Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect and searchcompanion.com malware


  • This topic is locked This topic is locked
22 replies to this topic

#1 canfinfan

canfinfan

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 26 September 2011 - 08:40 PM

Hi there, I have been having problems for a while with the google redirect virus as well as most recently having the searchcompanion.com redirect. I would like to do whatever I can to get rid of these and clean my computer overall. I tried to create a DDS log but when I open it, it is encrypted in notebad and unreadable. I'm not sure what script blockers I may have up but I know it recognizes the .scr file as an autoCAD script. Thanks in advance for your help. Running Vista 32bit.

Attached Files

  • Attached File  ark.txt   29.1KB   0 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 01 October 2011 - 08:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420643 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 canfinfan

canfinfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 03 October 2011 - 09:45 AM

Hi there, I have been having problems for a while with the google redirect virus as well as most recently having the searchcompanion.com redirect. I would like to do whatever I can to get rid of these and clean my computer overall. Thanks in advance for your help. Running Vista 32bit and do not have my original Windows CD.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_26
Run by Robbie at 9:49:51 on 2011-10-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3069.1331 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Users\Robbie\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Supertintin for Skype\supertintin_skype.exe
C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robbie\Desktop\gmer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startsear.ch/?aff=1
uDefault_Page_URL = hxxp://www.sonystyle.ca/vaio
mStart Page = hxxp://startsear.ch/?aff=1
mDefault_Page_URL = hxxp://www.sonystyle.ca/vaio
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\robbie\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [supertintin_skype] c:\program files\supertintin for skype\supertintin_skype.exe /start_context sys_auto
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_Plugin.exe -update plugin
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [AML] c:\program files\sony\vaio launcher\AML.exe InitApp
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Unattend0000000001{84B77E3B-70EA-484F-A5CA-6A7DA4263C99}] %PROGRAMFILES%\Sony\First Experience\VAIOWelcome.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\robbie\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{92CFD67E-6F8D-434B-A982-82C1C5F98A3D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{ACC73751-00CE-4A51-80A2-77689F4D516F} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\robbie\appdata\roaming\mozilla\firefox\profiles\yf7c9h9c.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\robbie\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\robbie\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\robbie\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MpKslf11245e4;MpKslf11245e4;c:\programdata\microsoft\microsoft antimalware\definition updates\{e146296f-5c15-40fb-b4c8-24ac419a1d36}\MpKslf11245e4.sys [2011-10-2 28752]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2010-8-30 16384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [2008-6-13 98304]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-6-13 411488]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-7-28 17408]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-6-13 28464]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-6-13 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]
S2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2010-7-28 104960]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2010-7-28 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2010-7-28 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2010-7-28 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-6-13 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-6-13 87328]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-10-02 18:21:28 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e146296f-5c15-40fb-b4c8-24ac419a1d36}\MpKslf11245e4.sys
2011-10-02 18:21:00 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e146296f-5c15-40fb-b4c8-24ac419a1d36}\offreg.dll
2011-10-02 18:20:48 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e146296f-5c15-40fb-b4c8-24ac419a1d36}\mpengine.dll
2011-09-27 00:04:16 -------- d-----w- c:\users\robbie\appdata\local\{C4446E00-8BC6-473F-9E02-5CEB227FA677}
2011-09-27 00:03:57 -------- d-----w- c:\users\robbie\appdata\local\{3A5EB79D-3CB7-4055-A28A-BF061772F8A6}
2011-09-26 23:33:43 -------- d-----w- c:\users\robbie\appdata\local\{1287003C-0E0F-443F-9DC9-94969CB8F97C}
2011-09-26 23:32:40 -------- d-----w- c:\users\robbie\appdata\local\{44A50A6B-1CC6-4493-A8B8-7FB2CD575CB9}
2011-09-26 17:18:42 -------- d-----w- c:\users\robbie\.folder
2011-09-26 16:43:02 -------- d-----w- c:\users\robbie\appdata\roaming\TrueCrypt
2011-09-26 16:39:02 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-09-26 16:38:08 -------- d-----w- c:\program files\TrueCrypt
2011-09-26 01:23:37 -------- d-----w- c:\users\robbie\appdata\local\{1CEA1397-7A71-4E5E-96E3-718662280562}
2011-09-26 01:23:23 -------- d-----w- c:\users\robbie\appdata\local\{E5D97F81-C7EB-457D-BDED-ED9F1A1A123D}
2011-09-26 01:22:39 -------- d-----w- c:\users\robbie\appdata\local\{14ADC23D-9865-4EC2-BD97-812AB51B7C02}
2011-09-18 18:45:57 -------- d-----w- c:\users\robbie\appdata\local\Citadel Commerce
2011-09-18 18:06:38 -------- d-----w- c:\program files\myfantasyleague
2011-09-16 07:41:05 -------- d-----w- c:\users\robbie\appdata\local\{07E1C90D-69F2-4C7B-880A-271D4321284F}
2011-09-16 07:40:42 -------- d-----w- c:\users\robbie\appdata\local\{E6630015-784D-464B-9510-C44341241AE5}
2011-09-15 19:40:28 -------- d-----w- c:\users\robbie\appdata\local\{A45F4C27-54A3-40BE-8274-FCB048F98A4A}
2011-09-15 19:39:55 -------- d-----w- c:\users\robbie\appdata\local\{2324A5A7-089E-4881-AA23-4A5258C10C76}
2011-09-15 07:39:22 -------- d-----w- c:\users\robbie\appdata\local\{88EBCB5B-3B8D-4A75-9B80-696737C9F5FE}
2011-09-15 07:38:41 -------- d-----w- c:\users\robbie\appdata\local\{90875A16-1CCD-485D-815B-7F2F38FB5D47}
2011-09-14 22:33:06 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-09-13 21:45:52 -------- d-----w- c:\users\robbie\appdata\local\{AD35D32E-43CD-454F-8EDE-7A75B350EDF4}
2011-09-13 21:44:45 -------- d-----w- c:\users\robbie\appdata\local\{847C4B17-284D-43FC-BFBD-0D4765A4813D}
2011-09-10 19:21:29 -------- d-----w- c:\users\robbie\appdata\local\{0B54F3E3-2A5C-4E90-AA9E-522ABA72D068}
2011-09-08 17:33:29 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{68d81934-a15b-48ce-bf7b-6e1624b2a22b}\gapaengine.dll
2011-09-05 17:05:08 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-10-03 13:47:14 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2011-09-02 17:26:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 9:50:47.44 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 03 October 2011 - 02:00 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 canfinfan

canfinfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 03 October 2011 - 06:14 PM

Computer is still running the same as originally. Encountered no problems during combofix.



ComboFix 11-10-03.01 - Robbie 03/10/2011 18:50:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3069.1213 [GMT -4:00]
Running from: c:\users\Robbie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFR540E.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-03 23:05 . 2011-10-03 23:06 -------- d-----w- c:\users\Robbie\AppData\Local\temp
2011-10-03 23:05 . 2011-10-03 23:05 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-10-03 23:05 . 2011-10-03 23:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-03 22:45 . 2011-10-03 22:45 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45C24F2C-6EE0-4BFA-B7D8-2FEA981FC0F9}\offreg.dll
2011-10-03 22:45 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45C24F2C-6EE0-4BFA-B7D8-2FEA981FC0F9}\mpengine.dll
2011-09-26 17:18 . 2011-09-26 17:18 -------- d-----w- c:\users\Robbie\.folder
2011-09-26 16:43 . 2011-09-26 16:45 -------- d-----w- c:\users\Robbie\AppData\Roaming\TrueCrypt
2011-09-26 16:39 . 2011-09-26 16:39 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-09-26 16:38 . 2011-09-26 16:39 -------- d-----w- c:\program files\TrueCrypt
2011-09-18 18:45 . 2011-09-18 18:45 -------- d-----w- c:\users\Robbie\AppData\Local\Citadel Commerce
2011-09-18 18:06 . 2011-10-02 23:27 -------- d-----w- c:\program files\myfantasyleague
2011-09-14 22:33 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-08 17:33 . 2011-02-02 18:17 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68D81934-A15B-48CE-BF7B-6E1624B2A22B}\gapaengine.dll
2011-09-05 17:05 . 2011-09-05 17:05 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 22:53 . 2010-09-20 13:56 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2011-09-12 23:14 . 2010-12-08 23:06 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-02 17:26 . 2011-06-16 02:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 02:00 . 2011-08-17 02:00 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-23 11:04 . 2011-08-10 21:32 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00 . 2011-08-10 21:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59 . 2011-08-10 21:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59 . 2011-08-10 21:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:59 . 2011-08-10 21:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:03 . 2011-08-10 21:32 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27 . 2011-08-10 21:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25 . 2011-08-10 21:32 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-13 03:39 . 2011-08-07 07:01 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-11 13:25 . 2011-08-24 08:53 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-06 15:31 . 2011-08-10 21:32 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-26 21:42 . 2011-03-24 19:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-01 399736]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"supertintin_skype"="c:\program files\Supertintin for Skype\supertintin_skype.exe" [2011-01-10 999936]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-29 6111232]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-03-26 1093632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-16 00:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl64f6ddd0;MpKsl64f6ddd0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B215342-CE81-4FC3-9DE9-B46881D78770}\MpKsl64f6ddd0.sys [x]
R1 MpKsld13dbf84;MpKsld13dbf84;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9ADAA837-EA98-43AE-97FB-DE8AF6017E14}\MpKsld13dbf84.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 135664]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-11-10 104960]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 135664]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-03-05 104288]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-03-05 350048]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-03-05 63328]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-03 87328]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-10 691696]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2010-08-31 16384]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 RtkHDMIService;RtkHDMIService;c:\windows\RtkAudioService.exe [2008-04-29 98304]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-05-28 411488]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-01-31 17408]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-12-12 28464]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-12-17 9344]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - kwdiikow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 20:43]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 20:43]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1814612373-2257047322-1317522261-1000Core.job
- c:\users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 20:43]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1814612373-2257047322-1317522261-1000UA.job
- c:\users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 20:43]
.
2011-09-01 c:\windows\Tasks\User_Feed_Synchronization-{3D100517-0EA1-4C22-AC63-56189B901767}.job
- c:\windows\system32\msfeedssync.exe [2011-08-10 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://startsear.ch/?aff=1
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Robbie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\yf7c9h9c.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&q=
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Unattend0000000001{84B77E3B-70EA-484F-A5CA-6A7DA4263C99} - c:\program files\Sony\First Experience\VAIOWelcome.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 19:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-03 19:10:48
ComboFix-quarantined-files.txt 2011-10-03 23:10
.
Pre-Run: 2,534,395,904 bytes free
Post-Run: 4,953,878,528 bytes free
.
- - End Of File - - 70ADEBC2FB0A69252946321FD54634A5

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 03 October 2011 - 08:57 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 canfinfan

canfinfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 03 October 2011 - 09:18 PM

22:13:34.0871 5352 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
22:13:35.0982 5352 ============================================================
22:13:35.0983 5352 Current date / time: 2011/10/03 22:13:35.0982
22:13:35.0983 5352 SystemInfo:
22:13:35.0983 5352
22:13:35.0983 5352 OS Version: 6.0.6002 ServicePack: 2.0
22:13:35.0983 5352 Product type: Workstation
22:13:35.0984 5352 ComputerName: ROBBIE-LAPTOP
22:13:35.0984 5352 UserName: Robbie
22:13:35.0984 5352 Windows directory: C:\Windows
22:13:35.0984 5352 System windows directory: C:\Windows
22:13:35.0984 5352 Processor architecture: Intel x86
22:13:35.0984 5352 Number of processors: 2
22:13:35.0984 5352 Page size: 0x1000
22:13:35.0984 5352 Boot type: Normal boot
22:13:35.0985 5352 ============================================================
22:13:37.0288 5352 Initialize success
22:13:49.0308 1088 ============================================================
22:13:49.0308 1088 Scan started
22:13:49.0308 1088 Mode: Manual;
22:13:49.0308 1088 ============================================================
22:13:51.0495 1088 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:13:51.0530 1088 ACPI - ok
22:13:51.0882 1088 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:13:51.0905 1088 adp94xx - ok
22:13:52.0395 1088 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:13:52.0404 1088 adpahci - ok
22:13:52.0821 1088 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:13:52.0833 1088 adpu160m - ok
22:13:53.0199 1088 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:13:53.0223 1088 adpu320 - ok
22:13:53.0733 1088 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:13:53.0809 1088 AFD - ok
22:13:54.0133 1088 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:13:54.0137 1088 agp440 - ok
22:13:54.0351 1088 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:13:54.0407 1088 aic78xx - ok
22:13:54.0602 1088 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:13:54.0627 1088 aliide - ok
22:13:54.0742 1088 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:13:54.0777 1088 amdagp - ok
22:13:55.0157 1088 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:13:55.0159 1088 amdide - ok
22:13:55.0545 1088 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:13:55.0548 1088 AmdK7 - ok
22:13:56.0141 1088 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:13:56.0144 1088 AmdK8 - ok
22:13:56.0563 1088 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:13:56.0597 1088 ApfiltrService - ok
22:13:56.0988 1088 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:13:57.0011 1088 arc - ok
22:13:57.0184 1088 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:13:57.0188 1088 arcsas - ok
22:13:57.0459 1088 ArcSoftKsUFilter (6b3ab8f67b37402a4174caa45002903e) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
22:13:57.0461 1088 ArcSoftKsUFilter - ok
22:13:57.0759 1088 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:13:57.0791 1088 AsyncMac - ok
22:13:58.0134 1088 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
22:13:58.0136 1088 atapi - ok
22:13:58.0362 1088 athr (24b4375abbc587bdc99e231383c16b8f) C:\Windows\system32\DRIVERS\athr.sys
22:13:58.0416 1088 athr - ok
22:13:59.0074 1088 atikmdag (eb4652a6571ef66c6c778e1007623f1f) C:\Windows\system32\DRIVERS\atikmdag.sys
22:13:59.0206 1088 atikmdag - ok
22:13:59.0453 1088 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:13:59.0455 1088 Beep - ok
22:13:59.0538 1088 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:13:59.0572 1088 blbdrive - ok
22:13:59.0960 1088 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:13:59.0986 1088 bowser - ok
22:14:00.0171 1088 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:14:00.0173 1088 BrFiltLo - ok
22:14:00.0379 1088 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:14:00.0409 1088 BrFiltUp - ok
22:14:00.0712 1088 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:14:00.0716 1088 Brserid - ok
22:14:00.0965 1088 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:14:00.0994 1088 BrSerWdm - ok
22:14:01.0220 1088 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:14:01.0222 1088 BrUsbMdm - ok
22:14:01.0340 1088 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:14:01.0354 1088 BrUsbSer - ok
22:14:01.0449 1088 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
22:14:01.0464 1088 BthEnum - ok
22:14:01.0638 1088 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:14:01.0659 1088 BTHMODEM - ok
22:14:01.0719 1088 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:14:01.0722 1088 BthPan - ok
22:14:01.0838 1088 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
22:14:01.0861 1088 BTHPORT - ok
22:14:02.0179 1088 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
22:14:02.0182 1088 BTHUSB - ok
22:14:02.0489 1088 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
22:14:02.0493 1088 btwaudio - ok
22:14:02.0666 1088 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
22:14:02.0679 1088 btwavdt - ok
22:14:02.0828 1088 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:14:02.0838 1088 btwl2cap - ok
22:14:03.0183 1088 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
22:14:03.0185 1088 btwrchid - ok
22:14:03.0298 1088 catchme - ok
22:14:03.0412 1088 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:14:03.0415 1088 cdfs - ok
22:14:03.0631 1088 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:14:03.0634 1088 cdrom - ok
22:14:03.0898 1088 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:14:03.0904 1088 circlass - ok
22:14:04.0178 1088 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:14:04.0186 1088 CLFS - ok
22:14:04.0646 1088 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:14:04.0647 1088 CmBatt - ok
22:14:05.0100 1088 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:14:05.0189 1088 cmdide - ok
22:14:05.0580 1088 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:14:05.0582 1088 Compbatt - ok
22:14:06.0215 1088 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:14:06.0217 1088 crcdisk - ok
22:14:06.0573 1088 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:14:06.0576 1088 Crusoe - ok
22:14:06.0916 1088 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:14:06.0919 1088 DfsC - ok
22:14:07.0251 1088 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:14:07.0254 1088 disk - ok
22:14:07.0471 1088 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
22:14:07.0472 1088 DMICall - ok
22:14:07.0589 1088 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
22:14:07.0615 1088 Dot4 - ok
22:14:07.0823 1088 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:14:07.0846 1088 Dot4Print - ok
22:14:07.0997 1088 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
22:14:08.0000 1088 dot4usb - ok
22:14:08.0154 1088 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:14:08.0156 1088 drmkaud - ok
22:14:08.0312 1088 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:14:08.0357 1088 DXGKrnl - ok
22:14:08.0426 1088 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:14:08.0430 1088 E1G60 - ok
22:14:08.0721 1088 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:14:08.0726 1088 Ecache - ok
22:14:09.0025 1088 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:14:09.0048 1088 elxstor - ok
22:14:09.0281 1088 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:14:09.0294 1088 ErrDev - ok
22:14:09.0439 1088 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:14:09.0445 1088 exfat - ok
22:14:09.0614 1088 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:14:09.0619 1088 fastfat - ok
22:14:09.0727 1088 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:14:09.0742 1088 fdc - ok
22:14:09.0958 1088 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:14:09.0961 1088 FileInfo - ok
22:14:10.0061 1088 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:14:10.0072 1088 Filetrace - ok
22:14:10.0190 1088 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:14:10.0192 1088 flpydisk - ok
22:14:10.0319 1088 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:14:10.0325 1088 FltMgr - ok
22:14:10.0526 1088 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:14:10.0528 1088 Fs_Rec - ok
22:14:10.0690 1088 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:14:10.0709 1088 gagp30kx - ok
22:14:10.0901 1088 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:14:10.0923 1088 GEARAspiWDM - ok
22:14:11.0116 1088 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:14:11.0124 1088 HdAudAddService - ok
22:14:11.0293 1088 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:14:11.0316 1088 HDAudBus - ok
22:14:11.0517 1088 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:14:11.0520 1088 HidBth - ok
22:14:11.0717 1088 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:14:11.0737 1088 HidIr - ok
22:14:12.0056 1088 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:14:12.0063 1088 HidUsb - ok
22:14:12.0230 1088 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:14:12.0233 1088 HpCISSs - ok
22:14:12.0379 1088 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:14:12.0388 1088 HSFHWAZL - ok
22:14:12.0506 1088 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:14:12.0552 1088 HSF_DPV - ok
22:14:12.0724 1088 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:14:12.0731 1088 HSXHWAZL - ok
22:14:12.0809 1088 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:14:12.0832 1088 HTTP - ok
22:14:12.0946 1088 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:14:12.0948 1088 i2omp - ok
22:14:13.0076 1088 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:14:13.0078 1088 i8042prt - ok
22:14:13.0251 1088 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
22:14:13.0256 1088 iaStor - ok
22:14:13.0402 1088 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:14:13.0518 1088 iaStorV - ok
22:14:13.0616 1088 igfx - ok
22:14:13.0712 1088 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:14:13.0715 1088 iirsp - ok
22:14:13.0880 1088 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys
22:14:13.0956 1088 IntcAzAudAddService - ok
22:14:14.0090 1088 IntcHdmiAddService - ok
22:14:14.0179 1088 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:14:14.0182 1088 intelide - ok
22:14:14.0243 1088 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:14:14.0246 1088 intelppm - ok
22:14:14.0362 1088 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:14:14.0364 1088 IpFilterDriver - ok
22:14:14.0489 1088 IpInIp - ok
22:14:14.0587 1088 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:14:14.0590 1088 IPMIDRV - ok
22:14:14.0702 1088 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:14:14.0731 1088 IPNAT - ok
22:14:14.0819 1088 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:14:14.0822 1088 IRENUM - ok
22:14:14.0942 1088 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:14:14.0946 1088 isapnp - ok
22:14:15.0136 1088 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:14:15.0141 1088 iScsiPrt - ok
22:14:15.0224 1088 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:14:15.0228 1088 iteatapi - ok
22:14:15.0344 1088 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:14:15.0346 1088 iteraid - ok
22:14:15.0430 1088 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:14:15.0439 1088 kbdclass - ok
22:14:15.0505 1088 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
22:14:15.0507 1088 kbdhid - ok
22:14:15.0653 1088 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:14:15.0688 1088 KSecDD - ok
22:14:15.0883 1088 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:14:15.0885 1088 lltdio - ok
22:14:15.0966 1088 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:14:15.0994 1088 LSI_FC - ok
22:14:16.0051 1088 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:14:16.0114 1088 LSI_SAS - ok
22:14:16.0347 1088 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:14:16.0351 1088 LSI_SCSI - ok
22:14:16.0561 1088 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:14:16.0565 1088 luafv - ok
22:14:16.0706 1088 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:14:16.0707 1088 mdmxsdk - ok
22:14:16.0829 1088 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:14:16.0839 1088 megasas - ok
22:14:16.0947 1088 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:14:17.0004 1088 MegaSR - ok
22:14:17.0137 1088 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:14:17.0140 1088 Modem - ok
22:14:17.0247 1088 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:14:17.0249 1088 monitor - ok
22:14:17.0333 1088 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\Windows\system32\DRIVERS\motmodem.sys
22:14:17.0336 1088 motmodem - ok
22:14:17.0514 1088 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:14:17.0517 1088 mouclass - ok
22:14:17.0753 1088 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:14:17.0785 1088 mouhid - ok
22:14:18.0045 1088 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:14:18.0077 1088 MountMgr - ok
22:14:18.0344 1088 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
22:14:18.0349 1088 MpFilter - ok
22:14:18.0431 1088 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:14:18.0435 1088 mpio - ok
22:14:18.0497 1088 MpKsl64f6ddd0 - ok
22:14:18.0524 1088 MpKsld13dbf84 - ok
22:14:18.0924 1088 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
22:14:18.0926 1088 MpNWMon - ok
22:14:19.0051 1088 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:14:19.0054 1088 mpsdrv - ok
22:14:19.0245 1088 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:14:19.0263 1088 Mraid35x - ok
22:14:19.0378 1088 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:14:19.0407 1088 MRxDAV - ok
22:14:19.0504 1088 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:14:19.0508 1088 mrxsmb - ok
22:14:19.0637 1088 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:14:19.0645 1088 mrxsmb10 - ok
22:14:19.0924 1088 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:14:19.0946 1088 mrxsmb20 - ok
22:14:20.0028 1088 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
22:14:20.0031 1088 msahci - ok
22:14:20.0180 1088 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:14:20.0184 1088 msdsm - ok
22:14:20.0531 1088 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:14:20.0533 1088 Msfs - ok
22:14:20.0636 1088 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:14:20.0638 1088 msisadrv - ok
22:14:20.0706 1088 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:14:20.0708 1088 MSKSSRV - ok
22:14:20.0866 1088 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:14:20.0870 1088 MSPCLOCK - ok
22:14:20.0992 1088 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:14:20.0994 1088 MSPQM - ok
22:14:21.0113 1088 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:14:21.0119 1088 MsRPC - ok
22:14:21.0237 1088 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:14:21.0239 1088 mssmbios - ok
22:14:21.0367 1088 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:14:21.0369 1088 MSTEE - ok
22:14:21.0459 1088 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:14:21.0462 1088 Mup - ok
22:14:21.0581 1088 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:14:21.0586 1088 NativeWifiP - ok
22:14:21.0698 1088 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:14:21.0722 1088 NDIS - ok
22:14:21.0835 1088 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:14:21.0837 1088 NdisTapi - ok
22:14:21.0888 1088 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:14:21.0890 1088 Ndisuio - ok
22:14:21.0997 1088 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:14:22.0001 1088 NdisWan - ok
22:14:22.0045 1088 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:14:22.0047 1088 NDProxy - ok
22:14:22.0150 1088 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:14:22.0152 1088 NetBIOS - ok
22:14:22.0292 1088 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:14:22.0298 1088 netbt - ok
22:14:22.0364 1088 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:14:22.0367 1088 nfrd960 - ok
22:14:22.0449 1088 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:14:22.0452 1088 NisDrv - ok
22:14:22.0560 1088 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:14:22.0563 1088 Npfs - ok
22:14:22.0661 1088 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:14:22.0664 1088 nsiproxy - ok
22:14:22.0792 1088 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:14:22.0838 1088 Ntfs - ok
22:14:22.0911 1088 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:14:22.0913 1088 ntrigdigi - ok
22:14:22.0977 1088 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:14:22.0979 1088 Null - ok
22:14:23.0111 1088 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:14:23.0115 1088 nvraid - ok
22:14:23.0181 1088 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:14:23.0184 1088 nvstor - ok
22:14:23.0242 1088 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:14:23.0247 1088 nv_agp - ok
22:14:23.0281 1088 NwlnkFlt - ok
22:14:23.0314 1088 NwlnkFwd - ok
22:14:23.0475 1088 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:14:23.0477 1088 ohci1394 - ok
22:14:23.0609 1088 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:14:23.0613 1088 Parport - ok
22:14:23.0776 1088 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:14:23.0779 1088 partmgr - ok
22:14:23.0875 1088 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:14:23.0878 1088 Parvdm - ok
22:14:23.0978 1088 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:14:23.0983 1088 pci - ok
22:14:24.0064 1088 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:14:24.0088 1088 pciide - ok
22:14:24.0150 1088 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:14:24.0156 1088 pcmcia - ok
22:14:24.0446 1088 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:14:24.0481 1088 PEAUTH - ok
22:14:24.0668 1088 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:14:24.0675 1088 PptpMiniport - ok
22:14:24.0734 1088 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:14:24.0738 1088 Processor - ok
22:14:24.0864 1088 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:14:24.0886 1088 PSched - ok
22:14:25.0090 1088 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
22:14:25.0105 1088 PxHelp20 - ok
22:14:25.0235 1088 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:14:25.0292 1088 ql2300 - ok
22:14:25.0561 1088 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:14:25.0565 1088 ql40xx - ok
22:14:25.0654 1088 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:14:25.0657 1088 QWAVEdrv - ok
22:14:25.0839 1088 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:14:25.0852 1088 RasAcd - ok
22:14:26.0017 1088 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:14:26.0020 1088 Rasl2tp - ok
22:14:26.0144 1088 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:14:26.0146 1088 RasPppoe - ok
22:14:26.0210 1088 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:14:26.0213 1088 RasSstp - ok
22:14:26.0366 1088 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:14:26.0380 1088 rdbss - ok
22:14:26.0479 1088 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:14:26.0496 1088 RDPCDD - ok
22:14:26.0631 1088 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:14:26.0662 1088 rdpdr - ok
22:14:26.0694 1088 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:14:26.0695 1088 RDPENCDD - ok
22:14:26.0884 1088 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:14:26.0890 1088 RDPWD - ok
22:14:27.0172 1088 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
22:14:27.0174 1088 regi - ok
22:14:27.0328 1088 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
22:14:27.0353 1088 RFCOMM - ok
22:14:27.0502 1088 rimsptsk (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:14:27.0504 1088 rimsptsk - ok
22:14:27.0575 1088 risdptsk (cd6e3947724b337f9bc1524b710231eb) C:\Windows\system32\DRIVERS\risdptsk.sys
22:14:27.0577 1088 risdptsk - ok
22:14:27.0805 1088 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:14:27.0821 1088 rspndr - ok
22:14:28.0123 1088 RTHDMIAzAudService (f175b21f20b60958295f9221f11fed9f) C:\Windows\system32\drivers\RtHDMIV.sys
22:14:28.0128 1088 RTHDMIAzAudService - ok
22:14:28.0460 1088 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:14:28.0483 1088 sbp2port - ok
22:14:28.0761 1088 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
22:14:28.0798 1088 sdbus - ok
22:14:29.0111 1088 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:14:29.0130 1088 secdrv - ok
22:14:29.0366 1088 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:14:29.0388 1088 Serenum - ok
22:14:29.0569 1088 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:14:29.0593 1088 Serial - ok
22:14:29.0646 1088 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:14:29.0667 1088 sermouse - ok
22:14:29.0780 1088 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
22:14:29.0801 1088 SFEP - ok
22:14:29.0958 1088 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:14:29.0980 1088 sffdisk - ok
22:14:30.0026 1088 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:14:30.0029 1088 sffp_mmc - ok
22:14:30.0120 1088 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:14:30.0123 1088 sffp_sd - ok
22:14:30.0219 1088 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:14:30.0221 1088 sfloppy - ok
22:14:30.0291 1088 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:14:30.0296 1088 sisagp - ok
22:14:30.0359 1088 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:14:30.0362 1088 SiSRaid2 - ok
22:14:30.0424 1088 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:14:30.0430 1088 SiSRaid4 - ok
22:14:30.0551 1088 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:14:30.0554 1088 Smb - ok
22:14:30.0726 1088 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:14:30.0728 1088 spldr - ok
22:14:30.0837 1088 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
22:14:30.0871 1088 sptd - ok
22:14:31.0046 1088 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:14:31.0055 1088 srv - ok
22:14:31.0183 1088 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:14:31.0189 1088 srv2 - ok
22:14:31.0225 1088 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:14:31.0230 1088 srvnet - ok
22:14:31.0361 1088 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:14:31.0363 1088 swenum - ok
22:14:31.0419 1088 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:14:31.0423 1088 Symc8xx - ok
22:14:31.0492 1088 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:14:31.0495 1088 Sym_hi - ok
22:14:31.0601 1088 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:14:31.0605 1088 Sym_u3 - ok
22:14:31.0811 1088 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
22:14:31.0856 1088 Tcpip - ok
22:14:31.0933 1088 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
22:14:31.0946 1088 Tcpip6 - ok
22:14:32.0018 1088 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
22:14:32.0020 1088 tcpipreg - ok
22:14:32.0100 1088 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:14:32.0102 1088 TDPIPE - ok
22:14:32.0189 1088 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:14:32.0191 1088 TDTCP - ok
22:14:32.0289 1088 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:14:32.0292 1088 tdx - ok
22:14:32.0426 1088 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:14:32.0429 1088 TermDD - ok
22:14:32.0633 1088 truecrypt (746b8cf9cededdd865472544edf626da) C:\Windows\system32\drivers\truecrypt.sys
22:14:32.0645 1088 truecrypt - ok
22:14:32.0829 1088 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:14:32.0840 1088 tssecsrv - ok
22:14:33.0015 1088 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:14:33.0036 1088 tunmp - ok
22:14:33.0152 1088 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:14:33.0155 1088 tunnel - ok
22:14:33.0224 1088 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:14:33.0234 1088 uagp35 - ok
22:14:33.0537 1088 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:14:33.0545 1088 udfs - ok
22:14:33.0758 1088 UIUSys - ok
22:14:33.0969 1088 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:14:34.0005 1088 uliagpkx - ok
22:14:34.0243 1088 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:14:34.0262 1088 uliahci - ok
22:14:34.0323 1088 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:14:34.0347 1088 UlSata - ok
22:14:34.0531 1088 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:14:34.0536 1088 ulsata2 - ok
22:14:34.0663 1088 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:14:34.0676 1088 umbus - ok
22:14:34.0929 1088 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
22:14:34.0949 1088 UMPass - ok
22:14:35.0212 1088 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:14:35.0245 1088 USBAAPL - ok
22:14:35.0535 1088 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:14:35.0539 1088 usbccgp - ok
22:14:35.0661 1088 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:14:35.0679 1088 usbcir - ok
22:14:35.0749 1088 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:14:35.0752 1088 usbehci - ok
22:14:35.0846 1088 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:14:35.0854 1088 usbhub - ok
22:14:36.0123 1088 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:14:36.0125 1088 usbohci - ok
22:14:36.0459 1088 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:14:36.0484 1088 usbprint - ok
22:14:36.0816 1088 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:14:36.0831 1088 usbscan - ok
22:14:37.0069 1088 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:14:37.0087 1088 USBSTOR - ok
22:14:37.0184 1088 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:14:37.0186 1088 usbuhci - ok
22:14:37.0235 1088 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:14:37.0241 1088 usbvideo - ok
22:14:37.0351 1088 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:14:37.0354 1088 vga - ok
22:14:37.0408 1088 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:14:37.0417 1088 VgaSave - ok
22:14:37.0548 1088 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:14:37.0569 1088 viaagp - ok
22:14:37.0629 1088 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:14:37.0632 1088 ViaC7 - ok
22:14:37.0706 1088 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:14:37.0709 1088 viaide - ok
22:14:37.0765 1088 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:14:37.0768 1088 volmgr - ok
22:14:37.0968 1088 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:14:37.0979 1088 volmgrx - ok
22:14:38.0170 1088 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:14:38.0226 1088 volsnap - ok
22:14:38.0479 1088 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:14:38.0500 1088 vsmraid - ok
22:14:38.0835 1088 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:14:38.0857 1088 WacomPen - ok
22:14:39.0087 1088 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:14:39.0095 1088 Wanarp - ok
22:14:39.0109 1088 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:14:39.0111 1088 Wanarpv6 - ok
22:14:39.0295 1088 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:14:39.0307 1088 Wd - ok
22:14:39.0459 1088 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
22:14:39.0472 1088 WDC_SAM - ok
22:14:39.0705 1088 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:14:39.0740 1088 Wdf01000 - ok
22:14:40.0037 1088 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
22:14:40.0056 1088 WimFltr - ok
22:14:40.0132 1088 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:14:40.0167 1088 winachsf - ok
22:14:40.0561 1088 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:14:40.0564 1088 WmiAcpi - ok
22:14:40.0748 1088 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:14:40.0763 1088 WpdUsb - ok
22:14:40.0805 1088 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:14:40.0808 1088 ws2ifsl - ok
22:14:40.0916 1088 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:14:40.0933 1088 WUDFRd - ok
22:14:41.0114 1088 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
22:14:41.0116 1088 XAudio - ok
22:14:41.0378 1088 yukonwlh (67e3d2af24c3873e6a0cac89de78d63b) C:\Windows\system32\DRIVERS\yk60x86.sys
22:14:41.0388 1088 yukonwlh - ok
22:14:41.0431 1088 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:14:41.0488 1088 \Device\Harddisk0\DR0 - ok
22:14:41.0516 1088 Boot (0x1200) (e4d45ca44dc397336145c4b0a6075e62) \Device\Harddisk0\DR0\Partition0
22:14:41.0518 1088 \Device\Harddisk0\DR0\Partition0 - ok
22:14:41.0519 1088 ============================================================
22:14:41.0519 1088 Scan finished
22:14:41.0519 1088 ============================================================
22:14:41.0539 2908 Detected object count: 0
22:14:41.0539 2908 Actual detected object count: 0
22:16:06.0489 0784 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 03 October 2011 - 09:55 PM

Hello


How are things running now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 canfinfan

canfinfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 04 October 2011 - 05:45 PM

I still have a google redirect problem where anytime I choose a link it will take me to an unwanted source. I have to click the link 2 to 3 times before I go to the desired destination. I also get a large number of "google analytics" popups which open a new tab constantly while surfing. I am using chrome but it happens in almost all. I find that it happens to other people as well who log on and use my wifi.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 04 October 2011 - 09:22 PM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 canfinfan

canfinfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 05 October 2011 - 01:25 AM

Windows IP Configuration

Host Name . . . . . . . . . . . . : Robbie-Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-1E-3D-EA-70-C4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-1D-BA-19-14-47
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR928x Wireless Network Adapter
Physical Address. . . . . . . . . : 00-1F-E2-CA-54-0C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e13f:de2c:2508:1599%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : October-05-11 1:33:23 AM
Lease Expires . . . . . . . . . . : October-12-11 1:33:23 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 318775265
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-E2-66-E2-00-1F-E2-CA-54-0C
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{92CFD67E-6F8D-434B-A982-82C1C5F98A3D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{ACC73751-00CE-4A51-80A2-77689F4D516F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{EA3456EC-37DD-4616-905A-3D8ECA4D3FED}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.47.106
74.125.47.147
74.125.47.99
74.125.47.104
74.125.47.105
74.125.47.103

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
67.195.160.76
72.30.2.43
209.191.122.70



Pinging google.com [74.125.67.99] with 32 bytes of data:

Reply from 74.125.67.99: bytes=32 time=85ms TTL=50

Reply from 74.125.67.99: bytes=32 time=84ms TTL=50



Ping statistics for 74.125.67.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 84ms, Maximum = 85ms, Average = 84ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=83ms TTL=50

Reply from 209.191.122.70: bytes=32 time=86ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 83ms, Maximum = 86ms, Average = 84ms

===========================================================================
Interface List
13 ...00 1e 3d ea 70 c4 ...... Bluetooth Device (Personal Area Network)
11 ...00 1d ba 19 14 47 ...... Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
10 ...00 1f e2 ca 54 0c ...... Atheros AR928x Wireless Network Adapter
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.{92CFD67E-6F8D-434B-A982-82C1C5F98A3D}
14 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
17 ...00 00 00 00 00 00 00 e0 isatap.{ACC73751-00CE-4A51-80A2-77689F4D516F}
18 ...00 00 00 00 00 00 00 e0 isatap.{EA3456EC-37DD-4616-905A-3D8ECA4D3FED}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.102 281
192.168.0.102 255.255.255.255 On-link 192.168.0.102 281
192.168.0.255 255.255.255.255 On-link 192.168.0.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::e13f:de2c:2508:1599/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 05 October 2011 - 07:51 AM

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 08 October 2011 - 12:42 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 11 October 2011 - 10:02 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 20 October 2011 - 11:51 AM

this topic has been reopened


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users