Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant redirection by google


  • This topic is locked This topic is locked
22 replies to this topic

#1 mmsboiballa

mmsboiballa

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 05 December 2011 - 05:13 PM

I am constantly being redirected on google when I try and search things and the auto complete on google doesn't work. I need help trying to solve my problems! I was infected with some random malware but I was pretty sure I removed all of it through Malwarebytes and SuperAntiSpyware but it appears not. I need help. I followed all the steps someone told me to do in a previous topic found at http://www.bleepingcomputer.com/forums/topic429644.html and below is my DDS Log and I didn't use GMER because my system is 64 bit


DDS LOG

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 15:52:07 on 2011-12-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.4109 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\firefox.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Conime] %windir%\system32\conime.exe
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 69.1.30.43 69.1.30.42
TCP: Interfaces\{51725A31-57DF-4810-B664-76390EE2C95F} : DhcpNameServer = 69.1.30.43 69.1.30.42
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\qrsov5f6.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=POVWsZqk&q=
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\qrsov5f6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=POVWsZqk&q=
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-7-1 88576]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-3-9 366000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-27 366640]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 136176]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-1-9 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);C:\Windows\system32\DRIVERS\PTQHBUS.sys --> C:\Windows\system32\DRIVERS\PTQHBUS.sys [?]
S3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);C:\Windows\system32\DRIVERS\PTQHMDM.sys --> C:\Windows\system32\DRIVERS\PTQHMDM.sys [?]
S3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);C:\Windows\system32\DRIVERS\PTQHVSP.sys --> C:\Windows\system32\DRIVERS\PTQHVSP.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 xport360;xport360;C:\Windows\system32\Drivers\xport360_usb_v2_x64.sys --> C:\Windows\system32\Drivers\xport360_usb_v2_x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-05 21:32:54 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1584FC1E-4AA9-4E82-A52F-C17D00E07939}\offreg.dll
2011-12-02 15:52:37 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1584FC1E-4AA9-4E82-A52F-C17D00E07939}\mpengine.dll
2011-12-01 02:47:44 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair
2011-11-30 21:35:53 111408 ----a-w- C:\Windows\System32\drivers\11449495.sys
2011-11-30 00:39:01 111408 ----a-w- C:\Windows\System32\drivers\03390486.sys
2011-11-28 21:45:20 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2011-11-28 21:44:39 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-11-28 21:44:39 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-11-28 21:32:56 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-27 04:45:46 -------- d-----w- C:\Program Files\iPod
2011-11-27 04:45:45 -------- d-----w- C:\Program Files\iTunes
2011-11-26 23:20:11 20701 ----a-w- C:\ProgramData\1322349605.bdinstall.bin
2011-11-26 23:19:51 96721 ----a-w- C:\ProgramData\1322349579.bdinstall.bin
2011-11-26 23:19:50 -------- d-----w- C:\Program Files\Bitdefender
2011-11-26 23:13:18 20701 ----a-w- C:\ProgramData\1322349159.bdinstall.bin
2011-11-26 22:59:02 739 ----a-w- C:\ProgramData\1322348336.4828.bin
2011-11-26 22:59:02 739 ----a-w- C:\ProgramData\1322348336.4532.bin
2011-11-26 22:59:02 3136 ----a-w- C:\ProgramData\1322348336.1320.bin
2011-11-26 22:59:02 2931 ----a-w- C:\ProgramData\1322348336.4780.bin
2011-11-26 22:59:02 27147 ----a-w- C:\ProgramData\1322348336.344.bin
2011-11-26 22:58:59 1719 ----a-w- C:\ProgramData\1322348336.2816.bin
2011-11-26 22:58:57 4035 ----a-w- C:\ProgramData\1322348336.1192.bin
2011-11-26 22:58:56 43142 ----a-w- C:\ProgramData\1322348336.4812.bin
2011-11-26 22:47:11 20700 ----a-w- C:\ProgramData\1322347629.bdinstall.bin
2011-11-26 22:46:05 20701 ----a-w- C:\ProgramData\1322347561.bdinstall.bin
2011-11-26 22:45:42 96345 ----a-w- C:\ProgramData\1322347494.bdinstall.bin
2011-11-26 22:44:44 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2011-11-26 22:44:40 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2011-11-26 22:36:15 -------- d-----w- C:\Users\Owner\AppData\Roaming\QuickScan
2011-11-25 13:35:31 232960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-11-24 16:49:58 -------- d-----w- C:\Program Files\iPod(800)
2011-11-09 22:05:25 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 22:05:24 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-11-09 22:05:24 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 22:05:23 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 22:05:23 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 22:05:23 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
.
==================== Find3M ====================
.
2011-10-03 11:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-02 22:53:45 60304 ----a-w- C:\Users\Owner\g2mdlhlpx.exe
.
============= FINISH: 16:00:29.07 ===============

Attached Files

  • Attached File  DDS.txt   20.05KB   0 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:32 PM

Posted 10 December 2011 - 05:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430926 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mmsboiballa

mmsboiballa
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 10 December 2011 - 08:02 PM

7:01 PM 12/10/2011.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 18:52:47 on 2011-12-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.1297 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WerCon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
C:\Windows\system32\LogonUI.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Conime] %windir%\system32\conime.exe
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 69.1.30.43 69.1.30.42
TCP: Interfaces\{51725A31-57DF-4810-B664-76390EE2C95F} : DhcpNameServer = 69.1.30.43 69.1.30.42
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\qrsov5f6.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=POVWsZqk&q=
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\qrsov5f6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=POVWsZqk&q=
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-7-1 88576]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-3-9 366000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-27 366640]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 136176]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-1-9 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);C:\Windows\system32\DRIVERS\PTQHBUS.sys --> C:\Windows\system32\DRIVERS\PTQHBUS.sys [?]
S3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);C:\Windows\system32\DRIVERS\PTQHMDM.sys --> C:\Windows\system32\DRIVERS\PTQHMDM.sys [?]
S3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);C:\Windows\system32\DRIVERS\PTQHVSP.sys --> C:\Windows\system32\DRIVERS\PTQHVSP.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 xport360;xport360;C:\Windows\system32\Drivers\xport360_usb_v2_x64.sys --> C:\Windows\system32\Drivers\xport360_usb_v2_x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-09 08:20:19 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9043C628-D381-44CE-9F21-D60C4F532CD1}\offreg.dll
2011-12-09 08:20:18 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9043C628-D381-44CE-9F21-D60C4F532CD1}\mpengine.dll
2011-12-01 02:47:44 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair
2011-11-30 21:35:53 111408 ----a-w- C:\Windows\System32\drivers\11449495.sys
2011-11-30 00:39:01 111408 ----a-w- C:\Windows\System32\drivers\03390486.sys
2011-11-28 21:45:20 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2011-11-28 21:44:39 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-11-28 21:44:39 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-11-28 21:32:56 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-27 04:45:46 -------- d-----w- C:\Program Files\iPod
2011-11-27 04:45:45 -------- d-----w- C:\Program Files\iTunes
2011-11-26 23:20:11 20701 ----a-w- C:\ProgramData\1322349605.bdinstall.bin
2011-11-26 23:19:51 96721 ----a-w- C:\ProgramData\1322349579.bdinstall.bin
2011-11-26 23:19:50 -------- d-----w- C:\Program Files\Bitdefender
2011-11-26 23:13:18 20701 ----a-w- C:\ProgramData\1322349159.bdinstall.bin
2011-11-26 22:59:02 739 ----a-w- C:\ProgramData\1322348336.4828.bin
2011-11-26 22:59:02 739 ----a-w- C:\ProgramData\1322348336.4532.bin
2011-11-26 22:59:02 3136 ----a-w- C:\ProgramData\1322348336.1320.bin
2011-11-26 22:59:02 2931 ----a-w- C:\ProgramData\1322348336.4780.bin
2011-11-26 22:59:02 27147 ----a-w- C:\ProgramData\1322348336.344.bin
2011-11-26 22:58:59 1719 ----a-w- C:\ProgramData\1322348336.2816.bin
2011-11-26 22:58:57 4035 ----a-w- C:\ProgramData\1322348336.1192.bin
2011-11-26 22:58:56 43142 ----a-w- C:\ProgramData\1322348336.4812.bin
2011-11-26 22:47:11 20700 ----a-w- C:\ProgramData\1322347629.bdinstall.bin
2011-11-26 22:46:05 20701 ----a-w- C:\ProgramData\1322347561.bdinstall.bin
2011-11-26 22:45:42 96345 ----a-w- C:\ProgramData\1322347494.bdinstall.bin
2011-11-26 22:44:44 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2011-11-26 22:44:40 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2011-11-26 22:36:15 -------- d-----w- C:\Users\Owner\AppData\Roaming\QuickScan
2011-11-25 13:35:31 232960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-11-24 16:49:58 -------- d-----w- C:\Program Files\iPod(800)
.
==================== Find3M ====================
.
2011-10-03 11:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-02 22:53:45 60304 ----a-w- C:\Users\Owner\g2mdlhlpx.exe
2011-09-20 21:06:18 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 19:01:13.69 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 11 December 2011 - 02:07 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mmsboiballa

mmsboiballa
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 11 December 2011 - 01:10 PM

the scan went fine and here is the log it produced


ComboFix 11-12-10.01 - Owner 12/11/2011 10:29:55.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.1497 [GMT -6:00]
Running from: c:\users\Owner\Documents\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Roaming\DPInst.exe
c:\users\Default\AppData\Roaming\gacutil.exe
c:\users\Default\AppData\Roaming\PnPutil.exe
c:\users\Owner\Documents\~WRL1162.tmp
c:\users\Owner\Documents\~WRL2755.tmp
c:\users\Owner\Documents\~WRL2970.tmp
c:\users\Owner\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 17:14 . 2011-12-11 17:14 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9043C628-D381-44CE-9F21-D60C4F532CD1}\offreg.dll
2011-12-11 17:09 . 2011-12-11 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-11 17:09 . 2011-12-11 17:09 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-09 08:20 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9043C628-D381-44CE-9F21-D60C4F532CD1}\mpengine.dll
2011-12-01 02:47 . 2011-12-01 02:51 -------- d-----w- c:\program files (x86)\Free Window Registry Repair
2011-11-30 21:35 . 2011-11-30 21:35 111408 ----a-w- c:\windows\system32\drivers\11449495.sys
2011-11-30 00:39 . 2011-11-30 00:39 111408 ----a-w- c:\windows\system32\drivers\03390486.sys
2011-11-28 21:45 . 2011-11-28 21:45 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2011-11-28 21:44 . 2011-12-03 06:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-28 21:44 . 2011-11-28 21:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-28 21:32 . 2011-11-28 21:32 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-27 04:45 . 2011-11-27 04:45 -------- d-----w- c:\program files\iPod
2011-11-27 04:45 . 2011-11-27 04:46 -------- d-----w- c:\program files\iTunes
2011-11-26 23:20 . 2011-11-26 23:20 20701 ----a-w- c:\programdata\1322349605.bdinstall.bin
2011-11-26 23:19 . 2011-11-26 23:19 96721 ----a-w- c:\programdata\1322349579.bdinstall.bin
2011-11-26 23:19 . 2011-11-26 23:19 -------- d-----w- c:\program files\Bitdefender
2011-11-26 23:13 . 2011-11-26 23:13 20701 ----a-w- c:\programdata\1322349159.bdinstall.bin
2011-11-26 22:59 . 2011-11-26 22:59 739 ----a-w- c:\programdata\1322348336.4828.bin
2011-11-26 22:59 . 2011-11-26 22:59 739 ----a-w- c:\programdata\1322348336.4532.bin
2011-11-26 22:59 . 2011-11-26 22:59 27147 ----a-w- c:\programdata\1322348336.344.bin
2011-11-26 22:59 . 2011-11-26 22:59 3136 ----a-w- c:\programdata\1322348336.1320.bin
2011-11-26 22:59 . 2011-11-26 22:59 2931 ----a-w- c:\programdata\1322348336.4780.bin
2011-11-26 22:58 . 2011-11-26 22:59 1719 ----a-w- c:\programdata\1322348336.2816.bin
2011-11-26 22:58 . 2011-11-26 22:59 4035 ----a-w- c:\programdata\1322348336.1192.bin
2011-11-26 22:58 . 2011-11-26 22:59 43142 ----a-w- c:\programdata\1322348336.4812.bin
2011-11-26 22:47 . 2011-11-26 22:47 20700 ----a-w- c:\programdata\1322347629.bdinstall.bin
2011-11-26 22:46 . 2011-11-26 22:46 20701 ----a-w- c:\programdata\1322347561.bdinstall.bin
2011-11-26 22:45 . 2011-11-26 22:45 96345 ----a-w- c:\programdata\1322347494.bdinstall.bin
2011-11-26 22:44 . 2011-11-26 22:44 -------- d-----w- c:\program files\Common Files\Bitdefender
2011-11-26 22:44 . 2011-11-26 22:44 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2011-11-26 22:36 . 2011-12-01 02:23 -------- d-----w- c:\users\Owner\AppData\Roaming\QuickScan
2011-11-25 13:35 . 2011-06-16 23:53 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-11-24 21:41 . 2011-11-24 21:41 -------- d-----w- c:\windows\Sun
2011-11-21 02:23 . 2011-11-21 02:23 -------- d-----w- c:\users\Default\AppData\Local\Opera
2011-11-21 01:54 . 2011-11-25 13:26 -------- d-----w- c:\users\Default\{71e1519b-8081-466b-950b-1d6e5df4bea2}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 11:06 . 2010-05-21 03:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-20 21:06 . 2011-11-09 22:05 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2009-7-1 50688]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R3 40280630;40280630; [x]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-09 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\DRIVERS\PTQHBUS.sys [x]
R3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\DRIVERS\PTQHMDM.sys [x]
R3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\DRIVERS\PTQHVSP.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 xport360;xport360;c:\windows\system32\Drivers\xport360_usb_v2_x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-01-13 88576]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 23:01]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 23:01]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784629488-1922369440-3201513556-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 02:21]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784629488-1922369440-3201513556-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 02:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-13 6848544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-13 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-13 208920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-13 176152]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 2114376]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 69.1.30.43 69.1.30.42
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\qrsov5f6.default\
FF - prefs.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=POVWsZqk&q=
FF - user.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=POVWsZqk&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
AddRemove-HijackThis - c:\users\Owner\Downloads\HijackThis.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-12-11 11:38:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-11 17:37
.
Pre-Run: 480,449,368,064 bytes free
Post-Run: 481,820,188,672 bytes free
.
- - End Of File - - F2E39AA84196F0B9E1568D5DA460362D

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 11 December 2011 - 04:35 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
c:\windows\system32\drivers\11449495.sys
c:\windows\system32\drivers\03390486.sys

Folder::
c:\program files (x86)\Free Window Registry Repair

DDS::
uInternet Settings,ProxyOverride = <local>;*.local

Firefox::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mmsboiballa

mmsboiballa
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 11 December 2011 - 08:46 PM

here's the log

ComboFix 11-12-11.02 - Owner 12/11/2011 18:31:16.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.4095 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\03390486.sys"
"c:\windows\system32\drivers\11449495.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Free Window Registry Repair
c:\program files (x86)\Free Window Registry Repair\Backup\2011_11_30_205114.reg
c:\program files (x86)\Free Window Registry Repair\Backup\2011_11_30_205637.reg
c:\program files (x86)\Free Window Registry Repair\INSTALL.LOG
c:\program files (x86)\Free Window Registry Repair\MSN.ssk
c:\program files (x86)\Free Window Registry Repair\Regpair.exe
c:\program files (x86)\Free Window Registry Repair\Regpair.url
c:\program files (x86)\Free Window Registry Repair\Settings.dat
c:\program files (x86)\Free Window Registry Repair\Silver.ssk
c:\program files (x86)\Free Window Registry Repair\UNWISE.EXE
c:\users\Owner\Desktop\Malware Protection.lnk
c:\windows\system32\drivers\03390486.sys
c:\windows\system32\drivers\11449495.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 01:13 . 2011-12-12 01:13 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9043C628-D381-44CE-9F21-D60C4F532CD1}\offreg.dll
2011-12-12 01:10 . 2011-12-12 01:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-12 01:10 . 2011-12-12 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-09 08:20 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9043C628-D381-44CE-9F21-D60C4F532CD1}\mpengine.dll
2011-11-28 21:45 . 2011-11-28 21:45 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2011-11-28 21:44 . 2011-12-03 06:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-28 21:44 . 2011-11-28 21:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-28 21:32 . 2011-11-28 21:32 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-27 04:45 . 2011-11-27 04:45 -------- d-----w- c:\program files\iPod
2011-11-27 04:45 . 2011-11-27 04:46 -------- d-----w- c:\program files\iTunes
2011-11-26 23:20 . 2011-11-26 23:20 20701 ----a-w- c:\programdata\1322349605.bdinstall.bin
2011-11-26 23:19 . 2011-11-26 23:19 96721 ----a-w- c:\programdata\1322349579.bdinstall.bin
2011-11-26 23:19 . 2011-11-26 23:19 -------- d-----w- c:\program files\Bitdefender
2011-11-26 23:13 . 2011-11-26 23:13 20701 ----a-w- c:\programdata\1322349159.bdinstall.bin
2011-11-26 22:59 . 2011-11-26 22:59 739 ----a-w- c:\programdata\1322348336.4828.bin
2011-11-26 22:59 . 2011-11-26 22:59 739 ----a-w- c:\programdata\1322348336.4532.bin
2011-11-26 22:59 . 2011-11-26 22:59 27147 ----a-w- c:\programdata\1322348336.344.bin
2011-11-26 22:59 . 2011-11-26 22:59 3136 ----a-w- c:\programdata\1322348336.1320.bin
2011-11-26 22:59 . 2011-11-26 22:59 2931 ----a-w- c:\programdata\1322348336.4780.bin
2011-11-26 22:58 . 2011-11-26 22:59 1719 ----a-w- c:\programdata\1322348336.2816.bin
2011-11-26 22:58 . 2011-11-26 22:59 4035 ----a-w- c:\programdata\1322348336.1192.bin
2011-11-26 22:58 . 2011-11-26 22:59 43142 ----a-w- c:\programdata\1322348336.4812.bin
2011-11-26 22:47 . 2011-11-26 22:47 20700 ----a-w- c:\programdata\1322347629.bdinstall.bin
2011-11-26 22:46 . 2011-11-26 22:46 20701 ----a-w- c:\programdata\1322347561.bdinstall.bin
2011-11-26 22:45 . 2011-11-26 22:45 96345 ----a-w- c:\programdata\1322347494.bdinstall.bin
2011-11-26 22:44 . 2011-11-26 22:44 -------- d-----w- c:\program files\Common Files\Bitdefender
2011-11-26 22:44 . 2011-11-26 22:44 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2011-11-26 22:36 . 2011-12-01 02:23 -------- d-----w- c:\users\Owner\AppData\Roaming\QuickScan
2011-11-25 13:35 . 2011-06-16 23:53 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-11-24 21:41 . 2011-11-24 21:41 -------- d-----w- c:\windows\Sun
2011-11-21 02:23 . 2011-11-21 02:23 -------- d-----w- c:\users\Default\AppData\Local\Opera
2011-11-21 01:54 . 2011-11-25 13:26 -------- d-----w- c:\users\Default\{71e1519b-8081-466b-950b-1d6e5df4bea2}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 11:06 . 2010-05-21 03:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-20 21:06 . 2011-11-09 22:05 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-11_17.16.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-12-11 17:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-12-12 01:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-12-12 01:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-12-11 17:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-12-12 01:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-12-11 17:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-12-12 01:14 69320 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-12-12 01:14 79630 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-18 19:40 . 2011-12-12 01:14 13582 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-784629488-1922369440-3201513556-1000_UserData.bin
- 2009-08-18 19:40 . 2011-12-11 17:16 13582 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-784629488-1922369440-3201513556-1000_UserData.bin
- 2010-12-25 06:34 . 2011-12-11 17:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-12-25 06:34 . 2011-12-12 01:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-08-18 19:37 . 2011-12-12 01:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-18 19:37 . 2011-12-11 17:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-18 19:37 . 2011-12-11 17:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-18 19:37 . 2011-12-12 01:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-18 19:37 . 2011-12-12 01:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-18 19:37 . 2011-12-11 17:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-11 17:14 . 2011-12-11 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-12 01:12 . 2011-12-12 01:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-12 01:12 . 2011-12-12 01:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-11 17:14 . 2011-12-11 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-24 14:27 . 2011-12-11 17:14 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-12-24 14:27 . 2011-12-12 01:13 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-12-25 06:34 . 2011-12-11 17:13 468584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-25 06:34 . 2011-12-12 01:12 468584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-25 15:25 . 2011-12-12 01:12 14701604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-784629488-1922369440-3201513556-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2009-7-1 50688]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R3 40280630;40280630; [x]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-09 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\DRIVERS\PTQHBUS.sys [x]
R3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\DRIVERS\PTQHMDM.sys [x]
R3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\DRIVERS\PTQHVSP.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 xport360;xport360;c:\windows\system32\Drivers\xport360_usb_v2_x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-01-13 88576]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 23:01]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 23:01]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784629488-1922369440-3201513556-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 02:21]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784629488-1922369440-3201513556-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 02:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-13 6848544]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-13 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-13 208920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-13 176152]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 2114376]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 69.1.30.43 69.1.30.42
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\qrsov5f6.default\
FF - prefs.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=POVWsZqk&q=
FF - user.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=POVWsZqk&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Free Window Registry Repair - c:\progra~2\FREEWI~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-12-11 19:34:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 01:34
ComboFix2.txt 2011-12-11 17:38
.
Pre-Run: 485,099,151,360 bytes free
Post-Run: 485,436,137,472 bytes free
.
- - End Of File - - 72214392A001CF8E0B516498E9E7978B

i still get redirected on google.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 11 December 2011 - 08:49 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mmsboiballa

mmsboiballa
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 11 December 2011 - 08:59 PM

19:58:17.0753 5040 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
19:58:18.0066 5040 ============================================================
19:58:18.0066 5040 Current date / time: 2011/12/11 19:58:18.0066
19:58:18.0066 5040 SystemInfo:
19:58:18.0066 5040
19:58:18.0066 5040 OS Version: 6.0.6002 ServicePack: 2.0
19:58:18.0066 5040 Product type: Workstation
19:58:18.0066 5040 ComputerName: OWNER-PC
19:58:18.0066 5040 UserName: Owner
19:58:18.0066 5040 Windows directory: C:\Windows
19:58:18.0066 5040 System windows directory: C:\Windows
19:58:18.0066 5040 Running under WOW64
19:58:18.0067 5040 Processor architecture: Intel x64
19:58:18.0067 5040 Number of processors: 2
19:58:18.0067 5040 Page size: 0x1000
19:58:18.0067 5040 Boot type: Normal boot
19:58:18.0067 5040 ============================================================
19:58:18.0984 5040 Initialize success
19:58:21.0411 0264 ============================================================
19:58:21.0411 0264 Scan started
19:58:21.0411 0264 Mode: Manual;
19:58:21.0411 0264 ============================================================
19:58:22.0914 0264 40280630 - ok
19:58:22.0956 0264 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:58:22.0959 0264 ACPI - ok
19:58:23.0011 0264 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
19:58:23.0013 0264 adfs - ok
19:58:23.0071 0264 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:58:23.0076 0264 adp94xx - ok
19:58:23.0095 0264 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:58:23.0098 0264 adpahci - ok
19:58:23.0112 0264 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:58:23.0114 0264 adpu160m - ok
19:58:23.0133 0264 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:58:23.0135 0264 adpu320 - ok
19:58:23.0205 0264 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
19:58:23.0209 0264 AFD - ok
19:58:23.0222 0264 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:58:23.0223 0264 agp440 - ok
19:58:23.0245 0264 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:58:23.0247 0264 aic78xx - ok
19:58:23.0292 0264 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
19:58:23.0293 0264 aliide - ok
19:58:23.0305 0264 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:58:23.0306 0264 amdide - ok
19:58:23.0322 0264 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:58:23.0324 0264 AmdK8 - ok
19:58:23.0372 0264 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:58:23.0374 0264 arc - ok
19:58:23.0382 0264 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:58:23.0384 0264 arcsas - ok
19:58:23.0416 0264 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:58:23.0417 0264 AsyncMac - ok
19:58:23.0433 0264 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:58:23.0433 0264 atapi - ok
19:58:23.0452 0264 Beep - ok
19:58:23.0500 0264 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:58:23.0501 0264 blbdrive - ok
19:58:23.0561 0264 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:58:23.0563 0264 bowser - ok
19:58:23.0569 0264 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:58:23.0570 0264 BrFiltLo - ok
19:58:23.0584 0264 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:58:23.0585 0264 BrFiltUp - ok
19:58:23.0604 0264 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:58:23.0606 0264 Brserid - ok
19:58:23.0617 0264 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:58:23.0618 0264 BrSerWdm - ok
19:58:23.0637 0264 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:58:23.0638 0264 BrUsbMdm - ok
19:58:23.0645 0264 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:58:23.0646 0264 BrUsbSer - ok
19:58:23.0667 0264 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:58:23.0669 0264 BTHMODEM - ok
19:58:23.0798 0264 catchme - ok
19:58:23.0837 0264 CAXHWBS2 (6c2dd66a3db32450d661ba89b18b1941) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
19:58:23.0842 0264 CAXHWBS2 - ok
19:58:23.0855 0264 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:58:23.0858 0264 cdfs - ok
19:58:23.0888 0264 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:58:23.0891 0264 cdrom - ok
19:58:23.0910 0264 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:58:23.0911 0264 circlass - ok
19:58:23.0963 0264 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:58:23.0969 0264 CLFS - ok
19:58:23.0988 0264 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:58:23.0991 0264 cmdide - ok
19:58:24.0012 0264 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\drivers\compbatt.sys
19:58:24.0013 0264 Compbatt - ok
19:58:24.0024 0264 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:58:24.0026 0264 crcdisk - ok
19:58:24.0092 0264 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:58:24.0094 0264 DfsC - ok
19:58:24.0145 0264 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:58:24.0147 0264 disk - ok
19:58:24.0202 0264 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:58:24.0203 0264 drmkaud - ok
19:58:24.0253 0264 dump_wmimmc - ok
19:58:24.0311 0264 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:58:24.0322 0264 DXGKrnl - ok
19:58:24.0355 0264 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
19:58:24.0359 0264 e1express - ok
19:58:24.0372 0264 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:58:24.0376 0264 E1G60 - ok
19:58:24.0406 0264 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:58:24.0409 0264 Ecache - ok
19:58:24.0445 0264 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:58:24.0451 0264 elxstor - ok
19:58:24.0470 0264 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
19:58:24.0471 0264 ErrDev - ok
19:58:24.0499 0264 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:58:24.0502 0264 exfat - ok
19:58:24.0532 0264 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:58:24.0535 0264 fastfat - ok
19:58:24.0565 0264 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:58:24.0566 0264 fdc - ok
19:58:24.0589 0264 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:58:24.0591 0264 FileInfo - ok
19:58:24.0603 0264 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:58:24.0604 0264 Filetrace - ok
19:58:24.0618 0264 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:58:24.0619 0264 flpydisk - ok
19:58:24.0667 0264 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:58:24.0671 0264 FltMgr - ok
19:58:24.0702 0264 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
19:58:24.0703 0264 Fs_Rec - ok
19:58:24.0721 0264 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:58:24.0723 0264 gagp30kx - ok
19:58:24.0776 0264 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:58:24.0777 0264 GEARAspiWDM - ok
19:58:24.0851 0264 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:58:24.0862 0264 HDAudBus - ok
19:58:24.0880 0264 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:58:24.0881 0264 HidBth - ok
19:58:24.0894 0264 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:58:24.0895 0264 HidIr - ok
19:58:24.0925 0264 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:58:24.0926 0264 HidUsb - ok
19:58:24.0946 0264 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:58:24.0947 0264 HpCISSs - ok
19:58:24.0997 0264 HSF_DPV (60f1d0ede7ae2b92b3a8886e825b7147) C:\Windows\system32\DRIVERS\CAX_DPV.sys
19:58:25.0022 0264 HSF_DPV - ok
19:58:25.0092 0264 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:58:25.0100 0264 HTTP - ok
19:58:25.0113 0264 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:58:25.0114 0264 i2omp - ok
19:58:25.0141 0264 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:58:25.0143 0264 i8042prt - ok
19:58:25.0174 0264 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\drivers\iastor.sys
19:58:25.0179 0264 iaStor - ok
19:58:25.0197 0264 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:58:25.0201 0264 iaStorV - ok
19:58:25.0386 0264 igfx (2161876969e428a494f8d7c38fa6f513) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:58:25.0518 0264 igfx - ok
19:58:25.0556 0264 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:58:25.0558 0264 iirsp - ok
19:58:25.0601 0264 IntcAzAudAddService (49a1c3833af724b2555c0689347dcd05) C:\Windows\system32\drivers\RTKVHD64.sys
19:58:25.0633 0264 IntcAzAudAddService - ok
19:58:25.0648 0264 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
19:58:25.0649 0264 intelide - ok
19:58:25.0662 0264 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:58:25.0663 0264 intelppm - ok
19:58:25.0734 0264 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:58:25.0736 0264 IpFilterDriver - ok
19:58:25.0750 0264 IpInIp - ok
19:58:25.0769 0264 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:58:25.0771 0264 IPMIDRV - ok
19:58:25.0798 0264 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:58:25.0800 0264 IPNAT - ok
19:58:25.0826 0264 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:58:25.0827 0264 IRENUM - ok
19:58:25.0835 0264 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:58:25.0836 0264 isapnp - ok
19:58:25.0875 0264 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:58:25.0877 0264 iScsiPrt - ok
19:58:25.0893 0264 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:58:25.0895 0264 iteatapi - ok
19:58:25.0906 0264 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:58:25.0907 0264 iteraid - ok
19:58:25.0926 0264 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:58:25.0927 0264 kbdclass - ok
19:58:25.0934 0264 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:58:25.0935 0264 kbdhid - ok
19:58:26.0011 0264 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
19:58:26.0018 0264 KSecDD - ok
19:58:26.0029 0264 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:58:26.0030 0264 ksthunk - ok
19:58:26.0055 0264 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:58:26.0057 0264 lltdio - ok
19:58:26.0079 0264 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:58:26.0081 0264 LSI_FC - ok
19:58:26.0094 0264 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:58:26.0096 0264 LSI_SAS - ok
19:58:26.0108 0264 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:58:26.0111 0264 LSI_SCSI - ok
19:58:26.0127 0264 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:58:26.0129 0264 luafv - ok
19:58:26.0191 0264 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
19:58:26.0193 0264 MBAMProtector - ok
19:58:26.0232 0264 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:58:26.0233 0264 mdmxsdk - ok
19:58:26.0245 0264 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:58:26.0247 0264 megasas - ok
19:58:26.0279 0264 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:58:26.0285 0264 MegaSR - ok
19:58:26.0309 0264 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:58:26.0309 0264 Modem - ok
19:58:26.0326 0264 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:58:26.0327 0264 monitor - ok
19:58:26.0335 0264 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:58:26.0336 0264 mouclass - ok
19:58:26.0345 0264 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:58:26.0346 0264 mouhid - ok
19:58:26.0356 0264 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:58:26.0360 0264 MountMgr - ok
19:58:26.0383 0264 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:58:26.0385 0264 mpio - ok
19:58:26.0398 0264 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:58:26.0400 0264 mpsdrv - ok
19:58:26.0418 0264 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:58:26.0421 0264 Mraid35x - ok
19:58:26.0468 0264 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:58:26.0471 0264 MRxDAV - ok
19:58:26.0522 0264 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:58:26.0524 0264 mrxsmb - ok
19:58:26.0575 0264 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:58:26.0578 0264 mrxsmb10 - ok
19:58:26.0592 0264 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:58:26.0594 0264 mrxsmb20 - ok
19:58:26.0606 0264 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
19:58:26.0607 0264 msahci - ok
19:58:26.0621 0264 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:58:26.0623 0264 msdsm - ok
19:58:26.0650 0264 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:58:26.0651 0264 Msfs - ok
19:58:26.0666 0264 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:58:26.0667 0264 msisadrv - ok
19:58:26.0681 0264 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:58:26.0683 0264 MSKSSRV - ok
19:58:26.0709 0264 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:58:26.0710 0264 MSPCLOCK - ok
19:58:26.0726 0264 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:58:26.0735 0264 MSPQM - ok
19:58:26.0787 0264 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:58:26.0791 0264 MsRPC - ok
19:58:26.0809 0264 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:58:26.0811 0264 mssmbios - ok
19:58:26.0819 0264 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:58:26.0820 0264 MSTEE - ok
19:58:26.0854 0264 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:58:26.0856 0264 Mup - ok
19:58:26.0922 0264 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:58:26.0925 0264 NativeWifiP - ok
19:58:26.0984 0264 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:58:26.0989 0264 NDIS - ok
19:58:27.0011 0264 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:58:27.0012 0264 NdisTapi - ok
19:58:27.0036 0264 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:58:27.0038 0264 Ndisuio - ok
19:58:27.0067 0264 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:27.0069 0264 NdisWan - ok
19:58:27.0079 0264 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:58:27.0080 0264 NDProxy - ok
19:58:27.0089 0264 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:58:27.0090 0264 NetBIOS - ok
19:58:27.0243 0264 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:58:27.0246 0264 netbt - ok
19:58:27.0270 0264 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:58:27.0272 0264 nfrd960 - ok
19:58:27.0303 0264 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:58:27.0304 0264 Npfs - ok
19:58:27.0330 0264 NPPTNT2 - ok
19:58:27.0342 0264 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:58:27.0345 0264 nsiproxy - ok
19:58:27.0419 0264 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:58:27.0431 0264 Ntfs - ok
19:58:27.0451 0264 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:58:27.0452 0264 Null - ok
19:58:27.0483 0264 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:58:27.0485 0264 nvraid - ok
19:58:27.0501 0264 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:58:27.0502 0264 nvstor - ok
19:58:27.0523 0264 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:58:27.0526 0264 nv_agp - ok
19:58:27.0535 0264 NwlnkFlt - ok
19:58:27.0545 0264 NwlnkFwd - ok
19:58:27.0562 0264 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
19:58:27.0564 0264 ohci1394 - ok
19:58:27.0599 0264 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
19:58:27.0601 0264 Parport - ok
19:58:27.0624 0264 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
19:58:27.0626 0264 partmgr - ok
19:58:27.0661 0264 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:58:27.0664 0264 pci - ok
19:58:27.0684 0264 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
19:58:27.0685 0264 pciide - ok
19:58:27.0715 0264 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:58:27.0718 0264 pcmcia - ok
19:58:27.0768 0264 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:58:27.0802 0264 PEAUTH - ok
19:58:27.0873 0264 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:58:27.0875 0264 PptpMiniport - ok
19:58:27.0888 0264 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:58:27.0890 0264 Processor - ok
19:58:28.0143 0264 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:58:28.0198 0264 PSched - ok
19:58:28.0275 0264 PTQHBUS (3587aa9e55e439274def53726563a3dc) C:\Windows\system32\DRIVERS\PTQHBUS.sys
19:58:28.0277 0264 PTQHBUS - ok
19:58:28.0339 0264 PTQHMDM (06d4b597397d56f4becc2f17267a37c6) C:\Windows\system32\DRIVERS\PTQHMDM.sys
19:58:28.0342 0264 PTQHMDM - ok
19:58:28.0385 0264 PTQHVSP (a8aced23323c5d67424bc4e644d78ba8) C:\Windows\system32\DRIVERS\PTQHVSP.sys
19:58:28.0389 0264 PTQHVSP - ok
19:58:28.0422 0264 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
19:58:28.0423 0264 PxHlpa64 - ok
19:58:28.0463 0264 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:58:28.0488 0264 ql2300 - ok
19:58:28.0507 0264 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:58:28.0510 0264 ql40xx - ok
19:58:28.0521 0264 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:58:28.0522 0264 QWAVEdrv - ok
19:58:28.0591 0264 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
19:58:28.0632 0264 R300 - ok
19:58:28.0641 0264 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:58:28.0643 0264 RasAcd - ok
19:58:28.0671 0264 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:58:28.0673 0264 Rasl2tp - ok
19:58:28.0721 0264 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:58:28.0722 0264 RasPppoe - ok
19:58:28.0772 0264 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:58:28.0786 0264 RasSstp - ok
19:58:28.0857 0264 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:58:28.0861 0264 rdbss - ok
19:58:28.0892 0264 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:58:28.0893 0264 RDPCDD - ok
19:58:28.0934 0264 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:58:28.0938 0264 rdpdr - ok
19:58:28.0946 0264 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:58:28.0948 0264 RDPENCDD - ok
19:58:29.0004 0264 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
19:58:29.0007 0264 RDPWD - ok
19:58:29.0046 0264 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:58:29.0048 0264 RimUsb - ok
19:58:29.0082 0264 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:58:29.0084 0264 rspndr - ok
19:58:29.0120 0264 RTL8169 (335352091acc9884b9c527edcdd643bb) C:\Windows\system32\DRIVERS\Rtlh64.sys
19:58:29.0123 0264 RTL8169 - ok
19:58:29.0181 0264 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:58:29.0182 0264 SASDIFSV - ok
19:58:29.0196 0264 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:58:29.0197 0264 SASKUTIL - ok
19:58:29.0216 0264 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:58:29.0218 0264 sbp2port - ok
19:58:29.0251 0264 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:58:29.0252 0264 secdrv - ok
19:58:29.0290 0264 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
19:58:29.0292 0264 Serenum - ok
19:58:29.0306 0264 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
19:58:29.0309 0264 Serial - ok
19:58:29.0325 0264 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:58:29.0327 0264 sermouse - ok
19:58:29.0359 0264 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:58:29.0360 0264 sffdisk - ok
19:58:29.0376 0264 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:58:29.0378 0264 sffp_mmc - ok
19:58:29.0401 0264 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:58:29.0402 0264 sffp_sd - ok
19:58:29.0419 0264 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:58:29.0428 0264 sfloppy - ok
19:58:29.0444 0264 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:58:29.0446 0264 SiSRaid2 - ok
19:58:29.0461 0264 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:58:29.0463 0264 SiSRaid4 - ok
19:58:29.0513 0264 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:58:29.0515 0264 Smb - ok
19:58:29.0549 0264 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:58:29.0551 0264 spldr - ok
19:58:29.0610 0264 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:58:29.0616 0264 srv - ok
19:58:29.0686 0264 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:58:29.0689 0264 srv2 - ok
19:58:29.0704 0264 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:58:29.0707 0264 srvnet - ok
19:58:29.0735 0264 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:58:29.0736 0264 swenum - ok
19:58:29.0771 0264 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:58:29.0773 0264 Symc8xx - ok
19:58:29.0795 0264 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:58:29.0798 0264 Sym_hi - ok
19:58:29.0814 0264 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:58:29.0815 0264 Sym_u3 - ok
19:58:29.0898 0264 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
19:58:29.0906 0264 Tcpip - ok
19:58:29.0956 0264 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
19:58:29.0965 0264 Tcpip6 - ok
19:58:30.0016 0264 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:58:30.0017 0264 tcpipreg - ok
19:58:30.0026 0264 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:58:30.0027 0264 TDPIPE - ok
19:58:30.0057 0264 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:58:30.0058 0264 TDTCP - ok
19:58:30.0108 0264 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:58:30.0110 0264 tdx - ok
19:58:30.0142 0264 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:58:30.0143 0264 TermDD - ok
19:58:30.0177 0264 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:58:30.0178 0264 tssecsrv - ok
19:58:30.0208 0264 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:58:30.0210 0264 tunmp - ok
19:58:30.0255 0264 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:58:30.0274 0264 tunnel - ok
19:58:30.0318 0264 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:58:30.0320 0264 uagp35 - ok
19:58:30.0337 0264 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:58:30.0341 0264 udfs - ok
19:58:30.0364 0264 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:58:30.0366 0264 uliagpkx - ok
19:58:30.0388 0264 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:58:30.0392 0264 uliahci - ok
19:58:30.0411 0264 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:58:30.0414 0264 UlSata - ok
19:58:30.0430 0264 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:58:30.0433 0264 ulsata2 - ok
19:58:30.0449 0264 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:58:30.0450 0264 umbus - ok
19:58:30.0460 0264 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
19:58:30.0461 0264 UMPass - ok
19:58:30.0519 0264 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:58:30.0539 0264 USBAAPL64 - ok
19:58:30.0610 0264 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
19:58:30.0612 0264 usbaudio - ok
19:58:30.0638 0264 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:58:30.0639 0264 usbccgp - ok
19:58:30.0660 0264 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:58:30.0662 0264 usbcir - ok
19:58:30.0698 0264 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:58:30.0699 0264 usbehci - ok
19:58:30.0714 0264 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:58:30.0717 0264 usbhub - ok
19:58:30.0729 0264 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
19:58:30.0731 0264 usbohci - ok
19:58:30.0738 0264 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
19:58:30.0739 0264 usbprint - ok
19:58:30.0758 0264 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
19:58:30.0760 0264 usbscan - ok
19:58:30.0811 0264 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:58:30.0812 0264 USBSTOR - ok
19:58:30.0827 0264 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:58:30.0829 0264 usbuhci - ok
19:58:30.0866 0264 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:58:30.0867 0264 vga - ok
19:58:30.0875 0264 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:58:30.0876 0264 VgaSave - ok
19:58:30.0899 0264 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:58:30.0901 0264 viaide - ok
19:58:30.0911 0264 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:58:30.0913 0264 volmgr - ok
19:58:30.0979 0264 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:58:30.0983 0264 volmgrx - ok
19:58:31.0000 0264 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:58:31.0003 0264 volsnap - ok
19:58:31.0044 0264 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:58:31.0046 0264 vsmraid - ok
19:58:31.0066 0264 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:58:31.0068 0264 WacomPen - ok
19:58:31.0101 0264 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:31.0103 0264 Wanarp - ok
19:58:31.0108 0264 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:31.0109 0264 Wanarpv6 - ok
19:58:31.0142 0264 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:58:31.0143 0264 Wd - ok
19:58:31.0174 0264 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:58:31.0186 0264 Wdf01000 - ok
19:58:31.0236 0264 winachsf (a53cde6beea165fe9b430476eede3c54) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
19:58:31.0246 0264 winachsf - ok
19:58:31.0289 0264 WmiAcpi (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\drivers\wmiacpi.sys
19:58:31.0290 0264 WmiAcpi - ok
19:58:31.0355 0264 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:58:31.0357 0264 WpdUsb - ok
19:58:31.0369 0264 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:58:31.0371 0264 ws2ifsl - ok
19:58:31.0417 0264 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:31.0420 0264 WUDFRd - ok
19:58:31.0438 0264 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
19:58:31.0440 0264 XAudio - ok
19:58:31.0505 0264 xport360 (5c4219c10b5887dff85e1d2779aed55b) C:\Windows\system32\Drivers\xport360_usb_v2_x64.sys
19:58:31.0507 0264 xport360 - ok
19:58:31.0530 0264 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:58:31.0544 0264 \Device\Harddisk0\DR0 - ok
19:58:31.0556 0264 Boot (0x1200) (f7b3d4355901439c142a635e5e09771e) \Device\Harddisk0\DR0\Partition0
19:58:31.0558 0264 \Device\Harddisk0\DR0\Partition0 - ok
19:58:31.0561 0264 Boot (0x1200) (03ff3b6fadddba8b46cc06b9759eab41) \Device\Harddisk0\DR0\Partition1
19:58:31.0562 0264 \Device\Harddisk0\DR0\Partition1 - ok
19:58:31.0564 0264 ============================================================
19:58:31.0564 0264 Scan finished
19:58:31.0564 0264 ============================================================
19:58:31.0575 4276 Detected object count: 0
19:58:31.0575 4276 Actual detected object count: 0
19:58:37.0460 3500 ============================================================
19:58:37.0460 3500 Scan started
19:58:37.0460 3500 Mode: Manual; SigCheck; TDLFS;
19:58:37.0460 3500 ============================================================
19:58:39.0989 3500 40280630 - ok
19:58:40.0105 3500 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:58:40.0223 3500 ACPI - ok
19:58:40.0269 3500 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
19:58:40.0305 3500 adfs - ok
19:58:40.0355 3500 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:58:40.0393 3500 adp94xx - ok
19:58:40.0419 3500 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:58:40.0438 3500 adpahci - ok
19:58:40.0453 3500 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:58:40.0468 3500 adpu160m - ok
19:58:40.0524 3500 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:58:40.0538 3500 adpu320 - ok
19:58:40.0605 3500 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
19:58:40.0682 3500 AFD - ok
19:58:40.0738 3500 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:58:40.0750 3500 agp440 - ok
19:58:40.0786 3500 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:58:40.0799 3500 aic78xx - ok
19:58:40.0841 3500 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
19:58:40.0853 3500 aliide - ok
19:58:40.0862 3500 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:58:40.0873 3500 amdide - ok
19:58:40.0896 3500 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:58:41.0070 3500 AmdK8 - ok
19:58:41.0112 3500 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:58:41.0124 3500 arc - ok
19:58:41.0133 3500 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:58:41.0146 3500 arcsas - ok
19:58:41.0153 3500 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:58:41.0222 3500 AsyncMac - ok
19:58:41.0257 3500 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:58:41.0270 3500 atapi - ok
19:58:41.0292 3500 Beep - ok
19:58:41.0340 3500 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:58:41.0403 3500 blbdrive - ok
19:58:41.0460 3500 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:58:41.0508 3500 bowser - ok
19:58:41.0515 3500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:58:41.0637 3500 BrFiltLo - ok
19:58:41.0646 3500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:58:41.0683 3500 BrFiltUp - ok
19:58:41.0703 3500 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:58:41.0861 3500 Brserid - ok
19:58:41.0890 3500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:58:41.0988 3500 BrSerWdm - ok
19:58:42.0018 3500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:58:42.0105 3500 BrUsbMdm - ok
19:58:42.0113 3500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:58:42.0184 3500 BrUsbSer - ok
19:58:42.0191 3500 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:58:42.0250 3500 BTHMODEM - ok
19:58:42.0354 3500 catchme - ok
19:58:42.0384 3500 CAXHWBS2 (6c2dd66a3db32450d661ba89b18b1941) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
19:58:42.0435 3500 CAXHWBS2 - ok
19:58:42.0461 3500 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:58:42.0508 3500 cdfs - ok
19:58:42.0536 3500 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:58:42.0577 3500 cdrom - ok
19:58:42.0589 3500 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:58:42.0621 3500 circlass - ok
19:58:42.0661 3500 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:58:42.0676 3500 CLFS - ok
19:58:42.0698 3500 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:58:42.0707 3500 cmdide - ok
19:58:42.0741 3500 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\drivers\compbatt.sys
19:58:42.0750 3500 Compbatt - ok
19:58:42.0764 3500 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:58:42.0772 3500 crcdisk - ok
19:58:42.0831 3500 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:58:42.0896 3500 DfsC - ok
19:58:42.0951 3500 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:58:42.0964 3500 disk - ok
19:58:43.0008 3500 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:58:43.0061 3500 drmkaud - ok
19:58:43.0092 3500 dump_wmimmc - ok
19:58:43.0150 3500 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:58:43.0183 3500 DXGKrnl - ok
19:58:43.0219 3500 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
19:58:43.0280 3500 e1express - ok
19:58:43.0311 3500 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:58:43.0353 3500 E1G60 - ok
19:58:43.0366 3500 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:58:43.0382 3500 Ecache - ok
19:58:43.0418 3500 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:58:43.0437 3500 elxstor - ok
19:58:43.0450 3500 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
19:58:43.0512 3500 ErrDev - ok
19:58:43.0546 3500 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:58:43.0599 3500 exfat - ok
19:58:43.0621 3500 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:58:43.0667 3500 fastfat - ok
19:58:43.0696 3500 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:58:43.0752 3500 fdc - ok
19:58:43.0786 3500 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:58:43.0798 3500 FileInfo - ok
19:58:43.0808 3500 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:58:43.0869 3500 Filetrace - ok
19:58:43.0902 3500 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:58:43.0964 3500 flpydisk - ok
19:58:43.0985 3500 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:58:44.0003 3500 FltMgr - ok
19:58:44.0035 3500 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
19:58:44.0108 3500 Fs_Rec - ok
19:58:44.0127 3500 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:58:44.0139 3500 gagp30kx - ok
19:58:44.0190 3500 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:58:44.0198 3500 GEARAspiWDM - ok
19:58:44.0264 3500 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:58:44.0338 3500 HDAudBus - ok
19:58:44.0360 3500 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:58:44.0436 3500 HidBth - ok
19:58:44.0449 3500 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:58:44.0499 3500 HidIr - ok
19:58:44.0521 3500 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:58:44.0539 3500 HidUsb - ok
19:58:44.0559 3500 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:58:44.0567 3500 HpCISSs - ok
19:58:44.0607 3500 HSF_DPV (60f1d0ede7ae2b92b3a8886e825b7147) C:\Windows\system32\DRIVERS\CAX_DPV.sys
19:58:44.0656 3500 HSF_DPV - ok
19:58:44.0704 3500 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:58:44.0756 3500 HTTP - ok
19:58:44.0776 3500 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:58:44.0785 3500 i2omp - ok
19:58:44.0796 3500 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:58:44.0820 3500 i8042prt - ok
19:58:44.0862 3500 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\drivers\iastor.sys
19:58:44.0876 3500 iaStor - ok
19:58:44.0901 3500 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:58:44.0913 3500 iaStorV - ok
19:58:45.0065 3500 igfx (2161876969e428a494f8d7c38fa6f513) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:58:45.0283 3500 igfx - ok
19:58:45.0303 3500 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:58:45.0314 3500 iirsp - ok
19:58:45.0405 3500 IntcAzAudAddService (49a1c3833af724b2555c0689347dcd05) C:\Windows\system32\drivers\RTKVHD64.sys
19:58:45.0459 3500 IntcAzAudAddService - ok
19:58:45.0503 3500 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
19:58:45.0513 3500 intelide - ok
19:58:45.0525 3500 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:58:45.0568 3500 intelppm - ok
19:58:45.0622 3500 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:58:45.0673 3500 IpFilterDriver - ok
19:58:45.0681 3500 IpInIp - ok
19:58:45.0707 3500 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:58:45.0755 3500 IPMIDRV - ok
19:58:45.0770 3500 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:58:45.0826 3500 IPNAT - ok
19:58:45.0847 3500 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:58:45.0907 3500 IRENUM - ok
19:58:45.0914 3500 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:58:45.0926 3500 isapnp - ok
19:58:45.0971 3500 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:58:45.0987 3500 iScsiPrt - ok
19:58:45.0998 3500 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:58:46.0009 3500 iteatapi - ok
19:58:46.0019 3500 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:58:46.0030 3500 iteraid - ok
19:58:46.0047 3500 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:58:46.0059 3500 kbdclass - ok
19:58:46.0066 3500 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:58:46.0117 3500 kbdhid - ok
19:58:46.0191 3500 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
19:58:46.0215 3500 KSecDD - ok
19:58:46.0250 3500 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:58:46.0291 3500 ksthunk - ok
19:58:46.0318 3500 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:58:46.0358 3500 lltdio - ok
19:58:46.0383 3500 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:58:46.0391 3500 LSI_FC - ok
19:58:46.0405 3500 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:58:46.0413 3500 LSI_SAS - ok
19:58:46.0429 3500 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:58:46.0437 3500 LSI_SCSI - ok
19:58:46.0448 3500 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:58:46.0492 3500 luafv - ok
19:58:46.0537 3500 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
19:58:46.0543 3500 MBAMProtector - ok
19:58:46.0578 3500 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:58:46.0586 3500 mdmxsdk - ok
19:58:46.0600 3500 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:58:46.0607 3500 megasas - ok
19:58:46.0624 3500 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:58:46.0637 3500 MegaSR - ok
19:58:46.0655 3500 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:58:46.0698 3500 Modem - ok
19:58:46.0721 3500 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:58:46.0764 3500 monitor - ok
19:58:46.0770 3500 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:58:46.0778 3500 mouclass - ok
19:58:46.0785 3500 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:58:46.0810 3500 mouhid - ok
19:58:46.0837 3500 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:58:46.0844 3500 MountMgr - ok
19:58:46.0862 3500 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:58:46.0870 3500 mpio - ok
19:58:46.0886 3500 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:58:46.0921 3500 mpsdrv - ok
19:58:46.0939 3500 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:58:46.0946 3500 Mraid35x - ok
19:58:46.0968 3500 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:58:47.0020 3500 MRxDAV - ok
19:58:47.0060 3500 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:58:47.0086 3500 mrxsmb - ok
19:58:47.0137 3500 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:58:47.0172 3500 mrxsmb10 - ok
19:58:47.0196 3500 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:58:47.0219 3500 mrxsmb20 - ok
19:58:47.0235 3500 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
19:58:47.0244 3500 msahci - ok
19:58:47.0258 3500 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:58:47.0268 3500 msdsm - ok
19:58:47.0287 3500 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:58:47.0329 3500 Msfs - ok
19:58:47.0336 3500 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:58:47.0345 3500 msisadrv - ok
19:58:47.0366 3500 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:58:47.0427 3500 MSKSSRV - ok
19:58:47.0446 3500 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:58:47.0488 3500 MSPCLOCK - ok
19:58:47.0501 3500 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:58:47.0565 3500 MSPQM - ok
19:58:47.0608 3500 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:58:47.0625 3500 MsRPC - ok
19:58:47.0646 3500 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:58:47.0658 3500 mssmbios - ok
19:58:47.0665 3500 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:58:47.0740 3500 MSTEE - ok
19:58:47.0767 3500 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:58:47.0780 3500 Mup - ok
19:58:47.0817 3500 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:58:47.0836 3500 NativeWifiP - ok
19:58:47.0896 3500 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:58:47.0924 3500 NDIS - ok
19:58:47.0958 3500 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:58:48.0008 3500 NdisTapi - ok
19:58:48.0032 3500 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:58:48.0096 3500 Ndisuio - ok
19:58:48.0131 3500 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:48.0190 3500 NdisWan - ok
19:58:48.0198 3500 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:58:48.0239 3500 NDProxy - ok
19:58:48.0265 3500 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:58:48.0313 3500 NetBIOS - ok
19:58:48.0333 3500 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:58:48.0365 3500 netbt - ok
19:58:48.0391 3500 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:58:48.0397 3500 nfrd960 - ok
19:58:48.0423 3500 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:58:48.0441 3500 Npfs - ok
19:58:48.0449 3500 NPPTNT2 - ok
19:58:48.0460 3500 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:58:48.0494 3500 nsiproxy - ok
19:58:48.0553 3500 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:58:48.0598 3500 Ntfs - ok
19:58:48.0613 3500 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:58:48.0651 3500 Null - ok
19:58:48.0678 3500 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:58:48.0688 3500 nvraid - ok
19:58:48.0704 3500 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:58:48.0713 3500 nvstor - ok
19:58:48.0760 3500 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:58:48.0770 3500 nv_agp - ok
19:58:48.0776 3500 NwlnkFlt - ok
19:58:48.0784 3500 NwlnkFwd - ok
19:58:48.0815 3500 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
19:58:48.0878 3500 ohci1394 - ok
19:58:48.0911 3500 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
19:58:48.0975 3500 Parport - ok
19:58:49.0014 3500 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
19:58:49.0024 3500 partmgr - ok
19:58:49.0069 3500 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:58:49.0083 3500 pci - ok
19:58:49.0095 3500 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
19:58:49.0108 3500 pciide - ok
19:58:49.0127 3500 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:58:49.0141 3500 pcmcia - ok
19:58:49.0164 3500 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:58:49.0263 3500 PEAUTH - ok
19:58:49.0335 3500 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:58:49.0383 3500 PptpMiniport - ok
19:58:49.0408 3500 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:58:49.0465 3500 Processor - ok
19:58:49.0521 3500 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:58:49.0551 3500 PSched - ok
19:58:49.0603 3500 PTQHBUS (3587aa9e55e439274def53726563a3dc) C:\Windows\system32\DRIVERS\PTQHBUS.sys
19:58:49.0613 3500 PTQHBUS - ok
19:58:49.0651 3500 PTQHMDM (06d4b597397d56f4becc2f17267a37c6) C:\Windows\system32\DRIVERS\PTQHMDM.sys
19:58:49.0662 3500 PTQHMDM - ok
19:58:49.0688 3500 PTQHVSP (a8aced23323c5d67424bc4e644d78ba8) C:\Windows\system32\DRIVERS\PTQHVSP.sys
19:58:49.0701 3500 PTQHVSP - ok
19:58:49.0740 3500 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
19:58:49.0750 3500 PxHlpa64 - ok
19:58:49.0783 3500 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:58:49.0823 3500 ql2300 - ok
19:58:49.0852 3500 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:58:49.0865 3500 ql40xx - ok
19:58:49.0875 3500 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:58:49.0914 3500 QWAVEdrv - ok
19:58:49.0994 3500 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
19:58:50.0132 3500 R300 - ok
19:58:50.0238 3500 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:58:50.0349 3500 RasAcd - ok
19:58:50.0399 3500 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:58:50.0447 3500 Rasl2tp - ok
19:58:50.0499 3500 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:58:50.0563 3500 RasPppoe - ok
19:58:50.0608 3500 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:58:50.0623 3500 RasSstp - ok
19:58:50.0652 3500 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:58:50.0697 3500 rdbss - ok
19:58:50.0705 3500 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:58:50.0747 3500 RDPCDD - ok
19:58:50.0778 3500 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:58:50.0817 3500 rdpdr - ok
19:58:50.0824 3500 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:58:50.0866 3500 RDPENCDD - ok
19:58:50.0906 3500 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
19:58:50.0926 3500 RDPWD - ok
19:58:50.0952 3500 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:58:50.0991 3500 RimUsb - ok
19:58:51.0018 3500 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:58:51.0053 3500 rspndr - ok
19:58:51.0081 3500 RTL8169 (335352091acc9884b9c527edcdd643bb) C:\Windows\system32\DRIVERS\Rtlh64.sys
19:58:51.0139 3500 RTL8169 - ok
19:58:51.0200 3500 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:58:51.0208 3500 SASDIFSV - ok
19:58:51.0215 3500 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:58:51.0221 3500 SASKUTIL - ok
19:58:51.0235 3500 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:58:51.0245 3500 sbp2port - ok
19:58:51.0270 3500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:58:51.0329 3500 secdrv - ok
19:58:51.0351 3500 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
19:58:51.0406 3500 Serenum - ok
19:58:51.0426 3500 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
19:58:51.0492 3500 Serial - ok
19:58:51.0500 3500 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:58:51.0542 3500 sermouse - ok
19:58:51.0578 3500 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:58:51.0629 3500 sffdisk - ok
19:58:51.0636 3500 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:58:51.0687 3500 sffp_mmc - ok
19:58:51.0696 3500 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:58:51.0728 3500 sffp_sd - ok
19:58:51.0735 3500 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:58:51.0798 3500 sfloppy - ok
19:58:51.0813 3500 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:58:51.0822 3500 SiSRaid2 - ok
19:58:51.0855 3500 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:58:51.0864 3500 SiSRaid4 - ok
19:58:51.0915 3500 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:58:51.0956 3500 Smb - ok
19:58:52.0000 3500 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:58:52.0010 3500 spldr - ok
19:58:52.0070 3500 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:58:52.0127 3500 srv - ok
19:58:52.0180 3500 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:58:52.0215 3500 srv2 - ok
19:58:52.0239 3500 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:58:52.0278 3500 srvnet - ok
19:58:52.0317 3500 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:58:52.0328 3500 swenum - ok
19:58:52.0342 3500 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:58:52.0354 3500 Symc8xx - ok
19:58:52.0369 3500 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:58:52.0380 3500 Sym_hi - ok
19:58:52.0399 3500 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:58:52.0410 3500 Sym_u3 - ok
19:58:52.0494 3500 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
19:58:52.0542 3500 Tcpip - ok
19:58:52.0603 3500 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
19:58:52.0650 3500 Tcpip6 - ok
19:58:52.0702 3500 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:58:52.0759 3500 tcpipreg - ok
19:58:52.0779 3500 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:58:52.0840 3500 TDPIPE - ok
19:58:52.0867 3500 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:58:52.0923 3500 TDTCP - ok
19:58:52.0960 3500 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:58:53.0007 3500 tdx - ok
19:58:53.0044 3500 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:58:53.0057 3500 TermDD - ok
19:58:53.0083 3500 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:58:53.0144 3500 tssecsrv - ok
19:58:53.0151 3500 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:58:53.0191 3500 tunmp - ok
19:58:53.0240 3500 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:58:53.0270 3500 tunnel - ok
19:58:53.0295 3500 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:58:53.0307 3500 uagp35 - ok
19:58:53.0355 3500 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:58:53.0410 3500 udfs - ok
19:58:53.0432 3500 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:58:53.0445 3500 uliagpkx - ok
19:58:53.0473 3500 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:58:53.0489 3500 uliahci - ok
19:58:53.0505 3500 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:58:53.0519 3500 UlSata - ok
19:58:53.0532 3500 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:58:53.0546 3500 ulsata2 - ok
19:58:53.0567 3500 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:58:53.0629 3500 umbus - ok
19:58:53.0653 3500 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
19:58:53.0714 3500 UMPass - ok
19:58:53.0771 3500 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:58:53.0820 3500 USBAAPL64 - ok
19:58:53.0862 3500 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
19:58:53.0906 3500 usbaudio - ok
19:58:53.0923 3500 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:58:53.0975 3500 usbccgp - ok
19:58:53.0983 3500 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:58:54.0023 3500 usbcir - ok
19:58:54.0057 3500 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:58:54.0081 3500 usbehci - ok
19:58:54.0124 3500 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:58:54.0159 3500 usbhub - ok
19:58:54.0180 3500 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
19:58:54.0230 3500 usbohci - ok
19:58:54.0251 3500 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
19:58:54.0275 3500 usbprint - ok
19:58:54.0292 3500 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
19:58:54.0316 3500 usbscan - ok
19:58:54.0329 3500 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:58:54.0352 3500 USBSTOR - ok
19:58:54.0362 3500 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:58:54.0399 3500 usbuhci - ok
19:58:54.0425 3500 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:58:54.0457 3500 vga - ok
19:58:54.0464 3500 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:58:54.0513 3500 VgaSave - ok
19:58:54.0541 3500 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:58:54.0550 3500 viaide - ok
19:58:54.0583 3500 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:58:54.0597 3500 volmgr - ok
19:58:54.0655 3500 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:58:54.0676 3500 volmgrx - ok
19:58:54.0717 3500 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:58:54.0734 3500 volsnap - ok
19:58:54.0753 3500 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:58:54.0767 3500 vsmraid - ok
19:58:54.0792 3500 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:58:54.0855 3500 WacomPen - ok
19:58:54.0885 3500 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:54.0924 3500 Wanarp - ok
19:58:54.0932 3500 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:54.0962 3500 Wanarpv6 - ok
19:58:54.0975 3500 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:58:54.0987 3500 Wd - ok
19:58:55.0022 3500 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:58:55.0053 3500 Wdf01000 - ok
19:58:55.0112 3500 winachsf (a53cde6beea165fe9b430476eede3c54) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
19:58:55.0151 3500 winachsf - ok
19:58:55.0198 3500 WmiAcpi (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\drivers\wmiacpi.sys
19:58:55.0212 3500 WmiAcpi - ok
19:58:55.0264 3500 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:58:55.0288 3500 WpdUsb - ok
19:58:55.0303 3500 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:58:55.0364 3500 ws2ifsl - ok
19:58:55.0525 3500 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:55.0578 3500 WUDFRd - ok
19:58:55.0614 3500 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
19:58:55.0621 3500 XAudio - ok
19:58:55.0655 3500 xport360 (5c4219c10b5887dff85e1d2779aed55b) C:\Windows\system32\Drivers\xport360_usb_v2_x64.sys
19:58:55.0706 3500 xport360 - ok
19:58:55.0722 3500 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:58:55.0827 3500 \Device\Harddisk0\DR0 - ok
19:58:55.0873 3500 Boot (0x1200) (f7b3d4355901439c142a635e5e09771e) \Device\Harddisk0\DR0\Partition0
19:58:55.0874 3500 \Device\Harddisk0\DR0\Partition0 - ok
19:58:55.0877 3500 Boot (0x1200) (03ff3b6fadddba8b46cc06b9759eab41) \Device\Harddisk0\DR0\Partition1
19:58:55.0878 3500 \Device\Harddisk0\DR0\Partition1 - ok
19:58:55.0884 3500 ============================================================
19:58:55.0884 3500 Scan finished
19:58:55.0884 3500 ============================================================
19:58:55.0890 3184 Detected object count: 0
19:58:55.0890 3184 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 11 December 2011 - 09:18 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mmsboiballa

mmsboiballa
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 11 December 2011 - 09:37 PM

I tried running it and my computer got a blue screen and crashed

Edited by mmsboiballa, 11 December 2011 - 09:42 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 11 December 2011 - 09:48 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mmsboiballa

mmsboiballa
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 11 December 2011 - 10:04 PM

FixTDDS said it was infected and cleaned and then I clicked repair. I ran aswMBR again and it crashed

Edited by mmsboiballa, 11 December 2011 - 10:06 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 11 December 2011 - 10:46 PM

still getting redirects?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mmsboiballa

mmsboiballa
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 11 December 2011 - 11:15 PM

Thank You so much!!!!!!!!! I'm not getting redirected anymore! Do you have any tools that I might should use to scan my computer because it booted up a little slower than before?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users