Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With TDSS and Google Redirects


  • This topic is locked This topic is locked
51 replies to this topic

#1 Dwight.Schrute

Dwight.Schrute

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 04 December 2011 - 12:15 PM

I have been having trouble with what as far as I know is a TDSS. Google has been redirecting for about a week now. I am running windows 7 on a 64 bit computer. Last night Privacy Protection was downloaded onto my computer and disabled all programs, I followed the steps here, http://www.bleepingcomputer.com/virus-removal/remove-privacy-protection, and it got rid of Privacy Protection, but the redirecting still occurs. I attempted to search for the TDSS through TDSS killer but it did not detect anything. I also attempted to restore my computer to a point from before the redirecting occurred, but it states that something is blocking the process. In the dialogue box it says that it is most likely an antivirus program on my computer, but I uninstalled all the known ones that I have and restoring to a previous point still yields no results. Something is also blocking me from turning on the firewall on my computer, it gives an error message when I attempt to restore the firewall to default settings. I am truly gracious for any help you give, thank you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Russell at 10:45:20 on 2011-12-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1647 [GMT -6:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\dlbkcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files (x86)\Cobian Backup 10\Cobian.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273612098406l0353z196a48m34282
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273612098406l0353z196a48m34282
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273612098406l0353z196a48m34282
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273612098406l0353z196a48m34282
mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6127C228-10DA-4B85-966B-1E7E03F84EBF} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\ieuezbh2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [?]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSviA64.sys [2010-2-19 466992]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2011-12-4 67584]
R2 dlbk_device;dlbk_device;C:\Windows\system32\dlbkcoms.exe -service --> C:\Windows\system32\dlbkcoms.exe -service [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-9-7 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-3 366152]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-9-7 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-12-25 132656]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]
R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1caebfc146cdb97;Google Update Service (gupdate1caebfc146cdb97);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-4 133104]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-4 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-12-3 17152]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-04 16:34:35 -------- d-----w- C:\Users\Russell\AppData\Local\Safe mirror
2011-12-04 16:33:46 -------- d-----w- C:\Program Files (x86)\Cobian Backup 10
2011-12-03 19:53:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-12-03 19:53:25 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-12-03 19:37:49 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-12-03 19:34:10 -------- d-----w- C:\Users\Russell\AppData\Local\adaware
2011-12-03 19:34:08 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2011-12-03 19:34:05 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2011-12-03 19:33:43 -------- d-----w- C:\Program Files (x86)\adawaretb
2011-12-03 19:33:17 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-12-03 19:13:47 -------- d-----w- C:\Users\Russell\AppData\Roaming\Malwarebytes
2011-12-03 19:13:38 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-03 19:13:35 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-03 19:13:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-02 22:14:44 116224 ----a-w- C:\Windows\SysWow64\pE81Oy2P.com_
2011-12-02 22:14:44 116224 ----a-w- C:\Windows\SysWow64\pE81Oy2P.com
2011-12-02 22:03:33 -------- d-----w- C:\Users\Russell\AppData\Roaming\SUPERAntiSpyware.com
2011-12-02 22:03:14 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-02 22:03:14 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-02 12:23:23 -------- d-----we C:\Windows\system64
2011-11-29 21:50:46 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E8A28A9-46D3-4EB4-B7B7-DA75FBCA0063}\mpengine.dll
2011-11-09 21:20:55 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 21:20:55 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 21:20:53 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 21:20:44 3141120 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-10-11 21:09:03 561800 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\cchpx64.sys
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-22 00:35:58 56952 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symndisv.sys
2011-09-22 00:35:58 44152 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symndis.sys
2011-09-22 00:35:58 43640 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symids.sys
2011-09-22 00:35:58 279160 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symtdi.sys
2011-09-22 00:35:58 120952 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symfw.sys
.
============= FINISH: 10:46:18.44 ===============

Attached Files


Edited by Dwight.Schrute, 04 December 2011 - 12:18 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 07 December 2011 - 11:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dwight.Schrute

Dwight.Schrute
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 07 December 2011 - 07:28 PM

Thank you so much for the response.

Three things I have noticed since I posted the question.
1. Twice now when I try to start my computer it has said that it could not start and it runs a windows start-up fixer, it is running now though.
2. It is redirecting my bookmarks and searches. When I try to click my email bookmark it tells me that the URL was not found. I was not able to get onto my email despite the multiple different approaches and indirect ways of linking I attempted.
3. Occasionally the internet on my computer gets disconnected for a couple of minutes at a time. This has been happening since before google started redirecting and I do not think it is related but I have no experience in the subject.

As far as how the computer is doing now it seems faster and has not yet redirected. Was combofix supposed to actually get rid of malware or just identify it?

Combofix log:

ComboFix 11-12-06.02 - Russell 12/07/2011 17:51:48.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1794 [GMT -6:00]
Running from: c:\users\Russell\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-08 00:00 . 2011-12-08 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-07 21:23 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2011-12-04 16:34 . 2011-12-04 16:34 -------- d-----w- c:\users\Russell\AppData\Local\Safe mirror
2011-12-04 16:33 . 2011-12-06 02:31 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2011-12-03 19:53 . 2011-12-04 07:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-03 19:53 . 2011-12-04 07:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-12-03 19:37 . 2011-12-03 19:37 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-03 19:34 . 2011-12-03 19:36 -------- d-----w- c:\users\Russell\AppData\Local\adaware
2011-12-03 19:34 . 2011-12-08 00:03 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-12-03 19:34 . 2011-12-04 07:40 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2011-12-03 19:33 . 2011-12-07 23:20 -------- d-----w- c:\program files (x86)\adawaretb
2011-12-03 19:33 . 2011-12-03 19:33 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-03 19:33 . 2011-12-04 07:48 -------- d-----w- c:\programdata\Lavasoft
2011-12-03 19:13 . 2011-12-03 19:13 -------- d-----w- c:\users\Russell\AppData\Roaming\Malwarebytes
2011-12-03 19:13 . 2011-12-03 19:13 -------- d-----w- c:\programdata\Malwarebytes
2011-12-03 19:13 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 19:13 . 2011-12-04 07:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-02 22:14 . 2011-12-02 12:51 116224 ----a-w- c:\windows\SysWow64\pE81Oy2P.com
2011-12-02 22:03 . 2011-12-02 22:03 -------- d-----w- c:\users\Russell\AppData\Roaming\SUPERAntiSpyware.com
2011-12-02 22:03 . 2011-12-07 23:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-02 22:03 . 2011-12-02 22:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-29 21:50 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E8A28A9-46D3-4EB4-B7B7-DA75FBCA0063}\mpengine.dll
2011-11-09 21:20 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:20 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 21:20 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:20 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 21:09 . 2011-10-11 21:09 561800 ----a-w- c:\windows\system32\drivers\NISx64\1008030.006\cchpx64.sys
2011-10-01 03:21 . 2011-10-11 21:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-11 21:16 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-22 00:35 . 2011-10-11 21:09 56952 ----a-w- c:\windows\system32\drivers\NISx64\1008030.006\symndisv.sys
2011-09-22 00:35 . 2011-10-11 21:09 44152 ----a-w- c:\windows\system32\drivers\NISx64\1008030.006\symndis.sys
2011-09-22 00:35 . 2011-10-11 21:09 43640 ----a-w- c:\windows\system32\drivers\NISx64\1008030.006\symids.sys
2011-09-22 00:35 . 2011-10-11 21:09 279160 ----a-w- c:\windows\system32\drivers\NISx64\1008030.006\symtdi.sys
2011-09-22 00:35 . 2011-10-11 21:09 120952 ----a-w- c:\windows\system32\drivers\NISx64\1008030.006\symfw.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-08-03 630784]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-14 98304]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1caebfc146cdb97;Google Update Service (gupdate1caebfc146cdb97);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05 133104]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-12-25 132656]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05 133104]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-03 17152]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100218.001\IDSvia64.sys [2009-10-28 466992]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\At1.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At10.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At11.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At12.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At13.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At14.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At15.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At16.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At17.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At18.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At19.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At2.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At20.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At21.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At22.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At23.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At24.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At25.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At26.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At27.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At28.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At29.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At3.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At30.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-07 c:\windows\Tasks\At31.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-07 c:\windows\Tasks\At32.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-07 c:\windows\Tasks\At33.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-07 c:\windows\Tasks\At34.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-07 c:\windows\Tasks\At35.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-07 c:\windows\Tasks\At36.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At37.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At38.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At39.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At4.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At40.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At41.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At42.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At43.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At44.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At45.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At46.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At47.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-04 c:\windows\Tasks\At48.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At5.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At6.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At7.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At8.job
- c:\windows\system32\pE81Oy2P.com_ [2011-12-02 12:51]
.
2011-12-03 c:\windows\Tasks\At9.job
- c:\windows\system32\pE81Oy2P.com [2011-12-02 12:51]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05 02:38]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05 02:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-29 824352]
"combofix"="c:\combofix\CF1409.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273612098406l0353z196a48m34282
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273612098406l0353z196a48m34282
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\ieuezbh2.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\systemroot\svchost.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2011-12-07 18:14:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-08 00:14
.
Pre-Run: 168,695,033,856 bytes free
Post-Run: 168,867,782,656 bytes free
.
- - End Of File - - 90C5C38FEBFEC72DDC6DB601300F30FA

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 07 December 2011 - 07:42 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Dwight.Schrute

Dwight.Schrute
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 07 December 2011 - 08:24 PM

19:31:57.0194 5976 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
19:31:57.0335 5976 ============================================================
19:31:57.0335 5976 Current date / time: 2011/12/07 19:31:57.0335
19:31:57.0335 5976 SystemInfo:
19:31:57.0335 5976
19:31:57.0335 5976 OS Version: 6.1.7600 ServicePack: 0.0
19:31:57.0335 5976 Product type: Workstation
19:31:57.0335 5976 ComputerName: RUSSELL-PC
19:31:57.0335 5976 UserName: Russell
19:31:57.0335 5976 Windows directory: C:\Windows
19:31:57.0335 5976 System windows directory: C:\Windows
19:31:57.0335 5976 Running under WOW64
19:31:57.0335 5976 Processor architecture: Intel x64
19:31:57.0335 5976 Number of processors: 2
19:31:57.0335 5976 Page size: 0x1000
19:31:57.0335 5976 Boot type: Normal boot
19:31:57.0335 5976 ============================================================
19:31:59.0254 5976 Initialize success
19:32:01.0859 4364 ============================================================
19:32:01.0859 4364 Scan started
19:32:01.0859 4364 Mode: Manual;
19:32:01.0859 4364 ============================================================
19:32:05.0228 4364 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:32:05.0228 4364 1394ohci - ok
19:32:05.0291 4364 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:32:05.0291 4364 ACPI - ok
19:32:05.0416 4364 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:32:05.0416 4364 AcpiPmi - ok
19:32:05.0478 4364 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:32:05.0494 4364 adp94xx - ok
19:32:05.0650 4364 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:32:05.0665 4364 adpahci - ok
19:32:05.0821 4364 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:32:05.0837 4364 adpu320 - ok
19:32:06.0008 4364 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
19:32:06.0008 4364 AFD - ok
19:32:06.0133 4364 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:32:06.0133 4364 agp440 - ok
19:32:06.0196 4364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:32:06.0196 4364 aliide - ok
19:32:06.0757 4364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:32:06.0757 4364 amdide - ok
19:32:06.0866 4364 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:32:06.0866 4364 AmdK8 - ok
19:32:06.0976 4364 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:32:06.0976 4364 AmdPPM - ok
19:32:07.0194 4364 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:32:07.0194 4364 amdsata - ok
19:32:07.0303 4364 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:32:07.0303 4364 amdsbs - ok
19:32:07.0366 4364 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:32:07.0381 4364 amdxata - ok
19:32:07.0522 4364 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:32:07.0522 4364 AppID - ok
19:32:07.0678 4364 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:32:07.0693 4364 arc - ok
19:32:07.0740 4364 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:32:07.0740 4364 arcsas - ok
19:32:07.0865 4364 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:32:07.0865 4364 AsyncMac - ok
19:32:07.0896 4364 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:32:07.0896 4364 atapi - ok
19:32:08.0052 4364 athr (b2c3a8618867404475228f7dd260698b) C:\Windows\system32\DRIVERS\athrx.sys
19:32:08.0083 4364 athr - ok
19:32:08.0224 4364 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
19:32:08.0224 4364 AtiHdmiService - ok
19:32:08.0395 4364 atikmdag (74813bcd647b441dc9c9c0db2833781d) C:\Windows\system32\DRIVERS\atikmdag.sys
19:32:08.0536 4364 atikmdag - ok
19:32:08.0676 4364 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:32:08.0676 4364 AtiPcie - ok
19:32:08.0879 4364 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:32:08.0894 4364 b06bdrv - ok
19:32:09.0019 4364 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:32:09.0035 4364 b57nd60a - ok
19:32:09.0097 4364 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:32:09.0097 4364 Beep - ok
19:32:09.0316 4364 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys
19:32:09.0316 4364 BHDrvx64 - ok
19:32:09.0440 4364 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:32:09.0440 4364 blbdrive - ok
19:32:09.0550 4364 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:32:09.0550 4364 bowser - ok
19:32:09.0643 4364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:32:09.0643 4364 BrFiltLo - ok
19:32:09.0674 4364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:32:09.0674 4364 BrFiltUp - ok
19:32:09.0768 4364 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:32:09.0784 4364 Brserid - ok
19:32:09.0846 4364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:32:09.0846 4364 BrSerWdm - ok
19:32:09.0955 4364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:32:09.0955 4364 BrUsbMdm - ok
19:32:10.0018 4364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:32:10.0018 4364 BrUsbSer - ok
19:32:10.0376 4364 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:32:10.0392 4364 BthEnum - ok
19:32:10.0532 4364 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:32:10.0532 4364 BTHMODEM - ok
19:32:10.0595 4364 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:32:10.0595 4364 BthPan - ok
19:32:10.0704 4364 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
19:32:10.0720 4364 BTHPORT - ok
19:32:10.0876 4364 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
19:32:10.0876 4364 BTHUSB - ok
19:32:10.0954 4364 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
19:32:10.0969 4364 CAXHWAZL - ok
19:32:11.0078 4364 ccHP (a2e6ab452b9393ca8d11d28827e0e1a1) C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys
19:32:11.0094 4364 ccHP - ok
19:32:11.0219 4364 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:32:11.0219 4364 cdfs - ok
19:32:11.0297 4364 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:32:11.0297 4364 cdrom - ok
19:32:11.0437 4364 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:32:11.0437 4364 circlass - ok
19:32:11.0500 4364 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:32:11.0500 4364 CLFS - ok
19:32:11.0656 4364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:32:11.0656 4364 CmBatt - ok
19:32:11.0687 4364 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:32:11.0687 4364 cmdide - ok
19:32:11.0718 4364 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
19:32:11.0718 4364 CNG - ok
19:32:11.0936 4364 CnxtHdAudService (0d23c3312838eea1ed55d5f135bca613) C:\Windows\system32\drivers\CHDRT64.sys
19:32:11.0952 4364 CnxtHdAudService - ok
19:32:12.0139 4364 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:32:12.0155 4364 Compbatt - ok
19:32:12.0233 4364 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:32:12.0233 4364 CompositeBus - ok
19:32:12.0358 4364 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:32:12.0358 4364 crcdisk - ok
19:32:12.0545 4364 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:32:12.0545 4364 DfsC - ok
19:32:12.0623 4364 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:32:12.0623 4364 discache - ok
19:32:12.0779 4364 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:32:12.0779 4364 Disk - ok
19:32:12.0997 4364 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:32:12.0997 4364 drmkaud - ok
19:32:13.0091 4364 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:32:13.0122 4364 DXGKrnl - ok
19:32:13.0325 4364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:32:13.0434 4364 ebdrv - ok
19:32:13.0559 4364 eeCtrl (8ecb5d35f400706016931bd25ae1b554) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:32:13.0574 4364 eeCtrl - ok
19:32:13.0715 4364 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
19:32:13.0715 4364 ElbyCDIO - ok
19:32:13.0840 4364 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:32:13.0840 4364 elxstor - ok
19:32:13.0980 4364 EraserUtilRebootDrv (8adb1fab20d285088ceb1215f5d22080) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:32:13.0980 4364 EraserUtilRebootDrv - ok
19:32:14.0105 4364 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:32:14.0105 4364 ErrDev - ok
19:32:14.0167 4364 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:32:14.0167 4364 exfat - ok
19:32:14.0214 4364 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:32:14.0214 4364 fastfat - ok
19:32:14.0370 4364 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:32:14.0370 4364 fdc - ok
19:32:14.0432 4364 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:32:14.0432 4364 FileInfo - ok
19:32:14.0479 4364 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:32:14.0479 4364 Filetrace - ok
19:32:14.0573 4364 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:32:14.0573 4364 flpydisk - ok
19:32:14.0635 4364 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:32:14.0635 4364 FltMgr - ok
19:32:14.0791 4364 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:32:14.0791 4364 FsDepends - ok
19:32:14.0838 4364 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:32:14.0838 4364 Fs_Rec - ok
19:32:14.0994 4364 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:32:15.0010 4364 fvevol - ok
19:32:15.0103 4364 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:32:15.0103 4364 gagp30kx - ok
19:32:15.0384 4364 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:32:15.0384 4364 hcw85cir - ok
19:32:15.0478 4364 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:32:15.0478 4364 HdAudAddService - ok
19:32:15.0790 4364 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:32:15.0883 4364 HDAudBus - ok
19:32:16.0398 4364 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:32:16.0414 4364 HidBatt - ok
19:32:16.0632 4364 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:32:16.0632 4364 HidBth - ok
19:32:16.0772 4364 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:32:16.0772 4364 HidIr - ok
19:32:16.0913 4364 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:32:16.0975 4364 HidUsb - ok
19:32:17.0116 4364 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:32:17.0131 4364 HpSAMD - ok
19:32:17.0303 4364 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
19:32:17.0334 4364 HSF_DPV - ok
19:32:17.0490 4364 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:32:17.0506 4364 HTTP - ok
19:32:17.0615 4364 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:32:17.0615 4364 hwpolicy - ok
19:32:17.0818 4364 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:32:17.0818 4364 i8042prt - ok
19:32:17.0942 4364 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:32:17.0958 4364 iaStorV - ok
19:32:18.0098 4364 IDSVia64 (9a793a1451b5e2cf54b4a33342cb58cf) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100218.001\IDSvia64.sys
19:32:18.0114 4364 IDSVia64 - ok
19:32:18.0426 4364 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:32:18.0613 4364 igfx - ok
19:32:18.0769 4364 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:32:18.0769 4364 iirsp - ok
19:32:18.0972 4364 int15.sys (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys
19:32:18.0972 4364 int15.sys - ok
19:32:19.0081 4364 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:32:19.0081 4364 intelide - ok
19:32:19.0237 4364 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:32:19.0237 4364 intelppm - ok
19:32:19.0300 4364 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:32:19.0315 4364 IpFilterDriver - ok
19:32:19.0409 4364 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:32:19.0409 4364 IPMIDRV - ok
19:32:19.0440 4364 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:32:19.0456 4364 IPNAT - ok
19:32:19.0580 4364 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:32:19.0580 4364 IRENUM - ok
19:32:19.0627 4364 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:32:19.0627 4364 isapnp - ok
19:32:19.0705 4364 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:32:19.0705 4364 iScsiPrt - ok
19:32:19.0783 4364 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:32:19.0783 4364 kbdclass - ok
19:32:19.0908 4364 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:32:19.0908 4364 kbdhid - ok
19:32:19.0986 4364 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
19:32:19.0986 4364 KSecDD - ok
19:32:20.0095 4364 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
19:32:20.0095 4364 KSecPkg - ok
19:32:20.0220 4364 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:32:20.0220 4364 ksthunk - ok
19:32:20.0392 4364 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
19:32:20.0392 4364 Lavasoft Kernexplorer - ok
19:32:20.0548 4364 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:32:20.0548 4364 lltdio - ok
19:32:20.0704 4364 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:32:20.0704 4364 LSI_FC - ok
19:32:20.0782 4364 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:32:20.0782 4364 LSI_SAS - ok
19:32:20.0875 4364 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:32:20.0875 4364 LSI_SAS2 - ok
19:32:20.0906 4364 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:32:20.0906 4364 LSI_SCSI - ok
19:32:20.0984 4364 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:32:20.0984 4364 luafv - ok
19:32:21.0078 4364 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
19:32:21.0094 4364 MBAMProtector - ok
19:32:21.0234 4364 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:32:21.0234 4364 mdmxsdk - ok
19:32:21.0312 4364 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:32:21.0328 4364 megasas - ok
19:32:21.0390 4364 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:32:21.0390 4364 MegaSR - ok
19:32:21.0452 4364 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:32:21.0452 4364 Modem - ok
19:32:21.0515 4364 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:32:21.0515 4364 monitor - ok
19:32:21.0655 4364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:32:21.0655 4364 mouclass - ok
19:32:21.0718 4364 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:32:21.0718 4364 mouhid - ok
19:32:21.0749 4364 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:32:21.0749 4364 mountmgr - ok
19:32:21.0827 4364 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:32:21.0827 4364 mpio - ok
19:32:21.0905 4364 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:32:21.0905 4364 mpsdrv - ok
19:32:21.0952 4364 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:32:21.0952 4364 MRxDAV - ok
19:32:22.0076 4364 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:32:22.0092 4364 mrxsmb - ok
19:32:22.0217 4364 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:32:22.0248 4364 mrxsmb10 - ok
19:32:22.0326 4364 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:32:22.0342 4364 mrxsmb20 - ok
19:32:22.0404 4364 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:32:22.0404 4364 msahci - ok
19:32:22.0482 4364 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:32:22.0482 4364 msdsm - ok
19:32:22.0560 4364 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:32:22.0560 4364 Msfs - ok
19:32:22.0654 4364 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:32:22.0654 4364 mshidkmdf - ok
19:32:22.0700 4364 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:32:22.0700 4364 msisadrv - ok
19:32:22.0763 4364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:32:22.0763 4364 MSKSSRV - ok
19:32:22.0872 4364 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:32:22.0872 4364 MSPCLOCK - ok
19:32:22.0919 4364 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:32:22.0919 4364 MSPQM - ok
19:32:22.0950 4364 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:32:22.0950 4364 MsRPC - ok
19:32:22.0981 4364 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:32:22.0981 4364 mssmbios - ok
19:32:23.0044 4364 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:32:23.0044 4364 MSTEE - ok
19:32:23.0106 4364 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:32:23.0106 4364 MTConfig - ok
19:32:23.0200 4364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:32:23.0231 4364 Mup - ok
19:32:23.0324 4364 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:32:23.0324 4364 NativeWifiP - ok
19:32:23.0449 4364 NAVENG - ok
19:32:23.0449 4364 NAVEX15 - ok
19:32:23.0621 4364 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:32:23.0652 4364 NDIS - ok
19:32:23.0777 4364 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:32:23.0777 4364 NdisCap - ok
19:32:23.0855 4364 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:32:23.0855 4364 NdisTapi - ok
19:32:23.0886 4364 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:32:23.0902 4364 Ndisuio - ok
19:32:24.0026 4364 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:32:24.0042 4364 NdisWan - ok
19:32:24.0058 4364 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:32:24.0058 4364 NDProxy - ok
19:32:24.0104 4364 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:32:24.0104 4364 NetBIOS - ok
19:32:24.0214 4364 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:32:24.0214 4364 NetBT - ok
19:32:24.0354 4364 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
19:32:24.0370 4364 netr28x - ok
19:32:24.0494 4364 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:32:24.0510 4364 nfrd960 - ok
19:32:24.0557 4364 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:32:24.0572 4364 Npfs - ok
19:32:24.0666 4364 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:32:24.0682 4364 nsiproxy - ok
19:32:24.0775 4364 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:32:24.0822 4364 Ntfs - ok
19:32:24.0916 4364 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:32:24.0916 4364 Null - ok
19:32:24.0994 4364 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:32:24.0994 4364 nvraid - ok
19:32:25.0103 4364 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:32:25.0118 4364 nvstor - ok
19:32:25.0150 4364 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:32:25.0150 4364 nv_agp - ok
19:32:25.0306 4364 O2MDRDR (26da4b40670ad436f7daec053a2a9eca) C:\Windows\system32\DRIVERS\o2mdx64.sys
19:32:25.0306 4364 O2MDRDR - ok
19:32:25.0446 4364 O2SDRDR (2e69a2adc12daa7ac7b4ffd8601e88b0) C:\Windows\system32\DRIVERS\o2sdx64.sys
19:32:25.0462 4364 O2SDRDR - ok
19:32:25.0493 4364 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:32:25.0493 4364 ohci1394 - ok
19:32:25.0540 4364 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:32:25.0540 4364 Parport - ok
19:32:25.0664 4364 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:32:25.0664 4364 partmgr - ok
19:32:25.0696 4364 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:32:25.0696 4364 pci - ok
19:32:25.0727 4364 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:32:25.0727 4364 pciide - ok
19:32:25.0852 4364 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:32:25.0852 4364 pcmcia - ok
19:32:25.0898 4364 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:32:25.0898 4364 pcw - ok
19:32:25.0961 4364 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:32:25.0976 4364 PEAUTH - ok
19:32:26.0164 4364 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:32:26.0179 4364 PptpMiniport - ok
19:32:26.0226 4364 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:32:26.0226 4364 Processor - ok
19:32:26.0335 4364 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:32:26.0335 4364 Psched - ok
19:32:26.0491 4364 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:32:26.0522 4364 ql2300 - ok
19:32:26.0834 4364 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:32:26.0850 4364 ql40xx - ok
19:32:26.0928 4364 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:32:26.0928 4364 QWAVEdrv - ok
19:32:26.0959 4364 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:32:26.0959 4364 RasAcd - ok
19:32:27.0100 4364 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:32:27.0100 4364 RasAgileVpn - ok
19:32:27.0162 4364 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:32:27.0178 4364 Rasl2tp - ok
19:32:27.0271 4364 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:32:27.0271 4364 RasPppoe - ok
19:32:27.0318 4364 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:32:27.0334 4364 RasSstp - ok
19:32:27.0365 4364 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:32:27.0380 4364 rdbss - ok
19:32:27.0396 4364 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:32:27.0412 4364 rdpbus - ok
19:32:27.0505 4364 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:32:27.0505 4364 RDPCDD - ok
19:32:27.0552 4364 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:32:27.0552 4364 RDPENCDD - ok
19:32:27.0583 4364 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:32:27.0599 4364 RDPREFMP - ok
19:32:27.0692 4364 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:32:27.0708 4364 RDPWD - ok
19:32:27.0755 4364 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:32:27.0770 4364 rdyboost - ok
19:32:27.0926 4364 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:32:27.0942 4364 RFCOMM - ok
19:32:28.0051 4364 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:32:28.0067 4364 rspndr - ok
19:32:28.0176 4364 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:32:28.0176 4364 SASDIFSV - ok
19:32:28.0192 4364 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:32:28.0192 4364 SASKUTIL - ok
19:32:28.0348 4364 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:32:28.0363 4364 sbp2port - ok
19:32:28.0410 4364 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:32:28.0410 4364 scfilter - ok
19:32:28.0550 4364 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
19:32:28.0550 4364 sdbus - ok
19:32:28.0613 4364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:32:28.0613 4364 secdrv - ok
19:32:28.0722 4364 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:32:28.0738 4364 Serenum - ok
19:32:28.0753 4364 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:32:28.0769 4364 Serial - ok
19:32:28.0831 4364 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:32:28.0831 4364 sermouse - ok
19:32:28.0878 4364 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:32:28.0878 4364 sffdisk - ok
19:32:28.0940 4364 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:32:28.0940 4364 sffp_mmc - ok
19:32:28.0987 4364 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:32:28.0987 4364 sffp_sd - ok
19:32:29.0018 4364 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:32:29.0018 4364 sfloppy - ok
19:32:29.0128 4364 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:32:29.0128 4364 SiSRaid2 - ok
19:32:29.0190 4364 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:32:29.0190 4364 SiSRaid4 - ok
19:32:29.0284 4364 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:32:29.0284 4364 Smb - ok
19:32:29.0393 4364 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:32:29.0393 4364 spldr - ok
19:32:29.0549 4364 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS
19:32:29.0564 4364 SRTSP - ok
19:32:29.0689 4364 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS
19:32:29.0705 4364 SRTSPX - ok
19:32:29.0752 4364 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:32:29.0767 4364 srv - ok
19:32:29.0892 4364 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:32:29.0908 4364 srv2 - ok
19:32:29.0939 4364 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:32:29.0954 4364 SrvHsfHDA - ok
19:32:30.0110 4364 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:32:30.0142 4364 SrvHsfV92 - ok
19:32:30.0313 4364 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:32:30.0329 4364 SrvHsfWinac - ok
19:32:30.0454 4364 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:32:30.0469 4364 srvnet - ok
19:32:30.0547 4364 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:32:30.0547 4364 stexstor - ok
19:32:30.0688 4364 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:32:30.0688 4364 swenum - ok
19:32:30.0828 4364 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS
19:32:30.0844 4364 SymEFA - ok
19:32:30.0968 4364 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:32:30.0968 4364 SymEvent - ok
19:32:31.0078 4364 SYMFW - ok
19:32:31.0124 4364 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
19:32:31.0124 4364 SymIM - ok
19:32:31.0140 4364 SYMNDISV - ok
19:32:31.0234 4364 SYMTDI (33b37cb0a74f1f4b78a665ece9184095) C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS
19:32:31.0249 4364 SYMTDI - ok
19:32:31.0374 4364 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
19:32:31.0390 4364 SynTP - ok
19:32:31.0514 4364 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:32:31.0546 4364 Tcpip - ok
19:32:31.0733 4364 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:32:31.0764 4364 TCPIP6 - ok
19:32:31.0873 4364 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:32:31.0873 4364 tcpipreg - ok
19:32:31.0936 4364 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:32:31.0982 4364 TDPIPE - ok
19:32:32.0014 4364 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:32:32.0014 4364 TDTCP - ok
19:32:32.0123 4364 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:32:32.0123 4364 tdx - ok
19:32:32.0138 4364 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:32:32.0138 4364 TermDD - ok
19:32:32.0185 4364 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:32:32.0185 4364 tssecsrv - ok
19:32:32.0326 4364 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:32:32.0326 4364 tunnel - ok
19:32:32.0341 4364 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:32:32.0357 4364 uagp35 - ok
19:32:32.0372 4364 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:32:32.0388 4364 udfs - ok
19:32:32.0513 4364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:32:32.0513 4364 uliagpkx - ok
19:32:32.0591 4364 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:32:32.0591 4364 umbus - ok
19:32:32.0606 4364 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:32:32.0622 4364 UmPass - ok
19:32:32.0762 4364 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
19:32:32.0762 4364 usbaudio - ok
19:32:32.0809 4364 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:32:32.0825 4364 usbccgp - ok
19:32:32.0934 4364 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:32:32.0934 4364 usbcir - ok
19:32:32.0996 4364 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:32:32.0996 4364 usbehci - ok
19:32:33.0074 4364 usbfilter (d524f3716d85b744762ff5eaaef8f3a2) C:\Windows\system32\DRIVERS\usbfilter.sys
19:32:33.0074 4364 usbfilter - ok
19:32:33.0152 4364 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:32:33.0168 4364 usbhub - ok
19:32:33.0262 4364 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
19:32:33.0262 4364 usbohci - ok
19:32:33.0293 4364 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:32:33.0293 4364 usbprint - ok
19:32:33.0386 4364 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:32:33.0402 4364 usbscan - ok
19:32:33.0464 4364 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:32:33.0464 4364 USBSTOR - ok
19:32:33.0574 4364 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:32:33.0589 4364 usbuhci - ok
19:32:33.0652 4364 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:32:33.0652 4364 usbvideo - ok
19:32:33.0792 4364 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
19:32:33.0792 4364 VClone - ok
19:32:33.0901 4364 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:32:33.0901 4364 vdrvroot - ok
19:32:33.0995 4364 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:32:33.0995 4364 vga - ok
19:32:34.0057 4364 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:32:34.0057 4364 VgaSave - ok
19:32:34.0088 4364 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:32:34.0104 4364 vhdmp - ok
19:32:34.0198 4364 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:32:34.0198 4364 viaide - ok
19:32:34.0260 4364 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:32:34.0260 4364 volmgr - ok
19:32:34.0322 4364 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:32:34.0338 4364 volmgrx - ok
19:32:34.0447 4364 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:32:34.0447 4364 volsnap - ok
19:32:34.0572 4364 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:32:34.0572 4364 vsmraid - ok
19:32:34.0650 4364 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:32:34.0650 4364 vwifibus - ok
19:32:34.0728 4364 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:32:34.0744 4364 vwififlt - ok
19:32:34.0775 4364 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:32:34.0775 4364 WacomPen - ok
19:32:34.0884 4364 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:32:34.0884 4364 WANARP - ok
19:32:34.0900 4364 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:32:34.0900 4364 Wanarpv6 - ok
19:32:35.0071 4364 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:32:35.0071 4364 Wd - ok
19:32:35.0118 4364 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:32:35.0134 4364 Wdf01000 - ok
19:32:35.0305 4364 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:32:35.0305 4364 WfpLwf - ok
19:32:35.0336 4364 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:32:35.0336 4364 WIMMount - ok
19:32:35.0399 4364 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
19:32:35.0414 4364 winachsf - ok
19:32:35.0602 4364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:32:35.0602 4364 WmiAcpi - ok
19:32:35.0664 4364 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:32:35.0664 4364 ws2ifsl - ok
19:32:35.0804 4364 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:32:35.0804 4364 WudfPf - ok
19:32:35.0882 4364 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:32:35.0882 4364 WUDFRd - ok
19:32:35.0992 4364 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
19:32:35.0992 4364 XAudio - ok
19:32:36.0116 4364 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
19:32:36.0116 4364 yukonw7 - ok
19:32:36.0163 4364 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
19:32:36.0226 4364 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
19:32:36.0226 4364 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
19:32:36.0226 4364 Boot (0x1200) (710c19766a8d3dd1bbb6c9d67e9f4c29) \Device\Harddisk0\DR0\Partition0
19:32:36.0226 4364 \Device\Harddisk0\DR0\Partition0 - ok
19:32:36.0257 4364 Boot (0x1200) (4b69b586de2e0fd3613d837c076e1d4c) \Device\Harddisk0\DR0\Partition1
19:32:36.0257 4364 \Device\Harddisk0\DR0\Partition1 - ok
19:32:36.0272 4364 ============================================================
19:32:36.0272 4364 Scan finished
19:32:36.0272 4364 ============================================================
19:32:36.0288 5292 Detected object count: 1
19:32:36.0288 5292 Actual detected object count: 1
19:32:59.0048 5292 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user
19:32:59.0048 5292 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip

Edited by Dwight.Schrute, 07 December 2011 - 08:34 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 08 December 2011 - 08:59 AM

Hello


rerun TDSSKiller and allow it to cure the rootkit


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Dwight.Schrute

Dwight.Schrute
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 08 December 2011 - 05:33 PM

So I ran it again but the file your talking about is labeled as only suspicious, so I can't "cure" it. Should I copy to quarantine or restore it?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 08 December 2011 - 05:39 PM

Hello

run this one for me I want to see what it has to say


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Dwight.Schrute

Dwight.Schrute
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 08 December 2011 - 06:32 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-08 17:30:39
-----------------------------
17:30:39.227 OS Version: Windows x64 6.1.7600
17:30:39.227 Number of processors: 2 586 0x301
17:30:39.227 ComputerName: RUSSELL-PC UserName: Russell
17:30:41.474 Initialize success
17:31:06.325 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:31:06.341 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 3
17:31:06.341 Device \Driver\atapi -> MajorFunction fffffa80034d15c4
17:31:08.369 Disk 0 MBR read successfully
17:31:08.369 Disk 0 MBR scan
17:31:08.369 Disk 0 TDL4@MBR code has been found
17:31:08.385 Disk 0 Windows 7 default MBR code found via API
17:31:08.400 Disk 0 MBR hidden
17:31:08.400 Disk 0 MBR [TDL4] **ROOTKIT**
17:31:08.416 Disk 0 trace - called modules:
17:31:08.416 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80034d15c4]<<
17:31:08.431 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002c023b0]
17:31:08.431 3 CLASSPNP.SYS[fffff8800192343f] -> nt!IofCallDriver -> [0xfffffa8002dce520]
17:31:08.431 5 ACPI.sys[fffff88000f80781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002dd4060]
17:31:08.447 \Driver\atapi[0xfffffa80034c62d0] -> IRP_MJ_CREATE -> 0xfffffa80034d15c4
17:31:08.463 Scan finished successfully
17:31:41.254 Disk 0 MBR has been saved successfully to "C:\Users\Russell\Desktop\MBR.dat"
17:31:41.254 The log file has been saved successfully to "C:\Users\Russell\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 08 December 2011 - 07:19 PM

Hello

I want you to rerun ASWmbr and run the fix below

aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Dwight.Schrute

Dwight.Schrute
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 08 December 2011 - 07:33 PM

I ran the program and "fixed," however, when was I supposed to save the log? I restarted before I read the line saying to save the log. Is there a way I can duplicate the log I would have gotten?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 08 December 2011 - 07:59 PM

Hello


restart the computer and just do a scan for me and how is the computer doing now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Dwight.Schrute

Dwight.Schrute
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 08 December 2011 - 08:11 PM

I just got another popup, so it's not perfectly fixed.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-08 19:06:47
-----------------------------
19:06:47.158 OS Version: Windows x64 6.1.7600
19:06:47.158 Number of processors: 2 586 0x301
19:06:47.158 ComputerName: RUSSELL-PC UserName: Russell
19:06:51.650 Initialize success
19:06:56.528 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:06:56.528 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 3
19:06:58.603 Disk 0 MBR read successfully
19:06:58.603 Disk 0 MBR scan
19:06:58.603 Disk 0 Windows 7 default MBR code
19:06:58.603 Service scanning
19:07:00.288 Modules scanning
19:07:00.288 Disk 0 trace - called modules:
19:07:00.304 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:07:00.319 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002f02790]
19:07:00.319 3 CLASSPNP.SYS[fffff8800188343f] -> nt!IofCallDriver -> [0xfffffa8002f1b600]
19:07:00.319 5 ACPI.sys[fffff88000e61781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003092680]
19:07:00.335 Scan finished successfully
19:07:11.395 Disk 0 MBR has been saved successfully to "C:\Users\Russell\Desktop\MBR.dat"
19:07:11.395 The log file has been saved successfully to "C:\Users\Russell\Desktop\aswMBR.txt"
19:07:32.286 Disk 0 MBR has been saved successfully to "C:\Users\Russell\Desktop\MBR.dat"
19:07:32.286 The log file has been saved successfully to "C:\Users\Russell\Desktop\aswMBR2.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 08 December 2011 - 08:25 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Dwight.Schrute

Dwight.Schrute
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 08 December 2011 - 08:38 PM

OTL logfile created on: 12/8/2011 7:29:39 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Russell\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 42.01% Memory free
5.50 Gb Paging File | 3.74 Gb Available in Paging File | 68.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 156.47 Gb Free Space | 70.87% Space Free | Partition Type: NTFS

Computer Name: RUSSELL-PC | User Name: Russell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Russell\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
PRC - C:\Windows\SysWOW64\PING.EXE (Microsoft Corporation)
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)


========== Modules (No Company Name) ==========

MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV:64bit: - (dlbk_device) -- C:\Windows\SysNative\dlbkcoms.exe ( )
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\drivers\o2sdx64.sys (O2Micro )
DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\drivers\o2mdx64.sys (O2Micro )
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273612098406l0353z196a48m34282
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273612098406l0353z196a48m34282
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273612098406l0353z196a48m34282
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273612098406l0353z196a48m34282


IE - HKU\.DEFAULT\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659848056-3473758173-185953079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273612098406l0353z196a48m34282
IE - HKU\S-1-5-21-1659848056-3473758173-185953079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=md2419u&r=273612098406l0353z196a48m34282
IE - HKU\S-1-5-21-1659848056-3473758173-185953079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the Web"
FF - prefs.js..browser.search.order.1: "Search the Web"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/11 18:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/11 15:00:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/12 20:36:06 | 000,000,000 | ---D | M]

[2009/12/25 13:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Extensions
[2011/12/03 13:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\ieuezbh2.default\extensions
[2011/12/07 17:20:20 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\ieuezbh2.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/11/19 16:12:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\ieuezbh2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/12/08 18:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/11 15:00:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/17 12:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2011/06/12 20:35:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/11 15:00:37 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


Hosts file not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1659848056-3473758173-185953079-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1659848056-3473758173-185953079-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6127C228-10DA-4B85-966B-1E7E03F84EBF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{593e42ae-4e6a-11df-94d8-00269e6cc481}\Shell - "" = AutoRun
O33 - MountPoints2\{593e42ae-4e6a-11df-94d8-00269e6cc481}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/08 19:27:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Russell\Desktop\OTL.exe
[2011/12/08 18:30:08 | 000,000,000 | R--D | C] -- C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/12/08 17:30:06 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Russell\Desktop\aswMBR.exe
[2011/12/08 16:30:18 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Russell\Desktop\tdsskiller.exe
[2011/12/07 19:15:21 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/07 18:06:27 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011/12/07 17:19:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/07 17:19:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/07 17:19:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/07 17:19:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/07 17:19:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/12/07 17:19:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/07 17:17:33 | 004,331,784 | R--- | C] (Swearware) -- C:\Users\Russell\Desktop\ComboFix.exe
[2011/12/07 15:23:26 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2011/12/04 10:34:35 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\Safe mirror
[2011/12/04 10:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 10
[2011/12/04 01:48:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/04 00:51:18 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Russell\Desktop\mbam-setup.exe
[2011/12/04 00:33:28 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Russell\Desktop\123.com.exe
[2011/12/03 13:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/03 13:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/03 13:37:49 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/03 13:34:10 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Local\adaware
[2011/12/03 13:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2011/12/03 13:34:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/12/03 13:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2011/12/03 13:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/03 13:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/03 13:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/03 13:13:47 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\Malwarebytes
[2011/12/03 13:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/03 13:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/03 13:13:35 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/03 13:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/02 16:03:33 | 000,000,000 | ---D | C] -- C:\Users\Russell\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/02 16:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/02 16:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/02 16:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/28 21:49:47 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\The Black Keys - El Camino (2011)
[2011/11/24 00:32:30 | 000,000,000 | ---D | C] -- C:\Users\Russell\Desktop\Muse Acapella

========== Files - Modified Within 30 Days ==========

[2011/12/08 19:27:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Russell\Desktop\OTL.exe
[2011/12/08 19:07:32 | 000,000,512 | ---- | M] () -- C:\Users\Russell\Desktop\MBR.dat
[2011/12/08 18:44:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/12/08 18:44:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At37.job
[2011/12/08 18:42:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 18:37:04 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/08 18:37:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/08 18:30:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/08 18:29:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/08 18:29:40 | 2213,351,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/08 17:44:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/12/08 17:44:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/12/08 17:30:12 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Russell\Desktop\aswMBR.exe
[2011/12/08 16:44:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/12/08 16:44:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/12/08 16:30:19 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Russell\Desktop\tdsskiller.exe
[2011/12/07 17:17:57 | 004,331,784 | R--- | M] (Swearware) -- C:\Users\Russell\Desktop\ComboFix.exe
[2011/12/07 15:44:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/12/07 15:44:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/12/04 01:44:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/12/04 01:44:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/12/04 00:51:34 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Russell\Desktop\mbam-setup.exe
[2011/12/04 00:33:29 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Russell\Desktop\123.com.exe
[2011/12/04 00:17:39 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/04 00:17:39 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/03 23:44:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/12/03 23:44:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/12/03 23:19:41 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/03 22:44:54 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/12/03 22:44:54 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/12/03 22:44:54 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/12/03 22:44:54 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/12/03 22:44:54 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/12/03 22:44:54 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/12/03 22:44:53 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/12/03 22:44:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/12/03 14:44:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/12/03 14:44:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/12/03 13:44:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/12/03 13:44:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/12/03 13:37:49 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/03 13:06:40 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/12/03 13:06:40 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/12/03 12:25:11 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/12/03 12:25:11 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/12/03 12:25:11 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/12/03 12:25:11 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/12/03 12:25:10 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/12/03 12:25:10 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/12/03 12:25:10 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/12/03 12:25:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/12/03 12:25:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/12/03 12:25:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/12/03 12:25:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/12/03 12:25:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/12/03 12:25:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/12/03 12:25:09 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/12/03 12:25:08 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/12/03 12:25:08 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/12/03 12:25:08 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/12/03 12:25:07 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/12/03 12:25:06 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/12/03 12:25:06 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/12/03 12:25:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/12/03 12:25:05 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/12/02 06:56:34 | 000,000,112 | ---- | M] () -- C:\ProgramData\gHfILI0.dat
[2011/12/02 06:52:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\pE81Oy2P.com.b
[2011/12/02 06:51:31 | 000,116,224 | ---- | M] () -- C:\Windows\SysWow64\pE81Oy2P.com_
[2011/12/02 06:51:31 | 000,116,224 | ---- | M] () -- C:\Windows\SysWow64\pE81Oy2P.com
[2011/11/24 16:28:54 | 000,002,396 | ---- | M] () -- C:\Users\Russell\Desktop\vba.ini
[2011/11/24 00:35:18 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/24 00:35:18 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/24 00:35:18 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/19 19:43:48 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/18 20:53:51 | 000,426,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/11 15:00:55 | 000,002,055 | ---- | M] () -- C:\Users\Russell\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/12/08 17:31:41 | 000,000,512 | ---- | C] () -- C:\Users\Russell\Desktop\MBR.dat
[2011/12/07 17:19:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/07 17:19:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/07 17:19:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/07 17:19:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/07 17:19:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/04 00:15:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/04 00:15:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/02 16:14:44 | 000,116,224 | ---- | C] () -- C:\Windows\SysWow64\pE81Oy2P.com_
[2011/12/02 16:14:44 | 000,116,224 | ---- | C] () -- C:\Windows\SysWow64\pE81Oy2P.com
[2011/12/02 16:03:17 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/02 06:52:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\pE81Oy2P.com.b
[2011/12/02 06:35:15 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/02 06:35:15 | 000,000,112 | ---- | C] () -- C:\ProgramData\gHfILI0.dat
[2011/12/02 06:35:14 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/02 06:35:13 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/02 06:35:12 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/02 06:35:12 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/02 06:35:11 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/02 06:35:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/02 06:35:10 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/02 06:35:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/02 06:35:09 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/02 06:35:08 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/02 06:35:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/02 06:35:07 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/02 06:35:06 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/02 06:35:06 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/02 06:35:05 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/02 06:35:05 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/02 06:35:04 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/02 06:35:03 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/02 06:35:02 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/02 06:35:02 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/02 06:35:01 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/02 06:35:00 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/02 06:35:00 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/02 06:34:59 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/02 06:34:58 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/02 06:34:58 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/02 06:34:57 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/02 06:34:56 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/02 06:34:56 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/02 06:34:55 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/02 06:34:54 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/02 06:34:53 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/02 06:34:53 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/02 06:34:52 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/02 06:34:51 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/02 06:34:50 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/02 06:34:50 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/02 06:34:49 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/02 06:34:48 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/02 06:34:48 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/02 06:34:47 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/02 06:34:46 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/02 06:34:45 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/02 06:34:45 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/02 06:34:44 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/02 06:34:43 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/02 06:34:42 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/07/26 17:47:48 | 000,084,786 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/05/04 20:45:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/25 19:24:15 | 000,000,140 | ---- | C] () -- C:\Users\Russell\AppData\Roaming\wklnhst.dat
[2009/12/26 12:19:40 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/12/25 13:11:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/05 21:10:06 | 000,000,590 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 15:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 15:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 15:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/01/16 07:48:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 130048 bytes -> C:\Users\Russell\AppData\Local\Temp:winupd.exe

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users