Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help removing smitfraudc and other viruses


  • Please log in to reply
15 replies to this topic

#1 bill0001

bill0001

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 21 September 2011 - 12:04 PM

Hi

I need some help removing some trojans and smitfraudc virus. I am also receiving a message stating "winrscmde is not working and was closed A problem caused the program to stop working correctly"
any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:19 AM

Posted 21 September 2011 - 12:46 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 bill0001

bill0001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 21 September 2011 - 01:47 PM

Attached File  dds zip files.zip   6.64KB   1 downloads

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 26 September 2011 - 12:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419878 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 bill0001

bill0001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 26 September 2011 - 12:38 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_20
Run by Captain Nye at 13:29:59 on 2011-09-26
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4094.2647 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wermgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
-netsvcs
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5231E61A-61B1-4BDD-B491-40AA20CA1D2C} : DhcpNameServer = 192.168.1.1
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Captain Nye\AppData\Roaming\Mozilla\Firefox\Profiles\oou3wo64.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-25 1153368]
R3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-10 89920]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S4 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-18 42184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-09-20 22:11:19 -------- d-----w- C:\$RECYCLE.BIN
2011-09-20 19:34:08 98816 ----a-w- C:\Windows\sed.exe
2011-09-20 19:34:08 518144 ----a-w- C:\Windows\SWREG.exe
2011-09-20 19:34:08 256000 ----a-w- C:\Windows\PEV.exe
2011-09-20 19:34:08 208896 ----a-w- C:\Windows\MBR.exe
2011-09-20 15:23:38 -------- d---a-w- C:\TRK-INFECTED
2011-09-19 23:20:47 -------- d-----w- C:\Windows\Content.IE5
2011-09-19 23:20:40 -------- d-----w- C:\Users\Captain Nye\AppData\Local\Temp
2011-09-18 14:17:50 -------- d-----w- C:\Users\Captain Nye\AppData\Roaming\Malwarebytes
2011-09-18 14:17:46 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-18 14:17:42 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-18 14:17:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-18 14:15:10 388096 ----a-r- C:\Users\Captain Nye\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-18 14:15:10 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-16 17:53:25 691 ----a-w- C:\Users\Captain Nye\AppData\Roaming\GetValue.vbs
2011-09-16 17:53:25 35 ----a-w- C:\Users\Captain Nye\AppData\Roaming\SetValue.bat
2011-09-16 17:13:45 22016 ----a-w- C:\Windows\svchost.exe
2011-08-28 04:55:13 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-07-23 11:31:32 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-07-23 11:24:17 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-07-23 11:23:51 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-07-23 11:23:30 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-07-23 11:23:29 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-07-23 11:04:29 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-07-23 10:31:39 479232 ----a-w- C:\Windows\System32\html.iec
2011-07-23 10:03:47 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-07-23 09:50:14 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-07-23 09:48:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-23 09:27:04 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-11 13:45:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-11 13:25:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-06 15:49:23 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 13:30:48.82 ===============


Attached File  Attach.zip   3.36KB   3 downloads

I need help removing smitfraudc, and I am also receiving a message stating "winrscmde is not working and was closed A problem caused the program to stop working correctly". windows also shuts down every 3 or 4 days on its own. I did not create a gmer log per the instructions. I have Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4094.2647 a 64 bit version. I have run the following in safe mode: malwarebytes, cc cleaner, avast, trinity rescue disk, spybot sd, combofix, smitfraudfix, and smitfraudrem.

Edited by bill0001, 26 September 2011 - 01:03 PM.


#6 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 26 September 2011 - 04:50 PM

Welcome to Bleeping Computer bill0001,

At the time you ran it I am not sure ComboFix was set for 64 bit systems like yours, though changes have been made since then. If you would please, I would like to check a different diagnostic scan's results, and also would like you to go ahead and do the Gmer scan, and post those results.

The system is Vista, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-----------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Just post the OTL.txt log, along with the Gmer results please.


Also download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Decline a download of avast itself if offered
  • If avast! antivirus is already installed, go to the dropdown next to AV engine: and select (none)
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Ad eundum quo no duck ante iit

#7 bill0001

bill0001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 26 September 2011 - 06:16 PM

OTL logfile created on: 9/26/2011 18:19:06 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Captain Nye\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 61.71% Memory free
8.18 Gb Paging File | 6.61 Gb Available in Paging File | 80.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 401.95 Gb Free Space | 67.42% Space Free | Partition Type: NTFS

Computer Name: CAPTAINNYES-PC | User Name: Captain Nye | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/26 18:17:04 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Captain Nye\Desktop\OTL.exe
PRC - [2011/09/08 09:08:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/13 09:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/08 09:08:43 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/28 00:55:13 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/01/20 22:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 22:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/05 00:05:08 | 000,189,072 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/27 18:16:39 | 000,075,064 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/18 13:18:01 | 000,287,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/04/18 13:17:59 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/04/18 13:16:23 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/04/18 13:13:24 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/04/18 13:13:13 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/04/18 13:13:01 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/11 19:34:34 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/04/30 19:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/04/30 18:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009/04/30 18:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/07/26 11:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2193573984-2702153632-484914011-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2193573984-2702153632-484914011-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 43 6A FD 3F 65 CC 01 [binary data]
IE - HKU\S-1-5-21-2193573984-2702153632-484914011-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2193573984-2702153632-484914011-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2193573984-2702153632-484914011-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: zigboom.designs@gmail.com:1.3.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 09:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/06 09:57:15 | 000,000,000 | ---D | M]

[2009/02/19 22:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Captain Nye\AppData\Roaming\Mozilla\Extensions
[2011/09/26 17:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Captain Nye\AppData\Roaming\Mozilla\Firefox\Profiles\oou3wo64.default\extensions
[2010/11/17 13:13:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Captain Nye\AppData\Roaming\Mozilla\Firefox\Profiles\oou3wo64.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/26 17:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Captain Nye\AppData\Roaming\Mozilla\Firefox\Profiles\oou3wo64.default\extensions\staged
[2011/05/06 10:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/27 09:56:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\CAPTAIN NYE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OOU3WO64.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011/09/08 09:08:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========


O1 HOSTS File: ([2011/09/20 18:11:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2193573984-2702153632-484914011-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2193573984-2702153632-484914011-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5231E61A-61B1-4BDD-B491-40AA20CA1D2C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/26 18:17:34 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Captain Nye\Desktop\aswMBR.exe
[2011/09/26 18:17:12 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Captain Nye\Desktop\OTL.exe
[2011/09/21 13:53:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Captain Nye\Desktop\dds.scr
[2011/09/20 18:11:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/09/20 15:34:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/20 15:34:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/20 15:34:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/20 15:34:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/20 15:33:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/20 11:23:38 | 000,000,000 | ---D | C] -- C:\TRK-INFECTED
[2011/09/19 19:20:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/19 19:20:47 | 000,000,000 | ---D | C] -- C:\Windows\Content.IE5
[2011/09/19 19:20:40 | 000,000,000 | ---D | C] -- C:\Users\Captain Nye\AppData\Local\Temp
[2011/09/18 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\Captain Nye\AppData\Roaming\Malwarebytes
[2011/09/18 10:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/18 10:17:42 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/18 10:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/18 10:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/18 10:15:10 | 000,000,000 | ---D | C] -- C:\Users\Captain Nye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/16 13:13:45 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2011/09/10 14:18:07 | 000,000,000 | ---D | C] -- C:\Users\Captain Nye\Desktop\for susie
[2011/09/03 10:42:28 | 000,000,000 | ---D | C] -- C:\Users\Captain Nye\Desktop\photo album pics
[2011/08/28 00:55:13 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

[2011/09/26 18:17:45 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Captain Nye\Desktop\aswMBR.exe
[2011/09/26 18:17:04 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Captain Nye\Desktop\OTL.exe
[2011/09/26 17:51:56 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 17:51:56 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 13:56:42 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/26 13:56:42 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/26 13:56:42 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/26 13:54:17 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/09/26 13:52:11 | 000,053,605 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/26 13:52:11 | 000,053,605 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/26 13:51:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/26 13:34:35 | 000,003,444 | ---- | M] () -- C:\Users\Captain Nye\Desktop\Attach.zip
[2011/09/22 18:14:25 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/21 14:01:04 | 000,006,798 | ---- | M] () -- C:\Users\Captain Nye\Desktop\dds zip files.zip
[2011/09/21 13:55:35 | 000,294,216 | ---- | M] () -- C:\Users\Captain Nye\Desktop\gmer.zip
[2011/09/21 13:54:32 | 000,000,000 | ---- | M] () -- C:\Users\Captain Nye\defogger_reenable
[2011/09/21 13:53:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Captain Nye\Desktop\dds.scr
[2011/09/21 13:52:10 | 000,050,477 | ---- | M] () -- C:\Users\Captain Nye\Desktop\Defogger.exe
[2011/09/21 12:37:01 | 000,002,571 | ---- | M] () -- C:\Users\Captain Nye\Desktop\HiJackThis.lnk
[2011/09/20 18:11:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/19 19:42:24 | 000,000,133 | ---- | M] () -- C:\Windows\wininit.ini
[2011/09/19 19:22:48 | 000,000,691 | ---- | M] () -- C:\Users\Captain Nye\AppData\Roaming\GetValue.vbs
[2011/09/19 19:22:48 | 000,000,035 | ---- | M] () -- C:\Users\Captain Nye\AppData\Roaming\SetValue.bat
[2011/09/19 19:04:09 | 000,000,732 | ---- | M] () -- C:\Users\Captain Nye\AppData\Local\d3d9caps64.dat
[2011/09/18 13:43:44 | 000,437,605 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2011/09/17 21:20:29 | 000,375,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/04 20:50:40 | 000,002,651 | ---- | M] () -- C:\Users\Captain Nye\Desktop\Microsoft Office Word 2007.lnk
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/28 00:55:13 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/09/26 13:34:35 | 000,003,444 | ---- | C] () -- C:\Users\Captain Nye\Desktop\Attach.zip
[2011/09/21 14:01:04 | 000,006,798 | ---- | C] () -- C:\Users\Captain Nye\Desktop\dds zip files.zip
[2011/09/21 13:55:37 | 000,294,216 | ---- | C] () -- C:\Users\Captain Nye\Desktop\gmer.zip
[2011/09/21 13:54:32 | 000,000,000 | ---- | C] () -- C:\Users\Captain Nye\defogger_reenable
[2011/09/21 13:52:16 | 000,050,477 | ---- | C] () -- C:\Users\Captain Nye\Desktop\Defogger.exe
[2011/09/20 15:34:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/20 15:34:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/20 15:34:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/20 15:34:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/20 15:34:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/18 10:32:35 | 000,000,732 | ---- | C] () -- C:\Users\Captain Nye\AppData\Local\d3d9caps64.dat
[2011/09/18 10:15:10 | 000,002,571 | ---- | C] () -- C:\Users\Captain Nye\Desktop\HiJackThis.lnk
[2011/09/16 13:53:25 | 000,000,691 | ---- | C] () -- C:\Users\Captain Nye\AppData\Roaming\GetValue.vbs
[2011/09/16 13:53:25 | 000,000,035 | ---- | C] () -- C:\Users\Captain Nye\AppData\Roaming\SetValue.bat
[2011/09/16 13:40:58 | 000,000,133 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/20 09:33:49 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2011/01/31 21:06:39 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2011/01/31 21:06:39 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2010/07/13 20:50:25 | 000,053,605 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/13 10:18:53 | 000,053,605 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/12 15:45:54 | 000,018,944 | ---- | C] () -- C:\Users\Captain Nye\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/27 18:25:12 | 000,000,680 | ---- | C] () -- C:\Users\Captain Nye\AppData\Local\d3d9caps.dat
[2010/05/15 01:30:03 | 000,000,760 | ---- | C] () -- C:\Users\Captain Nye\AppData\Roaming\setup_ldm.iss
[2010/04/07 22:26:48 | 000,000,256 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2009/10/24 23:59:53 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/09/10 18:56:35 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/10 18:56:05 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/10 18:55:36 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/18 11:56:59 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/05/28 12:41:40 | 004,472,538 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2009/05/25 12:38:22 | 000,830,004 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2009/05/18 04:24:22 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009/05/17 19:37:12 | 000,557,469 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2009/04/21 12:38:32 | 000,328,334 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009/04/21 12:08:22 | 000,425,040 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2009/04/21 11:54:54 | 000,146,098 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009/04/21 11:52:08 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/02 10:23:32 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2009/04/02 10:21:50 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/03/02 12:19:36 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2009/03/02 12:19:30 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2009/03/02 12:19:14 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2009/03/02 12:18:46 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2009/03/02 12:18:32 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2009/03/02 12:18:28 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2009/03/02 12:18:18 | 000,486,400 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2009/03/01 21:06:22 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/02/19 23:54:31 | 000,189,072 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/02/19 23:54:30 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/02/19 23:54:29 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/02/19 23:00:10 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009/01/10 18:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009/01/10 18:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009/01/10 18:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 22:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2006/11/02 11:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-26 18:29:02
-----------------------------
18:29:02.238 OS Version: Windows x64 6.0.6002 Service Pack 2
18:29:02.238 Number of processors: 4 586 0xF0B
18:29:02.238 ComputerName: CAPTAINNYES-PC UserName: Captain Nye
18:29:04.231 Initialize success
18:29:04.882 AVAST engine defs: 11091800
18:29:57.311 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
18:29:57.313 Disk 0 Vendor: ST364032 SD35 Size: 610480MB BusType: 6
18:29:57.315 Device \Driver\nvstor64 -> MajorFunction fffffa8006df75c0
18:29:59.317 Disk 0 MBR read successfully
18:29:59.320 Disk 0 MBR scan
18:29:59.751 Disk 0 Windows VISTA default MBR code
18:29:59.755 Service scanning
18:30:01.002 Modules scanning
18:30:01.005 Disk 0 trace - called modules:
18:30:01.009 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8006df75c0]<<
18:30:01.012 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fce790]
18:30:01.016 3 CLASSPNP.SYS[fffffa600124bc33] -> nt!IofCallDriver -> [0xfffffa8005226890]
18:30:01.020 5 acpi.sys[fffffa60008fbfde] -> nt!IofCallDriver -> \Device\00000055[0xfffffa8005226060]
18:30:01.024 \Driver\nvstor64[0xfffffa8006782800] -> IRP_MJ_CREATE -> 0xfffffa8006df75c0
18:30:01.031 Scan finished successfully
18:30:17.738 Disk 0 MBR has been saved successfully to "C:\Users\Captain Nye\Desktop\MBR.dat"
18:30:17.743 The log file has been saved successfully to "C:\Users\Captain Nye\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-26 19:13:32
-----------------------------
19:13:32.604 OS Version: Windows x64 6.0.6002 Service Pack 2
19:13:32.604 Number of processors: 4 586 0xF0B
19:13:32.605 ComputerName: CAPTAINNYES-PC UserName: Captain Nye
19:13:33.686 Initialize success
19:13:33.728 AVAST engine defs: 11091800
19:13:41.666 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
19:13:41.668 Disk 0 Vendor: ST364032 SD35 Size: 610480MB BusType: 6
19:13:41.671 Device \Driver\nvstor64 -> MajorFunction fffffa8006df75c0
19:13:43.674 Disk 0 MBR read successfully
19:13:43.677 Disk 0 MBR scan
19:13:43.681 Disk 0 Windows VISTA default MBR code
19:13:43.684 Service scanning
19:13:44.921 Modules scanning
19:13:44.925 Disk 0 trace - called modules:
19:13:44.929 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8006df75c0]<<
19:13:44.933 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fce790]
19:13:44.937 3 CLASSPNP.SYS[fffffa600124bc33] -> nt!IofCallDriver -> [0xfffffa8005226890]
19:13:44.942 5 acpi.sys[fffffa60008fbfde] -> nt!IofCallDriver -> \Device\00000055[0xfffffa8005226060]
19:13:44.947 \Driver\nvstor64[0xfffffa8006782800] -> IRP_MJ_CREATE -> 0xfffffa8006df75c0
19:13:44.954 Scan finished successfully
19:13:56.974 Disk 0 MBR has been saved successfully to "C:\Users\Captain Nye\Desktop\MBR.dat"
19:13:56.978 The log file has been saved successfully to "C:\Users\Captain Nye\Desktop\aswMBR.txt"


The gmer scan said there were no modifications found and gave me a blank log

#8 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 26 September 2011 - 07:06 PM

Let's make some changes, then scan-check.

Navigate to the following files, and if you yourself do not recognize them, right click/Rename them by adding .bad to the name:

C:\Users\Captain Nye\AppData\Roaming\GetValue.vbs
C:\Users\Captain Nye\AppData\Roaming\SetValue.bat
C:\Windows\svchost.exe

For example on that last one, svchost.exe.bad

-------------

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please.

-----------

Also delete any existing copies of ComboFix, and download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.


After those have completed, run a new aswMBR scan again, and post that, the TDSSKiller log and the ComboFix.txt log please.
Ad eundum quo no duck ante iit

#9 bill0001

bill0001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 27 September 2011 - 10:15 AM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-27 11:09:08
-----------------------------
11:09:08.579 OS Version: Windows x64 6.0.6002 Service Pack 2
11:09:08.579 Number of processors: 4 586 0xF0B
11:09:08.579 ComputerName: CAPTAINNYES-PC UserName: Captain Nye
11:09:09.839 Initialize success
11:09:10.414 AVAST engine defs: 11091800
11:09:16.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
11:09:16.252 Disk 0 Vendor: ST364032 SD35 Size: 610480MB BusType: 6
11:09:18.277 Disk 0 MBR read successfully
11:09:18.281 Disk 0 MBR scan
11:09:18.284 Disk 0 Windows VISTA default MBR code
11:09:18.286 Service scanning
11:09:19.456 Modules scanning
11:09:19.460 Disk 0 trace - called modules:
11:09:19.502 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
11:09:19.505 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80054ba2f0]
11:09:19.509 3 CLASSPNP.SYS[fffffa600123fc33] -> nt!IofCallDriver -> [0xfffffa80052b4460]
11:09:19.513 5 acpi.sys[fffffa60008f5fde] -> nt!IofCallDriver -> \Device\00000055[0xfffffa80052b4680]
11:09:19.517 Scan finished successfully
11:09:45.467 Disk 0 MBR has been saved successfully to "C:\Users\Captain Nye\Desktop\MBR.dat"
11:09:45.472 The log file has been saved successfully to "C:\Users\Captain Nye\Desktop\aswMBR.txt"
11:11:53.181 Disk 0 MBR has been saved successfully to "C:\Users\Captain Nye\Desktop\MBR.dat"
11:11:53.187 The log file has been saved successfully to "C:\Users\Captain Nye\Desktop\aswMBR.txt"



10:43:39.0510 0840 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
10:43:39.0825 0840 ============================================================
10:43:39.0825 0840 Current date / time: 2011/09/27 10:43:39.0825
10:43:39.0825 0840 SystemInfo:
10:43:39.0825 0840
10:43:39.0825 0840 OS Version: 6.0.6002 ServicePack: 2.0
10:43:39.0825 0840 Product type: Workstation
10:43:39.0825 0840 ComputerName: CAPTAINNYES-PC
10:43:39.0826 0840 UserName: Captain Nye
10:43:39.0826 0840 Windows directory: C:\Windows
10:43:39.0826 0840 System windows directory: C:\Windows
10:43:39.0826 0840 Running under WOW64
10:43:39.0826 0840 Processor architecture: Intel x64
10:43:39.0826 0840 Number of processors: 4
10:43:39.0826 0840 Page size: 0x1000
10:43:39.0826 0840 Boot type: Normal boot
10:43:39.0826 0840 ============================================================
10:43:40.0264 0840 Initialize success
10:43:44.0206 3256 ============================================================
10:43:44.0206 3256 Scan started
10:43:44.0206 3256 Mode: Manual;
10:43:44.0206 3256 ============================================================
10:43:44.0681 3256 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
10:43:44.0686 3256 ACPI - ok
10:43:44.0837 3256 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:43:44.0840 3256 adp94xx - ok
10:43:44.0889 3256 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:43:44.0892 3256 adpahci - ok
10:43:44.0934 3256 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:43:44.0935 3256 adpu160m - ok
10:43:44.0980 3256 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:43:44.0982 3256 adpu320 - ok
10:43:45.0047 3256 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
10:43:45.0054 3256 AFD - ok
10:43:45.0083 3256 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:43:45.0083 3256 agp440 - ok
10:43:45.0109 3256 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:43:45.0110 3256 aic78xx - ok
10:43:45.0134 3256 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
10:43:45.0135 3256 aliide - ok
10:43:45.0153 3256 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
10:43:45.0154 3256 amdide - ok
10:43:45.0172 3256 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:43:45.0173 3256 AmdK8 - ok
10:43:45.0199 3256 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:43:45.0200 3256 arc - ok
10:43:45.0219 3256 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:43:45.0220 3256 arcsas - ok
10:43:45.0250 3256 aswFsBlk (499af6f57cf093642d647cafc006deaa) C:\Windows\system32\drivers\aswFsBlk.sys
10:43:45.0250 3256 aswFsBlk - ok
10:43:45.0276 3256 aswMonFlt (54edf58577868baf01d25d8359f9e84f) C:\Windows\system32\drivers\aswMonFlt.sys
10:43:45.0277 3256 aswMonFlt - ok
10:43:45.0297 3256 aswRdr (e69cdc2d04a0a4b338a933c44bdb0fd4) C:\Windows\system32\drivers\aswRdr.sys
10:43:45.0298 3256 aswRdr - ok
10:43:45.0348 3256 aswSnx (22f7ed60f9fa6272af7f35813ca548d6) C:\Windows\system32\drivers\aswSnx.sys
10:43:45.0351 3256 aswSnx - ok
10:43:45.0372 3256 aswSP (be84efcd3cdd11ddcc79f3ecab47e827) C:\Windows\system32\drivers\aswSP.sys
10:43:45.0374 3256 aswSP - ok
10:43:45.0387 3256 aswTdi (0bf5483e5fb88d85638708e7d56300d8) C:\Windows\system32\drivers\aswTdi.sys
10:43:45.0387 3256 aswTdi - ok
10:43:45.0409 3256 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:43:45.0410 3256 AsyncMac - ok
10:43:45.0420 3256 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
10:43:45.0421 3256 atapi - ok
10:43:45.0450 3256 Beep - ok
10:43:45.0476 3256 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:43:45.0477 3256 blbdrive - ok
10:43:45.0507 3256 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
10:43:45.0509 3256 bowser - ok
10:43:45.0528 3256 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:43:45.0529 3256 BrFiltLo - ok
10:43:45.0549 3256 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:43:45.0549 3256 BrFiltUp - ok
10:43:45.0584 3256 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:43:45.0585 3256 Brserid - ok
10:43:45.0623 3256 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:43:45.0625 3256 BrSerWdm - ok
10:43:45.0653 3256 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:43:45.0654 3256 BrUsbMdm - ok
10:43:45.0665 3256 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:43:45.0667 3256 BrUsbSer - ok
10:43:45.0704 3256 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:43:45.0706 3256 BTHMODEM - ok
10:43:45.0770 3256 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
10:43:45.0771 3256 BVRPMPR5a64 - ok
10:43:45.0785 3256 catchme - ok
10:43:45.0804 3256 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:43:45.0806 3256 cdfs - ok
10:43:45.0833 3256 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
10:43:45.0835 3256 cdrom - ok
10:43:45.0868 3256 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
10:43:45.0869 3256 circlass - ok
10:43:45.0894 3256 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
10:43:45.0899 3256 CLFS - ok
10:43:45.0928 3256 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
10:43:45.0929 3256 cmdide - ok
10:43:45.0948 3256 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
10:43:45.0949 3256 Compbatt - ok
10:43:45.0961 3256 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:43:45.0962 3256 crcdisk - ok
10:43:45.0998 3256 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
10:43:46.0005 3256 CSC - ok
10:43:46.0036 3256 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
10:43:46.0037 3256 DfsC - ok
10:43:46.0070 3256 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
10:43:46.0071 3256 disk - ok
10:43:46.0113 3256 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
10:43:46.0113 3256 drmkaud - ok
10:43:46.0155 3256 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
10:43:46.0173 3256 DXGKrnl - ok
10:43:46.0202 3256 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:43:46.0205 3256 E1G60 - ok
10:43:46.0237 3256 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
10:43:46.0240 3256 Ecache - ok
10:43:46.0277 3256 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:43:46.0283 3256 elxstor - ok
10:43:46.0297 3256 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
10:43:46.0298 3256 ErrDev - ok
10:43:46.0332 3256 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
10:43:46.0335 3256 exfat - ok
10:43:46.0368 3256 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
10:43:46.0373 3256 fastfat - ok
10:43:46.0386 3256 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:43:46.0387 3256 fdc - ok
10:43:46.0413 3256 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:43:46.0415 3256 FileInfo - ok
10:43:46.0442 3256 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:43:46.0445 3256 Filetrace - ok
10:43:46.0467 3256 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:43:46.0469 3256 flpydisk - ok
10:43:46.0502 3256 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
10:43:46.0507 3256 FltMgr - ok
10:43:46.0535 3256 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
10:43:46.0536 3256 Fs_Rec - ok
10:43:46.0567 3256 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
10:43:46.0600 3256 fvevol - ok
10:43:46.0626 3256 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:43:46.0628 3256 gagp30kx - ok
10:43:46.0691 3256 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
10:43:46.0697 3256 HdAudAddService - ok
10:43:46.0725 3256 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:43:46.0748 3256 HDAudBus - ok
10:43:46.0771 3256 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:43:46.0771 3256 HidBth - ok
10:43:46.0797 3256 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
10:43:46.0831 3256 HidIr - ok
10:43:46.0850 3256 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
10:43:46.0850 3256 HidUsb - ok
10:43:46.0880 3256 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:43:46.0882 3256 HpCISSs - ok
10:43:46.0917 3256 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
10:43:46.0949 3256 HTTP - ok
10:43:46.0979 3256 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:43:46.0981 3256 i2omp - ok
10:43:46.0999 3256 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:43:47.0010 3256 i8042prt - ok
10:43:47.0037 3256 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:43:47.0042 3256 iaStorV - ok
10:43:47.0087 3256 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:43:47.0088 3256 iirsp - ok
10:43:47.0119 3256 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
10:43:47.0120 3256 intelide - ok
10:43:47.0143 3256 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:43:47.0144 3256 intelppm - ok
10:43:47.0207 3256 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:43:47.0209 3256 IpFilterDriver - ok
10:43:47.0241 3256 IpInIp - ok
10:43:47.0266 3256 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:43:47.0268 3256 IPMIDRV - ok
10:43:47.0291 3256 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:43:47.0294 3256 IPNAT - ok
10:43:47.0318 3256 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:43:47.0318 3256 IRENUM - ok
10:43:47.0337 3256 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:43:47.0339 3256 isapnp - ok
10:43:47.0365 3256 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
10:43:47.0367 3256 iScsiPrt - ok
10:43:47.0395 3256 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:43:47.0398 3256 iteatapi - ok
10:43:47.0424 3256 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:43:47.0425 3256 iteraid - ok
10:43:47.0436 3256 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:43:47.0436 3256 kbdclass - ok
10:43:47.0458 3256 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\drivers\kbdhid.sys
10:43:47.0458 3256 kbdhid - ok
10:43:47.0608 3256 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
10:43:47.0633 3256 KSecDD - ok
10:43:47.0644 3256 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:43:47.0645 3256 ksthunk - ok
10:43:47.0666 3256 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:43:47.0668 3256 lltdio - ok
10:43:47.0699 3256 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:43:47.0701 3256 LSI_FC - ok
10:43:47.0720 3256 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:43:47.0723 3256 LSI_SAS - ok
10:43:47.0760 3256 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:43:47.0763 3256 LSI_SCSI - ok
10:43:47.0788 3256 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:43:47.0790 3256 luafv - ok
10:43:47.0805 3256 lvpepf64 (4a503882318bb2f59218d401614e6af6) C:\Windows\system32\DRIVERS\lv302a64.sys
10:43:47.0806 3256 lvpepf64 - ok
10:43:47.0825 3256 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:43:47.0826 3256 LVPr2M64 - ok
10:43:47.0829 3256 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:43:47.0830 3256 LVPr2Mon - ok
10:43:47.0941 3256 LVRS64 (125ae13c293889001b8456cf3eb04a40) C:\Windows\system32\DRIVERS\lvrs64.sys
10:43:47.0943 3256 LVRS64 - ok
10:43:48.0036 3256 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
10:43:48.0037 3256 LVUSBS64 - ok
10:43:48.0063 3256 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:43:48.0064 3256 megasas - ok
10:43:48.0093 3256 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:43:48.0160 3256 MegaSR - ok
10:43:48.0205 3256 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:43:48.0207 3256 Modem - ok
10:43:48.0241 3256 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:43:48.0241 3256 monitor - ok
10:43:48.0256 3256 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:43:48.0257 3256 mouclass - ok
10:43:48.0268 3256 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:43:48.0269 3256 mouhid - ok
10:43:48.0280 3256 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:43:48.0281 3256 MountMgr - ok
10:43:48.0315 3256 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:43:48.0318 3256 mpio - ok
10:43:48.0341 3256 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:43:48.0344 3256 mpsdrv - ok
10:43:48.0367 3256 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:43:48.0368 3256 Mraid35x - ok
10:43:48.0414 3256 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
10:43:48.0418 3256 MRxDAV - ok
10:43:48.0451 3256 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:43:48.0476 3256 mrxsmb - ok
10:43:48.0567 3256 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:43:48.0571 3256 mrxsmb10 - ok
10:43:48.0607 3256 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:43:48.0608 3256 mrxsmb20 - ok
10:43:48.0648 3256 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
10:43:48.0649 3256 msahci - ok
10:43:48.0675 3256 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:43:48.0676 3256 msdsm - ok
10:43:48.0691 3256 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:43:48.0691 3256 Msfs - ok
10:43:48.0706 3256 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:43:48.0706 3256 msisadrv - ok
10:43:48.0738 3256 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:43:48.0738 3256 MSKSSRV - ok
10:43:48.0759 3256 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:43:48.0761 3256 MSPCLOCK - ok
10:43:48.0786 3256 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:43:48.0787 3256 MSPQM - ok
10:43:48.0871 3256 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
10:43:48.0875 3256 MsRPC - ok
10:43:48.0899 3256 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:43:48.0899 3256 mssmbios - ok
10:43:48.0916 3256 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:43:48.0949 3256 MSTEE - ok
10:43:48.0978 3256 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
10:43:48.0984 3256 Mup - ok
10:43:49.0047 3256 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
10:43:49.0105 3256 NativeWifiP - ok
10:43:49.0154 3256 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
10:43:49.0203 3256 NDIS - ok
10:43:49.0219 3256 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:43:49.0220 3256 NdisTapi - ok
10:43:49.0238 3256 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:43:49.0240 3256 Ndisuio - ok
10:43:49.0261 3256 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
10:43:49.0265 3256 NdisWan - ok
10:43:49.0285 3256 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:43:49.0287 3256 NDProxy - ok
10:43:49.0304 3256 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:43:49.0305 3256 NetBIOS - ok
10:43:49.0327 3256 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
10:43:49.0331 3256 netbt - ok
10:43:49.0369 3256 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:43:49.0371 3256 nfrd960 - ok
10:43:49.0396 3256 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
10:43:49.0397 3256 Npfs - ok
10:43:49.0409 3256 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:43:49.0410 3256 nsiproxy - ok
10:43:49.0459 3256 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
10:43:49.0485 3256 Ntfs - ok
10:43:49.0503 3256 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:43:49.0505 3256 Null - ok
10:43:49.0564 3256 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
10:43:49.0572 3256 NVENETFD - ok
10:43:49.0783 3256 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:43:49.0852 3256 nvlddmkm - ok
10:43:49.0880 3256 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:43:49.0881 3256 nvraid - ok
10:43:49.0903 3256 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:43:49.0904 3256 nvstor - ok
10:43:49.0929 3256 nvstor64 (e87e17e9fd94ee9f0dbde4b6ad882f26) C:\Windows\system32\DRIVERS\nvstor64.sys
10:43:49.0931 3256 nvstor64 - ok
10:43:49.0958 3256 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:43:49.0961 3256 nv_agp - ok
10:43:49.0970 3256 NwlnkFlt - ok
10:43:49.0980 3256 NwlnkFwd - ok
10:43:50.0028 3256 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
10:43:50.0030 3256 ohci1394 - ok
10:43:50.0068 3256 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:43:50.0069 3256 Parport - ok
10:43:50.0096 3256 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
10:43:50.0097 3256 partmgr - ok
10:43:50.0128 3256 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
10:43:50.0132 3256 pci - ok
10:43:50.0160 3256 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
10:43:50.0161 3256 pciide - ok
10:43:50.0192 3256 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:43:50.0194 3256 pcmcia - ok
10:43:50.0226 3256 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:43:50.0243 3256 PEAUTH - ok
10:43:50.0309 3256 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS
10:43:50.0323 3256 PID_PEPI - ok
10:43:50.0361 3256 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
10:43:50.0364 3256 PptpMiniport - ok
10:43:50.0383 3256 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
10:43:50.0384 3256 Processor - ok
10:43:50.0421 3256 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
10:43:50.0423 3256 PSched - ok
10:43:50.0459 3256 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:43:50.0484 3256 ql2300 - ok
10:43:50.0506 3256 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:43:50.0508 3256 ql40xx - ok
10:43:50.0534 3256 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:43:50.0536 3256 QWAVEdrv - ok
10:43:50.0546 3256 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:43:50.0548 3256 RasAcd - ok
10:43:50.0565 3256 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:43:50.0568 3256 Rasl2tp - ok
10:43:50.0606 3256 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
10:43:50.0608 3256 RasPppoe - ok
10:43:50.0630 3256 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
10:43:50.0633 3256 RasSstp - ok
10:43:50.0651 3256 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
10:43:50.0656 3256 rdbss - ok
10:43:50.0666 3256 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:43:50.0667 3256 RDPCDD - ok
10:43:50.0695 3256 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
10:43:50.0700 3256 rdpdr - ok
10:43:50.0711 3256 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:43:50.0712 3256 RDPENCDD - ok
10:43:50.0749 3256 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
10:43:50.0754 3256 RDPWD - ok
10:43:50.0789 3256 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:43:50.0792 3256 rspndr - ok
10:43:50.0819 3256 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:43:50.0822 3256 sbp2port - ok
10:43:50.0841 3256 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:43:50.0842 3256 secdrv - ok
10:43:50.0866 3256 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:43:50.0868 3256 Serenum - ok
10:43:50.0896 3256 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:43:50.0899 3256 Serial - ok
10:43:50.0926 3256 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:43:50.0927 3256 sermouse - ok
10:43:50.0955 3256 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
10:43:50.0956 3256 sffdisk - ok
10:43:50.0968 3256 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:43:50.0970 3256 sffp_mmc - ok
10:43:50.0989 3256 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
10:43:50.0991 3256 sffp_sd - ok
10:43:51.0017 3256 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:43:51.0018 3256 sfloppy - ok
10:43:51.0049 3256 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:43:51.0051 3256 SiSRaid2 - ok
10:43:51.0075 3256 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:43:51.0077 3256 SiSRaid4 - ok
10:43:51.0106 3256 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
10:43:51.0108 3256 Smb - ok
10:43:51.0131 3256 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
10:43:51.0132 3256 spldr - ok
10:43:51.0181 3256 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
10:43:51.0188 3256 srv - ok
10:43:51.0216 3256 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
10:43:51.0220 3256 srv2 - ok
10:43:51.0235 3256 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
10:43:51.0238 3256 srvnet - ok
10:43:51.0255 3256 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:43:51.0256 3256 swenum - ok
10:43:51.0285 3256 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:43:51.0287 3256 Symc8xx - ok
10:43:51.0311 3256 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:43:51.0313 3256 Sym_hi - ok
10:43:51.0334 3256 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:43:51.0337 3256 Sym_u3 - ok
10:43:51.0393 3256 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
10:43:51.0418 3256 Tcpip - ok
10:43:51.0454 3256 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
10:43:51.0462 3256 Tcpip6 - ok
10:43:51.0491 3256 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
10:43:51.0493 3256 tcpipreg - ok
10:43:51.0511 3256 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:43:51.0513 3256 TDPIPE - ok
10:43:51.0540 3256 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:43:51.0542 3256 TDTCP - ok
10:43:51.0553 3256 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
10:43:51.0556 3256 tdx - ok
10:43:51.0579 3256 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
10:43:51.0580 3256 TermDD - ok
10:43:51.0616 3256 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:43:51.0618 3256 tssecsrv - ok
10:43:51.0630 3256 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:43:51.0631 3256 tunmp - ok
10:43:51.0680 3256 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
10:43:51.0683 3256 tunnel - ok
10:43:51.0711 3256 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:43:51.0713 3256 uagp35 - ok
10:43:51.0739 3256 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
10:43:51.0745 3256 udfs - ok
10:43:51.0774 3256 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:43:51.0776 3256 uliagpkx - ok
10:43:51.0807 3256 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:43:51.0812 3256 uliahci - ok
10:43:51.0835 3256 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:43:51.0894 3256 UlSata - ok
10:43:51.0920 3256 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:43:51.0924 3256 ulsata2 - ok
10:43:51.0948 3256 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:43:51.0950 3256 umbus - ok
10:43:51.0992 3256 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
10:43:51.0994 3256 usbaudio - ok
10:43:52.0024 3256 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
10:43:52.0026 3256 usbccgp - ok
10:43:52.0055 3256 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:43:52.0058 3256 usbcir - ok
10:43:52.0091 3256 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
10:43:52.0093 3256 usbehci - ok
10:43:52.0121 3256 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
10:43:52.0126 3256 usbhub - ok
10:43:52.0136 3256 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
10:43:52.0137 3256 usbohci - ok
10:43:52.0165 3256 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
10:43:52.0167 3256 usbprint - ok
10:43:52.0192 3256 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:43:52.0195 3256 USBSTOR - ok
10:43:52.0222 3256 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
10:43:52.0224 3256 usbuhci - ok
10:43:52.0248 3256 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:43:52.0249 3256 vga - ok
10:43:52.0260 3256 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:43:52.0262 3256 VgaSave - ok
10:43:52.0282 3256 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
10:43:52.0283 3256 viaide - ok
10:43:52.0307 3256 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
10:43:52.0309 3256 volmgr - ok
10:43:52.0337 3256 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
10:43:52.0339 3256 volmgrx - ok
10:43:52.0365 3256 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
10:43:52.0369 3256 volsnap - ok
10:43:52.0396 3256 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:43:52.0400 3256 vsmraid - ok
10:43:52.0431 3256 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:43:52.0433 3256 WacomPen - ok
10:43:52.0465 3256 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:43:52.0468 3256 Wanarp - ok
10:43:52.0472 3256 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:43:52.0474 3256 Wanarpv6 - ok
10:43:52.0490 3256 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:43:52.0491 3256 Wd - ok
10:43:52.0517 3256 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:43:52.0532 3256 Wdf01000 - ok
10:43:52.0592 3256 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
10:43:52.0594 3256 WmiAcpi - ok
10:43:52.0645 3256 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
10:43:52.0646 3256 WpdUsb - ok
10:43:52.0668 3256 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:43:52.0670 3256 ws2ifsl - ok
10:43:52.0700 3256 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:43:52.0702 3256 WUDFRd - ok
10:43:52.0757 3256 X6va001 - ok
10:43:52.0766 3256 X6va002 - ok
10:43:52.0776 3256 MBR (0x1B8) (48e4fb73037ed2932d5e6bde31e6ee60) \Device\Harddisk0\DR0
10:43:52.0776 3256 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected
10:43:52.0776 3256 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
10:43:52.0787 3256 Boot (0x1200) (b5b837ad1e372d8bee34c4bd06bf8619) \Device\Harddisk0\DR0\Partition0
10:43:52.0789 3256 \Device\Harddisk0\DR0\Partition0 - ok
10:43:52.0789 3256 ============================================================
10:43:52.0789 3256 Scan finished
10:43:52.0789 3256 ============================================================
10:43:52.0796 0968 Detected object count: 1
10:43:52.0796 0968 Actual detected object count: 1
10:44:06.0839 0968 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot
10:44:06.0840 0968 \Device\Harddisk0\DR0 - ok
10:44:06.0841 0968 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure
10:44:12.0328 2404 Deinitialize success




ComboFix 11-09-27.01 - Captain Nye 09/27/2011 10:56:03.3.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4094.2810 [GMT -4:00]
Running from: c:\users\Captain Nye\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-27 15:01 . 2011-09-27 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-20 15:23 . 2011-09-20 15:23 -------- d---a-w- C:\TRK-INFECTED
2011-09-19 23:20 . 2011-09-19 23:20 -------- d-----w- c:\windows\Content.IE5
2011-09-19 23:20 . 2011-09-27 15:03 -------- d-----w- c:\users\Captain Nye\AppData\Local\Temp
2011-09-18 14:17 . 2011-09-18 14:17 -------- d-----w- c:\users\Captain Nye\AppData\Roaming\Malwarebytes
2011-09-18 14:17 . 2011-09-18 14:17 -------- d-----w- c:\programdata\Malwarebytes
2011-09-18 14:17 . 2011-09-22 15:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-18 14:17 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 14:15 . 2011-09-18 14:15 388096 ----a-r- c:\users\Captain Nye\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-18 14:15 . 2011-09-18 14:15 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-16 17:53 . 2011-09-19 23:22 691 ----a-w- c:\users\Captain Nye\AppData\Roaming\GetValue.vbs
2011-09-16 17:53 . 2011-09-19 23:22 35 ----a-w- c:\users\Captain Nye\AppData\Roaming\SetValue.bat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-28 04:55 . 2011-08-28 04:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-23 11:31 . 2011-08-10 03:10 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:24 . 2011-08-10 03:10 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 11:23 . 2011-08-10 03:10 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 11:23 . 2011-08-10 03:10 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 11:23 . 2011-08-10 03:10 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 11:04 . 2011-08-10 03:10 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-23 11:00 . 2011-08-10 03:10 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-07-23 10:59 . 2011-08-10 03:10 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-07-23 10:59 . 2011-08-10 03:10 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-07-23 10:59 . 2011-08-10 03:10 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-07-23 10:31 . 2011-08-10 03:10 479232 ----a-w- c:\windows\system32\html.iec
2011-07-23 10:03 . 2011-08-10 03:10 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-07-23 09:50 . 2011-08-10 03:10 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:48 . 2011-08-10 03:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-23 09:27 . 2011-08-10 03:10 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-07-23 09:25 . 2011-08-10 03:10 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-11 13:45 . 2011-08-24 13:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-11 13:25 . 2011-08-24 13:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-06 15:49 . 2011-08-10 03:10 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-20_19.45.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:19 . 2011-09-19 23:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:19 . 2011-09-26 16:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:19 . 2011-09-26 16:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:19 . 2011-09-19 23:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:19 . 2011-09-19 23:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:19 . 2011-09-26 16:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:09 . 2011-09-27 14:47 47066 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:44 . 2011-09-27 14:47 67392 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-20 02:29 . 2011-09-27 14:47 14568 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2193573984-2702153632-484914011-1000_UserData.bin
- 2009-02-20 02:28 . 2011-09-20 19:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-20 02:28 . 2011-09-27 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-20 02:28 . 2011-09-27 13:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-20 02:28 . 2011-09-20 19:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-20 02:28 . 2011-09-27 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-20 02:28 . 2011-09-20 19:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-03 04:03 . 2011-09-27 15:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-03 04:03 . 2011-09-20 19:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-03 04:03 . 2011-09-27 15:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-03 04:03 . 2011-09-20 19:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-03 04:03 . 2011-09-27 15:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-03 04:03 . 2011-09-20 19:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-03 04:03 . 2011-09-27 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-03 04:03 . 2011-09-20 19:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-03 04:03 . 2011-09-20 19:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-03 04:03 . 2011-09-27 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 12:40 . 2011-09-21 18:55 86016 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2011-07-20 19:19 86016 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2011-07-20 19:19 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2011-09-21 18:55 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2011-09-21 18:55 51200 c:\windows\inf\infpub.dat
- 2006-11-02 12:40 . 2011-07-20 19:19 51200 c:\windows\inf\infpub.dat
+ 2011-09-27 15:03 . 2011-09-27 15:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-20 19:45 . 2011-09-20 19:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-20 19:45 . 2011-09-20 19:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-27 15:03 . 2011-09-27 15:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-20 19:45 . 2009-10-07 05:46 131608 c:\windows\temp\logishrd\LVPrcInj02.dll
+ 2011-09-27 15:03 . 2009-10-07 05:46 131608 c:\windows\temp\logishrd\LVPrcInj02.dll
- 2011-09-20 19:45 . 2009-10-07 05:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2011-09-27 15:03 . 2009-10-07 05:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2006-11-02 12:46 . 2011-09-20 19:34 598350 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-09-27 14:49 598350 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-09-27 14:49 101988 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-09-20 19:34 101988 c:\windows\system32\perfc009.dat
+ 2010-07-13 14:18 . 2011-09-20 21:58 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-07-13 14:18 . 2011-09-20 19:33 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-10-28 08:18 . 2011-09-20 19:43 380492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-28 08:18 . 2011-09-27 15:01 380492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-28 08:18 . 2011-09-27 15:01 1212778 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2193573984-2702153632-484914011-1000-12288.dat
- 2010-10-28 08:18 . 2011-09-20 19:43 1212778 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2193573984-2702153632-484914011-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 X6va001;X6va001;c:\users\CAPTAI~1\AppData\Local\Temp\001197D.tmp [x]
R3 X6va002;X6va002;c:\users\CAPTAI~1\AppData\Local\Temp\00256F8.tmp [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-26 01:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Captain Nye\AppData\Roaming\Mozilla\Firefox\Profiles\oou3wo64.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va001]
"ImagePath"="\??\c:\users\CAPTAI~1\AppData\Local\Temp\001197D.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va002]
"ImagePath"="\??\c:\users\CAPTAI~1\AppData\Local\Temp\00256F8.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2193573984-2702153632-484914011-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ce,fb,0c,f5,94,4e,e1,5e,57,31,eb,4d,30,e1,eb,13,84,38,11,64,4d,56,73,
e5,4d,d2,0a,1a,5e,ea,d4,48,98,d3,bf,a2,6c,36,ac,d8,bd,fd,86,c2,a1,f3,d0,97,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-2193573984-2702153632-484914011-1000\Software\SecuROM\License information*]
"datasecu"=hex:1d,b9,dc,df,8b,12,f7,56,68,7a,c9,c3,08,01,44,6b,56,1d,0e,82,54,
ac,7d,16,44,36,74,82,15,22,35,48,6c,04,e3,71,a7,43,3c,0b,46,6a,d6,96,a8,e8,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
.
**************************************************************************
.
Completion time: 2011-09-27 11:07:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-27 15:07
ComboFix2.txt 2011-09-20 19:50
.
Pre-Run: 431,930,515,456 bytes free
Post-Run: 431,860,080,640 bytes free
.
- - End Of File - - D4C58CEF7522F8B1242C0BA354BBFDE8

#10 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 27 September 2011 - 05:51 PM

Good progress, and TDSSKiller nailed a bootkit. Right to some follow-up scans, even if they have been run there before now.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.
Ad eundum quo no duck ante iit

#11 bill0001

bill0001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 27 September 2011 - 10:23 PM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7811

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

9/27/2011 21:52:14
mbam-log-2011-09-27 (21-52-14).txt

Scan type: Quick scan
Objects scanned: 184552
Time elapsed: 1 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Esets log...
C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20110918-134217-197.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\SysWOW64\Process.exe.vir Win32/PrcView application cleaned by deleting - quarantined
C:\Users\Captain Nye\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4b845820-26ed5b11 a variant of Win32/Kryptik.NVM trojan cleaned by deleting - quarantined

Edited by bill0001, 28 September 2011 - 08:22 AM.


#12 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 28 September 2011 - 04:36 PM

Looks like Eset only located malware items already quarantined, like ComboFix's Qoobox folder. And that Win32/Kryptik Java file, which could have served as the malware downloader there. But no active malware picked up, so looking pretty good at this point. Good work. Before we go on to some final changes and cleaning up there, how is everything running now please?
Ad eundum quo no duck ante iit

#13 bill0001

bill0001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 28 September 2011 - 04:50 PM

The machine is running much faster. I am not getting the winrscmd has stopped working error and am no longer getting redirected every once in a while during surfing sessions and it hasn't shut down of its own accord. I appreciate the work you are putting into helping me remove the malware...so thank you for your help so far! One question I should have asked before we started all of this...cant seem to figure out how to turn off windows defender. Is that an issue?

#14 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 28 September 2011 - 07:23 PM

Here is the link to turn off Defender. It could have become a contender, but instead just seems to get in the way.

Good things are running well there as well. Just a little cleaning up now.

The logs show you have slightly outdated versions of vulnerable programs, so Go to each of these sites and update to the latest version (keep your eyes open - they often slide in "opportunities" for things like Google, or McAfee's scanner):

http://www.adobe.com/downloads/
(For Adobe Reader and Flash Player)

http://java.com/en/download/manual.jsp
(For Java 6 Update 26)

Once you have done that, be sure to go to Programs and Features and uninstall any older, more vulnerable Java versions (the log showed 6 Update 20 there).

-----------

Eset, if you don't plan to use it again, uninstalls through the Control Panel - Programs and Features.

You can also at this time delete the files/folders of the tools we used. To assist with some of that run OTL again. This will help by automatically removing some of the tools we used.

Just click click CleanUp, and select Yes. When it finishes removing some of the tools and files we used there just agree to the reboot.

--------

A good last cleaning measure is to reset your System Restore points, to keep malware from being returned in that manner. Go to Start - Start Search, type sysdm.cpl (then press Enter).

Click the "System Protection" tab, then under "Automatic restore points", uncheck the box next to "Local Disk (C: ) (System)".

Then agree to the warning by clicking the "Turn System Restore Off" button, and click Apply, then OK.

This will turn off System Restore and remove the saved Restore points.


Then again go to Start - Start Search, type sysdm.cpl (then press Enter).

Click the "System Protection" tab, then under "Automatic restore points", recheck the box next to "Local Disk (C: ) (System)".

And again click Apply/OK to close the System Properties display.

In addition, I like to recommend reviewing the information at these locations, to make sure your system stays secure (links borrowed from Gringo):

http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html

http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960
Ad eundum quo no duck ante iit

#15 bill0001

bill0001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 28 September 2011 - 11:06 PM

Thank you for your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users