Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS infection, google redirects


  • This topic is locked This topic is locked
18 replies to this topic

#1 Walterz

Walterz

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 26 November 2011 - 12:19 PM

Dear all,

I was hoping someone here could help me out in dealing with a TDSS or rootkit problem. My laptop had been infected with the SystemFix virus, which I have been able to remove thanks to RKill and Malwarebytes. But a tdss or rootkit infection seems to remain, judging from the google search redirects that I keep getting (I've noted this problem has been posted here before).

TDSSkiller refuses launch, not even after renaming (to any .com or .exe extension).

I'd be extremely grateful if anyone could help out here a bit.
Attached are both requested logs.

Many, many thanks for your time!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Wouter at 18:06:14 on 2011-11-26
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.32.1043.18.6051.4214 [GMT 1:00]
.
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Users\Wouter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Wouter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Wouter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Users\Wouter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Wouter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ugent.be
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Wouter\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: AlwaysShowClassicMenu = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: ugent.be\athena
Trusted Zone: ugent.be\athenax
Trusted Zone: ugent.be\bthena
Trusted Zone: ugent.be\bthenax
Trusted Zone: ugent.be\minerva
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0EA4AA68-A471-4470-8CDC-092F05FD17AA} : NameServer = 157.193.40.42,157.193.71.1
TCP: Interfaces\{86A18A48-D0F1-401E-AB59-D342F239E4F5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{86A18A48-D0F1-401E-AB59-D342F239E4F5}\67F6F627579647 : DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.2.1
TCP: Interfaces\{86A18A48-D0F1-401E-AB59-D342F239E4F5}\865746465627376656C6460286F64756C6 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{86A18A48-D0F1-401E-AB59-D342F239E4F5}\F4250234F464645454 : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE-X64: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wouter\AppData\Roaming\Mozilla\Firefox\Profiles\9xmgrshx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-25 366152]
S3 a320raid;a320raid;C:\Windows\system32\drivers\a320raid.sys --> C:\Windows\system32\drivers\a320raid.sys [?]
S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 b06diag;Broadcom NetXtreme II Diag Driver;C:\Windows\system32\drivers\bxdiaga.sys --> C:\Windows\system32\drivers\bxdiaga.sys [?]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\drivers\btath_bus.sys --> C:\Windows\system32\drivers\btath_bus.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\drivers\btath_hcrp.sys --> C:\Windows\system32\drivers\btath_hcrp.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\drivers\btath_rcp.sys --> C:\Windows\system32\drivers\btath_rcp.sys [?]
S3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;C:\Windows\system32\drivers\d554gps64.sys --> C:\Windows\system32\drivers\d554gps64.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 ecnssndis;Service for enabling selective suspend to NDIS device;C:\Windows\system32\Drivers\wwuss64.sys --> C:\Windows\system32\Drivers\wwuss64.sys [?]
S3 ecnssndisfltr;SSNDIS filter service;C:\Windows\system32\Drivers\wwussf64.sys --> C:\Windows\system32\Drivers\wwussf64.sys [?]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 136176]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);C:\Windows\system32\drivers\Mbm3CBus.sys --> C:\Windows\system32\drivers\Mbm3CBus.sys [?]
S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);C:\Windows\system32\drivers\Mbm3DevMt.sys --> C:\Windows\system32\drivers\Mbm3DevMt.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);C:\Windows\system32\drivers\qcfilterdl2k.sys --> C:\Windows\system32\drivers\qcfilterdl2k.sys [?]
S3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);C:\Windows\system32\drivers\qcusbserdl2k.sys --> C:\Windows\system32\drivers\qcusbserdl2k.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-26 16:18:36 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-26 16:08:09 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF2AD8E0-4168-4147-AC15-C643046B168A}\offreg.dll
2011-11-26 15:49:14 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF2AD8E0-4168-4147-AC15-C643046B168A}\mpengine.dll
2011-11-25 09:12:47 -------- d-----w- C:\Users\Wouter\AppData\Local\Secunia PSI
2011-11-25 09:12:37 -------- d-----w- C:\Program Files (x86)\Secunia
2011-11-25 07:28:08 -------- d-----w- C:\Users\Wouter\AppData\Roaming\Malwarebytes
2011-11-25 07:27:58 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-25 07:27:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-19 13:31:15 -------- d-----w- C:\Program Files (x86)\NCH Software
2011-11-18 15:30:15 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-11-18 15:29:02 -------- d-----w- C:\Users\Wouter\AppData\Roaming\uTorrent
2011-11-18 15:29:02 -------- d-----w- C:\Users\Wouter\AppData\Local\uTorrent
2011-11-16 09:29:05 -------- d-----w- C:\Users\Wouter\AppData\Local\Microsoft Help
2011-11-15 13:48:23 -------- d-----w- C:\Wouter
2011-11-03 21:16:03 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-11-03 21:12:47 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-03 21:12:46 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-03 21:12:46 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-03 21:12:45 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
.
==================== Find3M ====================
.
2011-11-25 09:28:11 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 09:15:05 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-10-24 13:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-09-07 13:00:48 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
2011-09-07 10:30:11 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-07 10:08:27 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-09-07 10:08:25 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-09-07 10:08:25 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-09-07 10:08:19 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-09-07 10:08:18 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-09-07 10:08:15 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 18:14:43,76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 PM

Posted 27 November 2011 - 11:37 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Walterz

Walterz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 28 November 2011 - 05:54 AM

Hello Gringo,

First of all, many thanks for helping me out here!

I ran ComboFix (log below, sorry for the non-English language setting...).
This took an unusually long time - about an hour in total - before it was finished. The google search redirects problem persists as well, so that does not seem to be fixed yet.

Here's the log:

ComboFix 11-11-27.02 - Wouter 28/11/2011 10:07:02.2.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.32.1043.18.6051.4397 [GMT 1:00]
Gestart vanuit: c:\users\Wouter\Desktop\ComboFix.exe
AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Wouter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\windows\system32\uptime.exe
c:\windows\SysWow64\lsprst7.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-28 to 2011-11-28 ))))))))))))))))))))))))))))))
.
.
2011-11-28 10:25 . 2011-11-28 10:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 10:25 . 2011-11-28 10:25 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-28 07:43 . 2011-11-28 07:43 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF2AD8E0-4168-4147-AC15-C643046B168A}\offreg.dll
2011-11-26 16:18 . 2011-11-26 16:18 -------- d-----w- c:\program files (x86)\ESET
2011-11-26 15:49 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF2AD8E0-4168-4147-AC15-C643046B168A}\mpengine.dll
2011-11-25 09:18 . 2011-11-25 09:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-11-25 09:15 . 2011-11-25 09:15 -------- d-----w- c:\program files\Java
2011-11-25 09:12 . 2011-11-25 09:12 -------- d-----w- c:\users\Wouter\AppData\Local\Secunia PSI
2011-11-25 09:12 . 2011-11-25 09:12 -------- d-----w- c:\program files (x86)\Secunia
2011-11-25 07:28 . 2011-11-25 07:28 -------- d-----w- c:\users\Wouter\AppData\Roaming\Malwarebytes
2011-11-25 07:27 . 2011-11-25 07:27 -------- d-----w- c:\programdata\Malwarebytes
2011-11-25 07:27 . 2011-11-25 07:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-19 13:31 . 2011-11-26 15:47 -------- d-----w- c:\programdata\NCH Software
2011-11-19 13:31 . 2011-11-26 15:48 -------- d-----w- c:\program files (x86)\NCH Software
2011-11-18 15:30 . 2011-11-18 15:30 -------- d-----w- c:\program files (x86)\uTorrent
2011-11-18 15:29 . 2011-11-23 16:23 -------- d-----w- c:\users\Wouter\AppData\Roaming\uTorrent
2011-11-18 15:29 . 2011-11-18 15:29 -------- d-----w- c:\users\Wouter\AppData\Local\uTorrent
2011-11-16 09:29 . 2011-11-16 09:29 -------- d-----w- c:\users\Wouter\AppData\Local\Microsoft Help
2011-11-15 13:48 . 2011-11-22 21:38 -------- d-----w- C:\Wouter
2011-11-03 21:16 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-11-03 21:12 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-11-03 21:12 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-03 21:12 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-11-03 21:12 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 09:28 . 2011-09-07 10:12 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 09:15 . 2011-09-07 10:30 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-11 06:20 . 2011-10-11 06:20 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F579863-E97B-40C2-94D7-2DCBC3173B79}\gapaengine.dll
2011-10-07 04:16 . 2011-09-09 11:58 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-07 13:02 . 2011-09-07 13:02 57344 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{7363BA97-2FCD-4343-8B31-9DD3CCC30F1B}\ARPPRODUCTICON.exe
2011-09-07 12:35 . 2011-09-07 12:35 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-07 12:35 . 2011-09-07 12:35 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-07 12:35 . 2011-09-07 12:35 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-07 12:35 . 2011-09-07 12:35 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-07 12:35 . 2011-09-07 12:35 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-07 12:35 . 2011-09-07 12:35 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-07 12:35 . 2011-09-07 12:35 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-07 12:35 . 2011-09-07 12:35 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-07 12:35 . 2011-09-07 12:35 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-07 12:35 . 2011-09-07 12:35 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-07 12:35 . 2011-09-07 12:35 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-07 12:35 . 2011-09-07 12:35 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-07 12:35 . 2011-09-07 12:35 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-07 12:35 . 2011-09-07 12:35 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-07 12:35 . 2011-09-07 12:35 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-07 12:35 . 2011-09-07 12:35 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-07 12:35 . 2011-09-07 12:35 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-07 12:35 . 2011-09-07 12:35 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-07 12:35 . 2011-09-07 12:35 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-07 12:35 . 2011-09-07 12:35 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-07 12:35 . 2011-09-07 12:35 448512 ----a-w- c:\windows\system32\html.iec
2011-09-07 12:35 . 2011-09-07 12:35 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-07 12:35 . 2011-09-07 12:35 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-07 12:35 . 2011-09-07 12:35 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-07 12:35 . 2011-09-07 12:35 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-07 12:35 . 2011-09-07 12:35 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-07 12:35 . 2011-09-07 12:35 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-07 12:35 . 2011-09-07 12:35 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-07 12:35 . 2011-09-07 12:35 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-07 12:35 . 2011-09-07 12:35 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-07 12:35 . 2011-09-07 12:35 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-07 12:35 . 2011-09-07 12:35 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-07 12:35 . 2011-09-07 12:35 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-07 12:35 . 2011-09-07 12:35 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-07 12:35 . 2011-09-07 12:35 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-07 12:35 . 2011-09-07 12:35 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-07 10:51 . 2011-09-09 11:58 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-07 10:30 . 2011-09-07 10:30 423656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-07 10:08 . 2011-09-07 10:08 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-09-07 10:08 . 2011-09-07 10:08 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-09-07 10:08 . 2011-09-07 10:08 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-09-07 10:08 . 2011-09-07 10:08 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-09-07 10:08 . 2011-09-07 10:08 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-09-07 10:08 . 2011-09-07 10:08 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AlwaysShowClassicMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [x]
R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [x]
R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\System32\Drivers\wwuss64.sys [x]
R3 ecnssndisfltr;SSNDIS filter service;c:\windows\System32\Drivers\wwussf64.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys [x]
R3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\drivers\Mbm3DevMt.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\drivers\qcfilterdl2k.sys [x]
R3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\drivers\qcusbserdl2k.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 19:27]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 19:27]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-627386464-784032616-454425204-1001Core.job
- c:\users\Wouter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 09:23]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-627386464-784032616-454425204-1001UA.job
- c:\users\Wouter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 09:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.ugent.be
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: ugent.be\athena
Trusted Zone: ugent.be\athenax
Trusted Zone: ugent.be\bthena
Trusted Zone: ugent.be\bthenax
Trusted Zone: ugent.be\minerva
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0EA4AA68-A471-4470-8CDC-092F05FD17AA}: NameServer = 157.193.40.42,157.193.71.1
FF - ProfilePath - c:\users\Wouter\AppData\Roaming\Mozilla\Firefox\Profiles\9xmgrshx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-11-28 11:45:42
ComboFix-quarantined-files.txt 2011-11-28 10:45
.
Pre-Run: 435.213.541.376 bytes beschikbaar
Post-Run: 435.245.363.200 bytes beschikbaar
.
- - End Of File - - D032F80D654291F85B60ABAEF6527981

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 PM

Posted 28 November 2011 - 11:05 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Walterz

Walterz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 28 November 2011 - 11:21 AM

TDSSKiller refuses to launch, unfortunately. When I double click on it nothing happens. Renaming the file or the extension don't seem to help either. Or am I doing something wrong here?

Thanks...!

Edited by Walterz, 28 November 2011 - 11:22 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 PM

Posted 28 November 2011 - 11:36 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Walterz

Walterz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 28 November 2011 - 11:54 AM

Thanks a lot, that seems to have worked:

FixTDSS found a 'Infected MBR' and succeeded to repair it. After that, TDSSKiller launched properly, without detecting anything (log below).
The first few google searches did not lead to redirects for now... So I'm assuming this might have done the trick?

TDSSKiller log:
17:49:08.0284 2928 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
17:49:08.0549 2928 ============================================================
17:49:08.0549 2928 Current date / time: 2011/11/28 17:49:08.0549
17:49:08.0549 2928 SystemInfo:
17:49:08.0549 2928
17:49:08.0549 2928 OS Version: 6.1.7601 ServicePack: 1.0
17:49:08.0549 2928 Product type: Workstation
17:49:08.0549 2928 ComputerName: LW03C091
17:49:08.0549 2928 UserName: Wouter
17:49:08.0549 2928 Windows directory: C:\Windows
17:49:08.0549 2928 System windows directory: C:\Windows
17:49:08.0549 2928 Running under WOW64
17:49:08.0549 2928 Processor architecture: Intel x64
17:49:08.0549 2928 Number of processors: 4
17:49:08.0549 2928 Page size: 0x1000
17:49:08.0549 2928 Boot type: Normal boot
17:49:08.0549 2928 ============================================================
17:49:09.0516 2928 Initialize success
17:49:14.0259 2508 ============================================================
17:49:14.0259 2508 Scan started
17:49:14.0259 2508 Mode: Manual;
17:49:14.0259 2508 ============================================================
17:49:14.0820 2508 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:49:14.0820 2508 1394ohci - ok
17:49:14.0883 2508 a320raid (d9e28649ad0f88dafd37878ff306f8d9) C:\Windows\system32\drivers\a320raid.sys
17:49:14.0883 2508 a320raid - ok
17:49:14.0914 2508 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
17:49:14.0914 2508 Acceler - ok
17:49:14.0976 2508 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:49:14.0992 2508 ACPI - ok
17:49:15.0023 2508 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:49:15.0023 2508 AcpiPmi - ok
17:49:15.0164 2508 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:49:15.0179 2508 adp94xx - ok
17:49:15.0210 2508 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:49:15.0210 2508 adpahci - ok
17:49:15.0242 2508 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:49:15.0242 2508 adpu320 - ok
17:49:15.0320 2508 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:49:15.0335 2508 AFD - ok
17:49:15.0398 2508 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:49:15.0413 2508 agp440 - ok
17:49:15.0491 2508 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:49:15.0507 2508 aliide - ok
17:49:15.0522 2508 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:49:15.0538 2508 amdide - ok
17:49:15.0569 2508 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:49:15.0569 2508 AmdK8 - ok
17:49:15.0585 2508 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:49:15.0600 2508 AmdPPM - ok
17:49:15.0632 2508 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:49:15.0632 2508 amdsata - ok
17:49:15.0710 2508 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:49:15.0725 2508 amdsbs - ok
17:49:15.0788 2508 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:49:15.0803 2508 amdxata - ok
17:49:15.0866 2508 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:49:15.0881 2508 ApfiltrService - ok
17:49:15.0928 2508 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:49:15.0928 2508 AppID - ok
17:49:16.0053 2508 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:49:16.0053 2508 arc - ok
17:49:16.0115 2508 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:49:16.0131 2508 arcsas - ok
17:49:16.0193 2508 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:49:16.0193 2508 AsyncMac - ok
17:49:16.0240 2508 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:49:16.0240 2508 atapi - ok
17:49:16.0287 2508 AthDfu (4119870b90e1b5e7797d6433d21f9216) C:\Windows\System32\Drivers\AthDfu.sys
17:49:16.0287 2508 AthDfu - ok
17:49:16.0568 2508 b06bdrv (8cca0b2b0d960d399b3d50b0c78d1498) C:\Windows\system32\drivers\bxvbda.sys
17:49:16.0568 2508 b06bdrv - ok
17:49:16.0599 2508 b06diag (40c6716758ddf3d10b6307adf0a7dce6) C:\Windows\system32\drivers\bxdiaga.sys
17:49:16.0599 2508 b06diag - ok
17:49:16.0646 2508 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:49:16.0646 2508 b57nd60a - ok
17:49:16.0677 2508 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:49:16.0677 2508 Beep - ok
17:49:16.0724 2508 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:49:16.0739 2508 blbdrive - ok
17:49:16.0848 2508 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:49:16.0864 2508 bowser - ok
17:49:16.0911 2508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:49:16.0911 2508 BrFiltLo - ok
17:49:16.0926 2508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:49:16.0926 2508 BrFiltUp - ok
17:49:16.0958 2508 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:49:16.0973 2508 Brserid - ok
17:49:16.0973 2508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:49:16.0973 2508 BrSerWdm - ok
17:49:16.0989 2508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:49:16.0989 2508 BrUsbMdm - ok
17:49:17.0004 2508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:49:17.0004 2508 BrUsbSer - ok
17:49:17.0036 2508 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\drivers\btath_bus.sys
17:49:17.0036 2508 BTATH_BUS - ok
17:49:17.0098 2508 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\drivers\btath_hcrp.sys
17:49:17.0098 2508 BTATH_HCRP - ok
17:49:17.0145 2508 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\drivers\btath_rcp.sys
17:49:17.0145 2508 BTATH_RCP - ok
17:49:17.0207 2508 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
17:49:17.0207 2508 BthEnum - ok
17:49:17.0207 2508 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:49:17.0223 2508 BTHMODEM - ok
17:49:17.0223 2508 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:49:17.0238 2508 BthPan - ok
17:49:17.0254 2508 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
17:49:17.0270 2508 BTHPORT - ok
17:49:17.0301 2508 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
17:49:17.0316 2508 BTHUSB - ok
17:49:17.0363 2508 btmhsf (0c468d8da95be16bfdd380bb9de88259) C:\Windows\system32\DRIVERS\btmhsf.sys
17:49:17.0363 2508 btmhsf - ok
17:49:17.0426 2508 btwavdt (3def2370e414b4e299673558ba171a51) C:\Windows\system32\drivers\btwavdt.sys
17:49:17.0441 2508 btwavdt - ok
17:49:17.0441 2508 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\drivers\btwrchid.sys
17:49:17.0457 2508 btwrchid - ok
17:49:17.0566 2508 catchme - ok
17:49:17.0644 2508 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:49:17.0660 2508 cdfs - ok
17:49:17.0691 2508 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:49:17.0691 2508 cdrom - ok
17:49:17.0722 2508 cercsr6 (459205aeba539e50676b6c3d74e452e3) C:\Windows\system32\drivers\cercsr6.sys
17:49:17.0722 2508 cercsr6 - ok
17:49:17.0769 2508 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:49:17.0769 2508 circlass - ok
17:49:17.0847 2508 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:49:17.0862 2508 CLFS - ok
17:49:17.0940 2508 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:49:17.0940 2508 CmBatt - ok
17:49:17.0956 2508 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:49:17.0972 2508 cmdide - ok
17:49:17.0987 2508 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
17:49:18.0003 2508 CNG - ok
17:49:18.0065 2508 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:49:18.0065 2508 Compbatt - ok
17:49:18.0096 2508 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:49:18.0096 2508 CompositeBus - ok
17:49:18.0143 2508 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:49:18.0159 2508 crcdisk - ok
17:49:18.0206 2508 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:49:18.0221 2508 CSC - ok
17:49:18.0315 2508 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
17:49:18.0315 2508 ctxusbm - ok
17:49:18.0362 2508 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
17:49:18.0362 2508 CVirtA - ok
17:49:18.0424 2508 CVPNDRVA (79af0e203d089af442a3f70ed00a37fb) C:\Windows\system32\Drivers\CVPNDRVA.sys
17:49:18.0424 2508 CVPNDRVA - ok
17:49:18.0518 2508 d554gps (f0d19120042e8d1e6707767d2a3bbaa9) C:\Windows\system32\drivers\d554gps64.sys
17:49:18.0518 2508 d554gps - ok
17:49:18.0580 2508 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:49:18.0580 2508 DfsC - ok
17:49:18.0611 2508 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:49:18.0611 2508 discache - ok
17:49:18.0689 2508 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:49:18.0689 2508 Disk - ok
17:49:18.0720 2508 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
17:49:18.0720 2508 dmvsc - ok
17:49:18.0798 2508 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
17:49:18.0798 2508 DNE - ok
17:49:18.0861 2508 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:49:18.0861 2508 drmkaud - ok
17:49:18.0970 2508 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:49:18.0986 2508 DXGKrnl - ok
17:49:19.0048 2508 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:49:19.0079 2508 ebdrv - ok
17:49:19.0157 2508 ecnssndis (f88f2e5806fc405b0fa94b7947a5875e) C:\Windows\System32\Drivers\wwuss64.sys
17:49:19.0173 2508 ecnssndis - ok
17:49:19.0188 2508 ecnssndisfltr (c8cd88218efc28f7e44a9892b3e97f4d) C:\Windows\System32\Drivers\wwussf64.sys
17:49:19.0188 2508 ecnssndisfltr - ok
17:49:19.0251 2508 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:49:19.0266 2508 elxstor - ok
17:49:19.0282 2508 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:49:19.0282 2508 ErrDev - ok
17:49:19.0298 2508 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:49:19.0298 2508 exfat - ok
17:49:19.0329 2508 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:49:19.0329 2508 fastfat - ok
17:49:19.0344 2508 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:49:19.0344 2508 fdc - ok
17:49:19.0407 2508 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:49:19.0422 2508 FileInfo - ok
17:49:19.0469 2508 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:49:19.0469 2508 Filetrace - ok
17:49:19.0485 2508 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:49:19.0485 2508 flpydisk - ok
17:49:19.0516 2508 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:49:19.0516 2508 FltMgr - ok
17:49:19.0547 2508 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:49:19.0547 2508 FsDepends - ok
17:49:19.0578 2508 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:49:19.0578 2508 Fs_Rec - ok
17:49:19.0641 2508 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:49:19.0641 2508 fvevol - ok
17:49:19.0703 2508 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:49:19.0703 2508 gagp30kx - ok
17:49:19.0766 2508 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:49:19.0766 2508 hcw85cir - ok
17:49:19.0828 2508 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:49:19.0844 2508 HdAudAddService - ok
17:49:19.0890 2508 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:49:19.0890 2508 HDAudBus - ok
17:49:19.0906 2508 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:49:19.0906 2508 HidBatt - ok
17:49:19.0922 2508 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:49:19.0922 2508 HidBth - ok
17:49:19.0937 2508 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:49:19.0937 2508 HidIr - ok
17:49:19.0984 2508 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:49:19.0984 2508 HidUsb - ok
17:49:20.0046 2508 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:49:20.0046 2508 HpSAMD - ok
17:49:20.0078 2508 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:49:20.0093 2508 HTTP - ok
17:49:20.0124 2508 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:49:20.0140 2508 hwpolicy - ok
17:49:20.0171 2508 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:49:20.0171 2508 i8042prt - ok
17:49:20.0202 2508 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
17:49:20.0202 2508 iaStor - ok
17:49:20.0280 2508 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:49:20.0296 2508 iaStorV - ok
17:49:20.0358 2508 iBtFltCoex (fc85972037815fa7b413e790b426acb2) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
17:49:20.0358 2508 iBtFltCoex - ok
17:49:20.0624 2508 igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:49:20.0811 2508 igfx - ok
17:49:20.0904 2508 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:49:20.0920 2508 iirsp - ok
17:49:20.0951 2508 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
17:49:20.0951 2508 Impcd - ok
17:49:20.0998 2508 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:49:21.0014 2508 IntcDAud - ok
17:49:21.0029 2508 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:49:21.0029 2508 intelide - ok
17:49:21.0123 2508 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:49:21.0138 2508 intelppm - ok
17:49:21.0170 2508 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:49:21.0170 2508 IpFilterDriver - ok
17:49:21.0185 2508 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:49:21.0185 2508 IPMIDRV - ok
17:49:21.0201 2508 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:49:21.0201 2508 IPNAT - ok
17:49:21.0216 2508 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:49:21.0216 2508 IRENUM - ok
17:49:21.0248 2508 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:49:21.0248 2508 isapnp - ok
17:49:21.0294 2508 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:49:21.0294 2508 iScsiPrt - ok
17:49:21.0357 2508 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:49:21.0357 2508 kbdclass - ok
17:49:21.0357 2508 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:49:21.0372 2508 kbdhid - ok
17:49:21.0388 2508 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
17:49:21.0388 2508 KSecDD - ok
17:49:21.0419 2508 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
17:49:21.0419 2508 KSecPkg - ok
17:49:21.0450 2508 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:49:21.0450 2508 ksthunk - ok
17:49:21.0560 2508 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:49:21.0560 2508 lltdio - ok
17:49:21.0606 2508 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:49:21.0606 2508 LSI_FC - ok
17:49:21.0622 2508 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:49:21.0622 2508 LSI_SAS - ok
17:49:21.0653 2508 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:49:21.0653 2508 LSI_SAS2 - ok
17:49:21.0684 2508 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:49:21.0684 2508 LSI_SCSI - ok
17:49:21.0778 2508 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:49:21.0794 2508 luafv - ok
17:49:21.0809 2508 MBAMProtector - ok
17:49:21.0887 2508 Mbm3CBus (6ed76604a833d403f24c48c360d2e8b1) C:\Windows\system32\drivers\Mbm3CBus.sys
17:49:21.0887 2508 Mbm3CBus - ok
17:49:21.0981 2508 Mbm3DevMt (1c2b0e328c181a481f55b53305ae19d6) C:\Windows\system32\drivers\Mbm3DevMt.sys
17:49:21.0981 2508 Mbm3DevMt - ok
17:49:22.0012 2508 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:49:22.0012 2508 megasas - ok
17:49:22.0043 2508 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:49:22.0059 2508 MegaSR - ok
17:49:22.0090 2508 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
17:49:22.0090 2508 MEIx64 - ok
17:49:22.0199 2508 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:49:22.0199 2508 Modem - ok
17:49:22.0215 2508 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:49:22.0215 2508 monitor - ok
17:49:22.0246 2508 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:49:22.0246 2508 mouclass - ok
17:49:22.0277 2508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:49:22.0277 2508 mouhid - ok
17:49:22.0308 2508 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:49:22.0308 2508 mountmgr - ok
17:49:22.0418 2508 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
17:49:22.0418 2508 MpFilter - ok
17:49:22.0449 2508 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:49:22.0449 2508 mpio - ok
17:49:22.0480 2508 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
17:49:22.0480 2508 MpNWMon - ok
17:49:22.0496 2508 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:49:22.0511 2508 mpsdrv - ok
17:49:22.0527 2508 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:49:22.0542 2508 MRxDAV - ok
17:49:22.0574 2508 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:49:22.0574 2508 mrxsmb - ok
17:49:22.0652 2508 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:49:22.0667 2508 mrxsmb10 - ok
17:49:22.0683 2508 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:49:22.0698 2508 mrxsmb20 - ok
17:49:22.0730 2508 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:49:22.0730 2508 msahci - ok
17:49:22.0761 2508 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:49:22.0776 2508 msdsm - ok
17:49:22.0792 2508 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:49:22.0792 2508 Msfs - ok
17:49:22.0854 2508 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:49:22.0854 2508 mshidkmdf - ok
17:49:22.0901 2508 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:49:22.0901 2508 msisadrv - ok
17:49:22.0932 2508 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:49:22.0932 2508 MSKSSRV - ok
17:49:22.0979 2508 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:49:22.0979 2508 MSPCLOCK - ok
17:49:23.0026 2508 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:49:23.0042 2508 MSPQM - ok
17:49:23.0073 2508 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:49:23.0088 2508 MsRPC - ok
17:49:23.0104 2508 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:49:23.0104 2508 mssmbios - ok
17:49:23.0135 2508 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:49:23.0151 2508 MSTEE - ok
17:49:23.0166 2508 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:49:23.0166 2508 MTConfig - ok
17:49:23.0182 2508 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:49:23.0182 2508 Mup - ok
17:49:23.0291 2508 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:49:23.0291 2508 NativeWifiP - ok
17:49:23.0354 2508 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:49:23.0369 2508 NDIS - ok
17:49:23.0385 2508 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:49:23.0385 2508 NdisCap - ok
17:49:23.0432 2508 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:49:23.0432 2508 NdisTapi - ok
17:49:23.0525 2508 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:49:23.0525 2508 Ndisuio - ok
17:49:23.0541 2508 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:49:23.0541 2508 NdisWan - ok
17:49:23.0572 2508 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:49:23.0572 2508 NDProxy - ok
17:49:23.0603 2508 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:49:23.0603 2508 NetBIOS - ok
17:49:23.0634 2508 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:49:23.0634 2508 NetBT - ok
17:49:23.0900 2508 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
17:49:23.0962 2508 NETwNs64 - ok
17:49:24.0056 2508 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:49:24.0056 2508 nfrd960 - ok
17:49:24.0087 2508 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:49:24.0102 2508 NisDrv - ok
17:49:24.0134 2508 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:49:24.0134 2508 Npfs - ok
17:49:24.0165 2508 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:49:24.0165 2508 nsiproxy - ok
17:49:24.0243 2508 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:49:24.0274 2508 Ntfs - ok
17:49:24.0352 2508 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:49:24.0352 2508 Null - ok
17:49:24.0399 2508 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:49:24.0399 2508 nusb3hub - ok
17:49:24.0430 2508 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:49:24.0430 2508 nusb3xhc - ok
17:49:24.0477 2508 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:49:24.0477 2508 nvraid - ok
17:49:24.0555 2508 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:49:24.0570 2508 nvstor - ok
17:49:24.0617 2508 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:49:24.0617 2508 nv_agp - ok
17:49:24.0633 2508 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:49:24.0633 2508 ohci1394 - ok
17:49:24.0758 2508 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:49:24.0758 2508 Parport - ok
17:49:24.0789 2508 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:49:24.0789 2508 partmgr - ok
17:49:24.0836 2508 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:49:24.0836 2508 pci - ok
17:49:24.0882 2508 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:49:24.0882 2508 pciide - ok
17:49:24.0945 2508 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:49:24.0960 2508 pcmcia - ok
17:49:24.0976 2508 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:49:24.0976 2508 pcw - ok
17:49:25.0007 2508 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:49:25.0023 2508 PEAUTH - ok
17:49:25.0163 2508 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:49:25.0179 2508 PptpMiniport - ok
17:49:25.0194 2508 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:49:25.0194 2508 Processor - ok
17:49:25.0226 2508 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:49:25.0241 2508 Psched - ok
17:49:25.0304 2508 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
17:49:25.0319 2508 PSI - ok
17:49:25.0397 2508 qcfilterdl2k (052031a92809b438683fdcf5b574234d) C:\Windows\system32\drivers\qcfilterdl2k.sys
17:49:25.0413 2508 qcfilterdl2k - ok
17:49:25.0428 2508 qcusbserdl2k (4ad8cb1e096872ee7a7f6fbeac91b54a) C:\Windows\system32\drivers\qcusbserdl2k.sys
17:49:25.0444 2508 qcusbserdl2k - ok
17:49:25.0506 2508 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:49:25.0538 2508 ql2300 - ok
17:49:25.0553 2508 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:49:25.0569 2508 ql40xx - ok
17:49:25.0631 2508 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:49:25.0631 2508 QWAVEdrv - ok
17:49:25.0662 2508 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:49:25.0662 2508 RasAcd - ok
17:49:25.0709 2508 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:49:25.0709 2508 RasAgileVpn - ok
17:49:25.0740 2508 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:49:25.0740 2508 Rasl2tp - ok
17:49:25.0772 2508 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:49:25.0772 2508 RasPppoe - ok
17:49:25.0850 2508 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:49:25.0850 2508 RasSstp - ok
17:49:25.0881 2508 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:49:25.0881 2508 rdbss - ok
17:49:25.0896 2508 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:49:25.0896 2508 rdpbus - ok
17:49:25.0928 2508 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:49:25.0928 2508 RDPCDD - ok
17:49:25.0959 2508 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:49:25.0959 2508 RDPDR - ok
17:49:26.0037 2508 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:49:26.0037 2508 RDPENCDD - ok
17:49:26.0052 2508 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:49:26.0052 2508 RDPREFMP - ok
17:49:26.0068 2508 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:49:26.0068 2508 RdpVideoMiniport - ok
17:49:26.0099 2508 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:49:26.0099 2508 RDPWD - ok
17:49:26.0162 2508 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:49:26.0162 2508 rdyboost - ok
17:49:26.0333 2508 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:49:26.0349 2508 RFCOMM - ok
17:49:26.0427 2508 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:49:26.0427 2508 rspndr - ok
17:49:26.0474 2508 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\Windows\system32\Drivers\RtsUStor.sys
17:49:26.0474 2508 RSUSBSTOR - ok
17:49:26.0645 2508 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:49:26.0661 2508 RTL8167 - ok
17:49:26.0692 2508 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:49:26.0692 2508 s3cap - ok
17:49:26.0739 2508 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:49:26.0739 2508 sbp2port - ok
17:49:26.0770 2508 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:49:26.0770 2508 scfilter - ok
17:49:26.0864 2508 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:49:26.0864 2508 secdrv - ok
17:49:26.0895 2508 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:49:26.0910 2508 Serenum - ok
17:49:26.0926 2508 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:49:26.0926 2508 Serial - ok
17:49:26.0942 2508 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:49:26.0942 2508 sermouse - ok
17:49:26.0957 2508 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:49:26.0957 2508 sffdisk - ok
17:49:26.0973 2508 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:49:26.0973 2508 sffp_mmc - ok
17:49:26.0973 2508 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:49:26.0973 2508 sffp_sd - ok
17:49:26.0988 2508 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:49:26.0988 2508 sfloppy - ok
17:49:27.0020 2508 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:49:27.0020 2508 SiSRaid2 - ok
17:49:27.0035 2508 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:49:27.0051 2508 SiSRaid4 - ok
17:49:27.0113 2508 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:49:27.0113 2508 Smb - ok
17:49:27.0144 2508 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:49:27.0144 2508 spldr - ok
17:49:27.0191 2508 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:49:27.0191 2508 srv - ok
17:49:27.0222 2508 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:49:27.0222 2508 srv2 - ok
17:49:27.0254 2508 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:49:27.0254 2508 srvnet - ok
17:49:27.0363 2508 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
17:49:27.0363 2508 stdcfltn - ok
17:49:27.0394 2508 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:49:27.0394 2508 stexstor - ok
17:49:27.0425 2508 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:49:27.0425 2508 storflt - ok
17:49:27.0441 2508 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:49:27.0441 2508 storvsc - ok
17:49:27.0456 2508 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:49:27.0456 2508 swenum - ok
17:49:27.0488 2508 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
17:49:27.0488 2508 Synth3dVsc - ok
17:49:27.0628 2508 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
17:49:27.0659 2508 Tcpip - ok
17:49:27.0690 2508 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
17:49:27.0706 2508 TCPIP6 - ok
17:49:27.0737 2508 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:49:27.0737 2508 tcpipreg - ok
17:49:27.0753 2508 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:49:27.0753 2508 TDPIPE - ok
17:49:27.0768 2508 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:49:27.0768 2508 TDTCP - ok
17:49:27.0784 2508 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:49:27.0784 2508 tdx - ok
17:49:27.0815 2508 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:49:27.0815 2508 TermDD - ok
17:49:27.0862 2508 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
17:49:27.0862 2508 terminpt - ok
17:49:27.0909 2508 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:49:27.0909 2508 tssecsrv - ok
17:49:27.0909 2508 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:49:27.0924 2508 TsUsbFlt - ok
17:49:27.0924 2508 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:49:27.0924 2508 TsUsbGD - ok
17:49:27.0940 2508 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
17:49:27.0940 2508 tsusbhub - ok
17:49:27.0987 2508 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:49:27.0987 2508 tunnel - ok
17:49:28.0002 2508 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:49:28.0018 2508 uagp35 - ok
17:49:28.0018 2508 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:49:28.0018 2508 udfs - ok
17:49:28.0096 2508 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:49:28.0096 2508 uliagpkx - ok
17:49:28.0127 2508 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:49:28.0127 2508 umbus - ok
17:49:28.0158 2508 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:49:28.0158 2508 UmPass - ok
17:49:28.0205 2508 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:49:28.0205 2508 usbccgp - ok
17:49:28.0221 2508 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:49:28.0221 2508 usbcir - ok
17:49:28.0236 2508 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:49:28.0236 2508 usbehci - ok
17:49:28.0314 2508 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:49:28.0330 2508 usbhub - ok
17:49:28.0346 2508 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:49:28.0346 2508 usbohci - ok
17:49:28.0377 2508 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
17:49:28.0392 2508 usbprint - ok
17:49:28.0424 2508 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:49:28.0424 2508 USBSTOR - ok
17:49:28.0455 2508 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:49:28.0470 2508 usbuhci - ok
17:49:28.0564 2508 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:49:28.0580 2508 usbvideo - ok
17:49:28.0626 2508 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:49:28.0626 2508 vdrvroot - ok
17:49:28.0658 2508 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:49:28.0658 2508 vga - ok
17:49:28.0673 2508 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:49:28.0673 2508 VgaSave - ok
17:49:28.0673 2508 VGPU - ok
17:49:28.0689 2508 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:49:28.0704 2508 vhdmp - ok
17:49:28.0720 2508 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:49:28.0720 2508 viaide - ok
17:49:28.0798 2508 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:49:28.0798 2508 vmbus - ok
17:49:28.0829 2508 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:49:28.0829 2508 VMBusHID - ok
17:49:28.0845 2508 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:49:28.0845 2508 volmgr - ok
17:49:28.0892 2508 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:49:28.0892 2508 volmgrx - ok
17:49:28.0923 2508 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:49:28.0923 2508 volsnap - ok
17:49:28.0970 2508 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:49:28.0970 2508 vsmraid - ok
17:49:29.0032 2508 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:49:29.0032 2508 vwifibus - ok
17:49:29.0063 2508 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:49:29.0079 2508 vwififlt - ok
17:49:29.0126 2508 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:49:29.0126 2508 WacomPen - ok
17:49:29.0157 2508 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:49:29.0157 2508 WANARP - ok
17:49:29.0172 2508 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:49:29.0172 2508 Wanarpv6 - ok
17:49:29.0266 2508 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:49:29.0266 2508 Wd - ok
17:49:29.0313 2508 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:49:29.0313 2508 Wdf01000 - ok
17:49:29.0375 2508 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:49:29.0375 2508 WfpLwf - ok
17:49:29.0391 2508 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:49:29.0391 2508 WIMMount - ok
17:49:29.0516 2508 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
17:49:29.0516 2508 WinUSB - ok
17:49:29.0547 2508 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:49:29.0547 2508 WmiAcpi - ok
17:49:29.0594 2508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:49:29.0594 2508 ws2ifsl - ok
17:49:29.0609 2508 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:49:29.0625 2508 WudfPf - ok
17:49:29.0672 2508 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:49:29.0672 2508 WUDFRd - ok
17:49:29.0718 2508 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:49:29.0734 2508 \Device\Harddisk0\DR0 - ok
17:49:29.0734 2508 Boot (0x1200) (166deb64c751a955ef9392b2e4d38582) \Device\Harddisk0\DR0\Partition0
17:49:29.0734 2508 \Device\Harddisk0\DR0\Partition0 - ok
17:49:29.0734 2508 ============================================================
17:49:29.0734 2508 Scan finished
17:49:29.0734 2508 ============================================================
17:49:29.0734 0764 Detected object count: 0
17:49:29.0734 0764 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 PM

Posted 28 November 2011 - 01:05 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Walterz

Walterz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 28 November 2011 - 01:20 PM

Thank you!

ComboFix ran much, much faster than the previous time. It did not require me to reboot.
As far as I can see at this point, I'm not running into any problems. The general performance & speed of my laptop seem to be up again, and I'm not having any redirects... I'll keep an eye on anything unusual over the next couple of hours/day, in any case.

Here's the ComboFix log:
ComboFix 11-11-27.02 - Wouter 28/11/2011 19:10:56.3.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.32.1043.18.6051.4749 [GMT 1:00]
Gestart vanuit: c:\users\Wouter\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Wouter\Desktop\CFscript.txt
AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-28 to 2011-11-28 ))))))))))))))))))))))))))))))
.
.
2011-11-28 18:13 . 2011-11-28 18:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 18:13 . 2011-11-28 18:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-28 16:46 . 2011-11-28 16:46 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D2EEF86-2AA0-4449-9D6C-876E77C4FB99}\offreg.dll
2011-11-28 16:22 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D2EEF86-2AA0-4449-9D6C-876E77C4FB99}\mpengine.dll
2011-11-26 16:18 . 2011-11-26 16:18 -------- d-----w- c:\program files (x86)\ESET
2011-11-25 09:18 . 2011-11-25 09:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-11-25 09:15 . 2011-11-25 09:15 -------- d-----w- c:\program files\Java
2011-11-25 09:12 . 2011-11-25 09:12 -------- d-----w- c:\users\Wouter\AppData\Local\Secunia PSI
2011-11-25 09:12 . 2011-11-25 09:12 -------- d-----w- c:\program files (x86)\Secunia
2011-11-25 07:28 . 2011-11-25 07:28 -------- d-----w- c:\users\Wouter\AppData\Roaming\Malwarebytes
2011-11-25 07:27 . 2011-11-25 07:27 -------- d-----w- c:\programdata\Malwarebytes
2011-11-25 07:27 . 2011-11-25 07:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-19 13:31 . 2011-11-26 15:47 -------- d-----w- c:\programdata\NCH Software
2011-11-19 13:31 . 2011-11-26 15:48 -------- d-----w- c:\program files (x86)\NCH Software
2011-11-18 15:30 . 2011-11-18 15:30 -------- d-----w- c:\program files (x86)\uTorrent
2011-11-18 15:29 . 2011-11-23 16:23 -------- d-----w- c:\users\Wouter\AppData\Roaming\uTorrent
2011-11-18 15:29 . 2011-11-18 15:29 -------- d-----w- c:\users\Wouter\AppData\Local\uTorrent
2011-11-16 09:29 . 2011-11-16 09:29 -------- d-----w- c:\users\Wouter\AppData\Local\Microsoft Help
2011-11-15 13:48 . 2011-11-22 21:38 -------- d-----w- C:\Wouter
2011-11-03 21:16 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-11-03 21:12 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-11-03 21:12 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-03 21:12 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-11-03 21:12 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 09:28 . 2011-09-07 10:12 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 09:15 . 2011-09-07 10:30 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-11 06:20 . 2011-10-11 06:20 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F579863-E97B-40C2-94D7-2DCBC3173B79}\gapaengine.dll
2011-10-07 04:16 . 2011-09-09 11:58 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-07 13:02 . 2011-09-07 13:02 57344 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{7363BA97-2FCD-4343-8B31-9DD3CCC30F1B}\ARPPRODUCTICON.exe
2011-09-07 12:35 . 2011-09-07 12:35 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-07 12:35 . 2011-09-07 12:35 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-07 12:35 . 2011-09-07 12:35 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-07 12:35 . 2011-09-07 12:35 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-07 12:35 . 2011-09-07 12:35 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-07 12:35 . 2011-09-07 12:35 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-07 12:35 . 2011-09-07 12:35 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-07 12:35 . 2011-09-07 12:35 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-07 12:35 . 2011-09-07 12:35 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-07 12:35 . 2011-09-07 12:35 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-07 12:35 . 2011-09-07 12:35 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-07 12:35 . 2011-09-07 12:35 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-07 12:35 . 2011-09-07 12:35 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-07 12:35 . 2011-09-07 12:35 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-07 12:35 . 2011-09-07 12:35 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-07 12:35 . 2011-09-07 12:35 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-07 12:35 . 2011-09-07 12:35 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-07 12:35 . 2011-09-07 12:35 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-07 12:35 . 2011-09-07 12:35 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-07 12:35 . 2011-09-07 12:35 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-07 12:35 . 2011-09-07 12:35 448512 ----a-w- c:\windows\system32\html.iec
2011-09-07 12:35 . 2011-09-07 12:35 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-07 12:35 . 2011-09-07 12:35 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-07 12:35 . 2011-09-07 12:35 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-07 12:35 . 2011-09-07 12:35 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-07 12:35 . 2011-09-07 12:35 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-07 12:35 . 2011-09-07 12:35 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-07 12:35 . 2011-09-07 12:35 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-07 12:35 . 2011-09-07 12:35 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-07 12:35 . 2011-09-07 12:35 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-07 12:35 . 2011-09-07 12:35 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-07 12:35 . 2011-09-07 12:35 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-07 12:35 . 2011-09-07 12:35 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-07 12:35 . 2011-09-07 12:35 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-07 12:35 . 2011-09-07 12:35 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-07 12:35 . 2011-09-07 12:35 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-07 10:51 . 2011-09-09 11:58 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-07 10:30 . 2011-09-07 10:30 423656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-07 10:08 . 2011-09-07 10:08 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-09-07 10:08 . 2011-09-07 10:08 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-09-07 10:08 . 2011-09-07 10:08 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-09-07 10:08 . 2011-09-07 10:08 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-09-07 10:08 . 2011-09-07 10:08 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-09-07 10:08 . 2011-09-07 10:08 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-28_10.27.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-28 16:46 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-28 07:43 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-28 07:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-28 16:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-28 07:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-28 16:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2011-11-28 16:48 25860 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-28 16:48 33514 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-28 07:46 33514 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-07 13:31 . 2011-11-28 16:48 6986 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-627386464-784032616-454425204-1001_UserData.bin
+ 2011-11-28 08:44 . 2011-11-28 16:17 1530 c:\windows\SoftwareDistribution\EventCache\{4E685FBA-E611-413A-BFF0-DD49BF90DA67}.bin
- 2011-11-28 07:43 . 2011-11-28 07:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-28 16:46 . 2011-11-28 16:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-28 16:46 . 2011-11-28 16:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-28 07:43 . 2011-11-28 07:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-07 14:15 . 2011-11-28 16:41 246572 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-11-21 16:47 . 2011-11-28 07:49 748676 c:\windows\system32\perfh013.dat
+ 2010-11-21 16:47 . 2011-11-28 16:51 748676 c:\windows\system32\perfh013.dat
+ 2009-07-14 02:36 . 2011-11-28 16:51 657430 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-28 07:49 657430 c:\windows\system32\perfh009.dat
+ 2010-11-21 16:47 . 2011-11-28 16:51 154750 c:\windows\system32\perfc013.dat
- 2010-11-21 16:47 . 2011-11-28 07:49 154750 c:\windows\system32\perfc013.dat
- 2009-07-14 02:36 . 2011-11-28 07:49 123202 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-28 16:51 123202 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-11-28 16:43 329348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-26 18:12 329348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-07 17:10 . 2011-11-26 18:12 15765100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-627386464-784032616-454425204-1001-12288.dat
+ 2011-09-07 17:10 . 2011-11-28 16:43 15765100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-627386464-784032616-454425204-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AlwaysShowClassicMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [x]
R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [x]
R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\System32\Drivers\wwuss64.sys [x]
R3 ecnssndisfltr;SSNDIS filter service;c:\windows\System32\Drivers\wwussf64.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys [x]
R3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\drivers\Mbm3DevMt.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\drivers\qcfilterdl2k.sys [x]
R3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\drivers\qcusbserdl2k.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - 44817042
*Deregistered* - 44817042
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 19:27]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 19:27]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-627386464-784032616-454425204-1001Core.job
- c:\users\Wouter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 09:23]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-627386464-784032616-454425204-1001UA.job
- c:\users\Wouter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 09:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.ugent.be
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: ugent.be\athena
Trusted Zone: ugent.be\athenax
Trusted Zone: ugent.be\bthena
Trusted Zone: ugent.be\bthenax
Trusted Zone: ugent.be\minerva
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0EA4AA68-A471-4470-8CDC-092F05FD17AA}: NameServer = 157.193.40.42,157.193.71.1
FF - ProfilePath - c:\users\Wouter\AppData\Roaming\Mozilla\Firefox\Profiles\9xmgrshx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-11-28 19:14:53
ComboFix-quarantined-files.txt 2011-11-28 18:14
ComboFix2.txt 2011-11-28 10:45
.
Pre-Run: 435.068.153.856 bytes beschikbaar
Post-Run: 435.022.483.456 bytes beschikbaar
.
- - End Of File - - 8F8A7547E96A6B47DD423FC0DEA523CE

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 PM

Posted 28 November 2011 - 01:27 PM

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Walterz

Walterz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 28 November 2011 - 02:07 PM

Thanks, Gringo!

The Java Update: the 'Update Tab' is missing from my Java Control Panel. I manually re-installed the latest version from java.com instead. Hopefully that will do the trick?

I ran TFC. Below are the Mbam and Hijackthis logs. Thanks again!

MBAM:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8258

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

28/11/2011 19:53:47
mbam-log-2011-11-28 (19-53-47).txt

Scan type: Quick scan
Objects scanned: 193815
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:04:37, on 28/11/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ugent.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://minerva.ugent.be
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = UGent.be
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EA4AA68-A471-4470-8CDC-092F05FD17AA}: NameServer = 157.193.40.42,157.193.71.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = UGent.be
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = UGent.be
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EA4AA68-A471-4470-8CDC-092F05FD17AA}: NameServer = 157.193.40.42,157.193.71.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = UGent.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = UGent.be
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EA4AA68-A471-4470-8CDC-092F05FD17AA}: NameServer = 157.193.40.42,157.193.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = UGent.be
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10960 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 PM

Posted 28 November 2011 - 02:17 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Walterz

Walterz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 29 November 2011 - 02:22 AM

Hi again Gringo,

I removed the unneeded start-up entries with HiJackThis, and rand the ESET scan (nothing detected).
As far as I can tell for now I'm not running into any of the problems I had before again...

Thanks a ton!
Here's the ESET log:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c49fa36692bb8747a1d25316c5c1ac8e
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-26 04:24:04
# local_time=2011-11-26 05:24:04 (+0100, Romance (standaardtijd))
# country="Belgium"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 6934028 73954309 0 0
# compatibility_mode=8192 67108863 100 0 3743 3743 0 0
# scanned=11570
# found=0
# cleaned=0
# scan_time=184
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c49fa36692bb8747a1d25316c5c1ac8e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-29 07:18:24
# local_time=2011-11-29 08:18:24 (+0100, Romance (standaardtijd))
# country="Belgium"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 45191 45191 0 0
# compatibility_mode=5893 16776574 100 94 7158088 74178369 0 0
# compatibility_mode=8192 67108863 100 0 227803 227803 0 0
# scanned=140642
# found=0
# cleaned=0
# scan_time=2585

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 PM

Posted 29 November 2011 - 09:29 AM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Walterz

Walterz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 29 November 2011 - 11:59 AM

That is excellent! I've followed the instructions above.

There is one error that keeps on popping up occasionally (although not quite often), originating from MBam. It says:
[Open Event] Failed to perform desired action. Error Code: 2.
But since I can manage to run Mbam without a problem and the logs are clean, I suppose it's nothing a re-install can't fix.

So, thanks a lot for all your help! It has been greatly appreciated...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users