 16:47:40.0728 3488 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/05 16:47:40.0743 3488 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/05 16:47:40.0759 3488 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/05 16:47:40.0790 3488 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/05 16:47:40.0806 3488 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/05 16:47:40.0821 3488 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/05 16:47:40.0852 3488 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/05 16:47:40.0868 3488 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/05 16:47:40.0899 3488 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/05 16:47:40.0930 3488 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/05 16:47:40.0977 3488 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
2011/09/05 16:47:40.0993 3488 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/05 16:47:41.0024 3488 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/05 16:47:41.0102 3488 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/05 16:47:41.0133 3488 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/09/05 16:47:41.0164 3488 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/09/05 16:47:41.0196 3488 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/05 16:47:41.0227 3488 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/09/05 16:47:41.0242 3488 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/05 16:47:41.0305 3488 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/09/05 16:47:41.0320 3488 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/05 16:47:41.0367 3488 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/05 16:47:41.0414 3488 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/05 16:47:41.0461 3488 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/05 16:47:41.0539 3488 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/05 16:47:41.0601 3488 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/05 16:47:41.0617 3488 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/09/05 16:47:41.0664 3488 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/05 16:47:41.0679 3488 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/05 16:47:41.0710 3488 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/05 16:47:41.0726 3488 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/05 16:47:41.0742 3488 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/05 16:47:41.0773 3488 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/05 16:47:41.0804 3488 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/09/05 16:47:41.0820 3488 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/05 16:47:41.0851 3488 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/05 16:47:41.0882 3488 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/05 16:47:41.0913 3488 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/05 16:47:41.0944 3488 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/05 16:47:41.0976 3488 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/05 16:47:42.0007 3488 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/09/05 16:47:42.0022 3488 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/05 16:47:42.0038 3488 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/05 16:47:42.0054 3488 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/05 16:47:42.0085 3488 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/09/05 16:47:42.0116 3488 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/09/05 16:47:42.0163 3488 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/09/05 16:47:42.0194 3488 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/05 16:47:42.0241 3488 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/09/05 16:47:42.0288 3488 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/09/05 16:47:42.0334 3488 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/05 16:47:42.0366 3488 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/09/05 16:47:42.0381 3488 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/05 16:47:42.0412 3488 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/05 16:47:42.0459 3488 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/09/05 16:47:42.0506 3488 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/05 16:47:42.0537 3488 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/05 16:47:42.0553 3488 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/09/05 16:47:42.0584 3488 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/09/05 16:47:42.0615 3488 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/09/05 16:47:42.0646 3488 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/09/05 16:47:42.0678 3488 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/05 16:47:42.0724 3488 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/05 16:47:42.0740 3488 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/05 16:47:42.0787 3488 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/05 16:47:42.0818 3488 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/05 16:47:42.0834 3488 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/05 16:47:42.0849 3488 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/05 16:47:42.0865 3488 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/05 16:47:42.0896 3488 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/05 16:47:42.0943 3488 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/05 16:47:42.0974 3488 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/05 16:47:42.0990 3488 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
2011/09/05 16:47:43.0021 3488 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
2011/09/05 16:47:43.0083 3488 mfebopk (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
2011/09/05 16:47:43.0146 3488 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
2011/09/05 16:47:43.0192 3488 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
2011/09/05 16:47:43.0239 3488 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/09/05 16:47:43.0270 3488 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
2011/09/05 16:47:43.0317 3488 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
2011/09/05 16:47:43.0333 3488 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
2011/09/05 16:47:43.0364 3488 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
2011/09/05 16:47:43.0411 3488 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/05 16:47:43.0426 3488 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/05 16:47:43.0473 3488 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/09/05 16:47:43.0504 3488 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/05 16:47:43.0536 3488 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/09/05 16:47:43.0582 3488 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/09/05 16:47:43.0598 3488 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/05 16:47:43.0629 3488 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/09/05 16:47:43.0676 3488 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/05 16:47:43.0723 3488 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/05 16:47:43.0770 3488 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/05 16:47:43.0785 3488 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/09/05 16:47:43.0832 3488 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/09/05 16:47:43.0879 3488 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/05 16:47:43.0894 3488 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/05 16:47:43.0926 3488 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/09/05 16:47:43.0957 3488 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/05 16:47:43.0972 3488 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/05 16:47:43.0988 3488 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/05 16:47:44.0035 3488 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/09/05 16:47:44.0082 3488 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/09/05 16:47:44.0097 3488 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/05 16:47:44.0113 3488 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/05 16:47:44.0128 3488 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/05 16:47:44.0175 3488 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/05 16:47:44.0238 3488 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/09/05 16:47:44.0269 3488 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/05 16:47:44.0284 3488 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/05 16:47:44.0331 3488 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/05 16:47:44.0362 3488 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/05 16:47:44.0409 3488 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/09/05 16:47:44.0440 3488 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/05 16:47:44.0487 3488 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/05 16:47:44.0550 3488 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/05 16:47:44.0581 3488 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/05 16:47:44.0596 3488 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/05 16:47:44.0659 3488 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/09/05 16:47:44.0721 3488 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/05 16:47:44.0830 3488 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/09/05 16:47:44.0862 3488 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/09/05 16:47:44.0893 3488 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/09/05 16:47:44.0940 3488 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/09/05 16:47:44.0971 3488 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/05 16:47:45.0002 3488 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/09/05 16:47:45.0033 3488 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/09/05 16:47:45.0064 3488 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/09/05 16:47:45.0080 3488 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/05 16:47:45.0111 3488 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/05 16:47:45.0127 3488 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/05 16:47:45.0220 3488 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/05 16:47:45.0236 3488 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/05 16:47:45.0283 3488 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/05 16:47:45.0330 3488 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/09/05 16:47:45.0392 3488 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/05 16:47:45.0423 3488 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/05 16:47:45.0439 3488 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/05 16:47:45.0470 3488 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/05 16:47:45.0501 3488 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/05 16:47:45.0532 3488 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/05 16:47:45.0579 3488 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/05 16:47:45.0610 3488 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/05 16:47:45.0642 3488 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/05 16:47:45.0673 3488 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/05 16:47:45.0704 3488 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/05 16:47:45.0735 3488 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/05 16:47:45.0751 3488 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/05 16:47:45.0782 3488 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/09/05 16:47:45.0829 3488 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/09/05 16:47:45.0876 3488 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/05 16:47:45.0922 3488 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/09/05 16:47:45.0954 3488 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/09/05 16:47:46.0032 3488 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/05 16:47:46.0078 3488 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/05 16:47:46.0110 3488 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/05 16:47:46.0125 3488 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/05 16:47:46.0156 3488 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/05 16:47:46.0219 3488 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/09/05 16:47:46.0234 3488 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/05 16:47:46.0266 3488 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/05 16:47:46.0281 3488 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/05 16:47:46.0328 3488 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/05 16:47:46.0344 3488 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/05 16:47:46.0375 3488 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/05 16:47:46.0406 3488 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/05 16:47:46.0468 3488 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/09/05 16:47:46.0515 3488 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/05 16:47:46.0546 3488 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/05 16:47:46.0578 3488 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/05 16:47:46.0609 3488 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/09/05 16:47:46.0734 3488 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/09/05 16:47:46.0812 3488 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/05 16:47:46.0874 3488 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/05 16:47:46.0905 3488 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/05 16:47:46.0936 3488 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/05 16:47:46.0983 3488 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/05 16:47:46.0999 3488 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/09/05 16:47:47.0061 3488 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/05 16:47:47.0077 3488 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/09/05 16:47:47.0108 3488 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/05 16:47:47.0124 3488 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/05 16:47:47.0170 3488 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/05 16:47:47.0202 3488 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/05 16:47:47.0233 3488 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/09/05 16:47:47.0264 3488 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/05 16:47:47.0295 3488 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
2011/09/05 16:47:47.0326 3488 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/09/05 16:47:47.0358 3488 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
2011/09/05 16:47:47.0389 3488 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/09/05 16:47:47.0420 3488 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/05 16:47:47.0451 3488 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/05 16:47:47.0467 3488 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/05 16:47:47.0498 3488 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/05 16:47:47.0514 3488 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/05 16:47:47.0545 3488 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/09/05 16:47:47.0592 3488 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/09/05 16:47:47.0623 3488 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/05 16:47:47.0654 3488 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/05 16:47:47.0685 3488 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/09/05 16:47:47.0748 3488 VIAHdAudAddService (a6cf4aaaa85ec6f655c9922593e407ab) C:\Windows\system32\drivers\viahduaa.sys
2011/09/05 16:47:47.0794 3488 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/09/05 16:47:47.0826 3488 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/09/05 16:47:47.0857 3488 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/09/05 16:47:47.0888 3488 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/09/05 16:47:47.0935 3488 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/05 16:47:47.0966 3488 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/09/05 16:47:48.0028 3488 VX3000 (e13b31e0ada64cf1513d993f436ca39d) C:\Windows\system32\DRIVERS\VX3000.sys
2011/09/05 16:47:48.0106 3488 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/05 16:47:48.0122 3488 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 16:47:48.0138 3488 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 16:47:48.0184 3488 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/05 16:47:48.0216 3488 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/05 16:47:48.0262 3488 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/05 16:47:48.0309 3488 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/09/05 16:47:48.0325 3488 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/05 16:47:48.0387 3488 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/05 16:47:48.0418 3488 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/05 16:47:48.0450 3488 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/05 16:47:48.0496 3488 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/09/05 16:47:48.0528 3488 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/05 16:47:48.0621 3488 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/09/05 16:47:48.0637 3488 Boot (0x1200) (6acab21db5bc6b3c0a5af312cdc4616f) \Device\Harddisk0\DR0\Partition0
2011/09/05 16:47:48.0652 3488 Boot (0x1200) (7d90a231eec9b4f59f4d2e08a061ef1c) \Device\Harddisk0\DR0\Partition1
2011/09/05 16:47:48.0668 3488 ================================================================================
2011/09/05 16:47:48.0668 3488 Scan finished
2011/09/05 16:47:48.0668 3488 ================================================================================
2011/09/05 16:47:48.0668 3508 Detected object count: 0
2011/09/05 16:47:48.0668 3508 Actual detected object count: 0

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:24 PM

Posted 05 September 2011 - 02:53 PM

Well done. The log shows what we wanted to see. The active components are gone. :thumbup2:

One remaining part is the winsock entries the malware hijacks. We need to fix them if needed:

Please download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List Winsock Entries
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

#14 Cyjon

Cyjon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 05 September 2011 - 02:56 PM

MiniToolBox by Farbar
Ran by Manolis (administrator) on 05-09-2011 at 16:57:50
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:61596

========================= FF Proxy Settings: ==============================

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 02 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 03 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 05 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 06 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 07 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 08 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 09 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 10 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [193024] (Apple Inc.)
x64-Catalog5 06 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 02 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 03 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 04 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 05 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 06 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 07 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 08 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 09 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 10 mswsock.dll [File Not found] (Microsoft Corporation)

**** End of log ****

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:24 PM

Posted 05 September 2011 - 03:05 PM

Yes the infection has hijacked a lot of entries.

  • Run command Prompt as Administrator. To do that:
    Go to Start and type cmd.exe in the Search box.
    It gives you cmd.exe in the upper part. Right-click cmd.exe and select "Run As Administrator".
    Copy the following command, right-click in the open Command prompt window and select Paste then press Enter:

    netsh winsock reset catalog

    Please let me know if any error occurred.
  • Please run MiniToolBox.

    Checkmark following checkboxes:
  • Reset IE Proxy Settings
  • List Winsock Entries
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users