Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 home security 2012, Ping.exe, and google redirect


  • This topic is locked This topic is locked
21 replies to this topic

#1 Pudly

Pudly

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 15 December 2011 - 04:22 PM

I have been reciving the problems associated with the windows home security 2012 virus and the TDSS/Google redirect virus. I also have PING.EXE that will not go away.

I have run a few different Anti-virus/malware programs, and they have removed some things, but they keep coming back.

I have run SUPERantispyware, Anti-malware Bytes, spybot- S&D, and Ad- aware.

Running 64-bit Win 7, so i cannot run GMER

Please help.








.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Run by Pudly at 16:11:25 on 2011-12-15
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.1817 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Users\Pudly\AppData\Local\Apps\2.0\TGBW2DVK.QA5\1JN33WHJ.4WG\curs..tion_eee711038731a406_0004.0000_2ad57790d5451048\CurseClient.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Public\Games\World of Warcraft\WoW.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Livestream Procaster] "C:\Program Files (x86)\Livestream Procaster\Procaster.exe" -autorun
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Pudly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Pudly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 205.152.144.23 205.152.132.23
TCP: Interfaces\{ABC9DCB7-AD11-42EF-B7B5-8FE638F6E3F3} : DhcpNameServer = 205.152.144.23 205.152.132.23
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\ProgramData\DShowRdpFilter32.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Livestream Procaster] "C:\Program Files (x86)\Livestream Procaster\Procaster.exe" -autorun
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\ProgramData\DShowRdpFilter32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-5-24 365568]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-5-25 2275720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-10 366152]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AMD FUEL Service32;AMD FUEL Service ;C:\Windows\system32\xmlprovi32.exe --> C:\Windows\system32\xmlprovi32.exe [?]
S2 AppMgmt32;Application Management ;C:\ProgramData\perfproc32.exe --> C:\ProgramData\perfproc32.exe [?]
S2 aspnet_state32;ASP.NET State Service ;C:\ProgramData\signdrv32.exe --> C:\ProgramData\signdrv32.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 defragsvc32;Disk Defragmenter ;C:\ProgramData\wlancfg32.exe --> C:\ProgramData\wlancfg32.exe [?]
S2 Dnscache32;DNS Client ;C:\ProgramData\KBDINBE132.exe --> C:\ProgramData\KBDINBE132.exe [?]
S2 EFS32;Encrypting File System (EFS) ;C:\ProgramData\rpcnsh32.exe --> C:\ProgramData\rpcnsh32.exe [?]
S2 FontCache3.0.0.032;Windows Presentation Foundation Font Cache 3.0.0.0 ;C:\ProgramData\NlsLexicons002432.exe --> C:\ProgramData\NlsLexicons002432.exe [?]
S2 MSiSCSI32;Microsoft iSCSI Initiator Service ;C:\ProgramData\corpol32.exe --> C:\ProgramData\corpol32.exe [?]
S2 Netlogon32;Netlogon ;C:\ProgramData\physxcudart_2032.exe --> C:\ProgramData\physxcudart_2032.exe [?]
S2 NetTcpActivator32;Net.Tcp Listener Adapter ;C:\ProgramData\dot3cfg32.exe --> C:\ProgramData\dot3cfg32.exe [?]
S2 NetTcpActivator3232;Net.Tcp Listener Adapter ;C:\ProgramData\iesysprep32.exe --> C:\ProgramData\iesysprep32.exe [?]
S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;C:\ProgramData\NlsData004532.exe --> C:\ProgramData\NlsData004532.exe [?]
S2 NetTcpPortSharing3232;Net.Tcp Port Sharing Service ;C:\ProgramData\KBDIBO32.exe --> C:\ProgramData\KBDIBO32.exe [?]
S2 NlaSvc32;Network Location Awareness ;C:\ProgramData\odbc3232.exe --> C:\ProgramData\odbc3232.exe [?]
S2 p2pimsvc32;Peer Networking Identity Manager ;C:\ProgramData\hbaapi32.exe --> C:\ProgramData\hbaapi32.exe [?]
S2 PlugPlay32;Plug and Play ;C:\ProgramData\pid32.exe --> C:\ProgramData\pid32.exe [?]
S2 PnkBstrA32;PnkBstrA ;C:\ProgramData\wiavideo32.exe --> C:\ProgramData\wiavideo32.exe [?]
S2 ProfSvc32;User Profile Service ;C:\ProgramData\aclui32.exe --> C:\ProgramData\aclui32.exe [?]
S2 RasMan32;Remote Access Connection Manager ;C:\ProgramData\avifil3232.exe --> C:\ProgramData\avifil3232.exe [?]
S2 SCardSvr32;Smart Card ;C:\ProgramData\ssdpapi32.exe --> C:\ProgramData\ssdpapi32.exe [?]
S2 SDRSVC32;Windows Backup ;C:\ProgramData\d3dx9_2532.exe --> C:\ProgramData\d3dx9_2532.exe [?]
S2 sppuinotify32;SPP Notification Service ;C:\ProgramData\dot3dlg32.exe --> C:\ProgramData\dot3dlg32.exe [?]
S2 Steam Client Service32;Steam Client Service ;C:\ProgramData\connect32.exe --> C:\ProgramData\connect32.exe [?]
S2 Steam Client Service3232;Steam Client Service ;C:\ProgramData\Faultrep32.exe --> C:\ProgramData\Faultrep32.exe [?]
S2 Steam Client Service323232;Steam Client Service ;C:\ProgramData\iscsium32.exe --> C:\ProgramData\iscsium32.exe [?]
S2 VSS32;Volume Shadow Copy ;C:\ProgramData\docprop32.exe --> C:\ProgramData\docprop32.exe [?]
S2 VSS3232;Volume Shadow Copy ;C:\ProgramData\dmdlgs32.exe --> C:\ProgramData\dmdlgs32.exe [?]
S2 WbioSrvc32;Windows Biometric Service ;C:\ProgramData\api-ms-win-core-handle-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-handle-l1-1-032.exe [?]
S2 WdiServiceHost32;Diagnostic Service Host ;C:\ProgramData\CPFilters32.exe --> C:\ProgramData\CPFilters32.exe [?]
S2 wercplsupport32;Problem Reports and Solutions Control Panel Support ;C:\ProgramData\SCardDlg32.exe --> C:\ProgramData\SCardDlg32.exe [?]
S2 WerSvc32;Windows Error Reporting Service ;C:\ProgramData\NlsLexicons002232.exe --> C:\ProgramData\NlsLexicons002232.exe [?]
S2 WMPNetworkSvc32;Windows Media Player Network Sharing Service ;C:\ProgramData\api-ms-win-core-delayload-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-delayload-l1-1-032.exe [?]
S2 WSearch32;Windows Search ;C:\ProgramData\KBDIR32.exe --> C:\ProgramData\KBDIR32.exe [?]
S2 WwanSvc32;WWAN AutoConfig ;C:\ProgramData\NlsLexicons002032.exe --> C:\ProgramData\NlsLexicons002032.exe [?]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-3-1 25832]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-11-28 24176]
.
=============== Created Last 30 ================
.
2011-12-15 19:52:39 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-15 19:14:29 315392 ----a-w- C:\Users\Pudly\AppData\Local\bwp.exe
2011-12-15 19:14:28 315392 ----a-w- C:\Users\Pudly\AppData\Local\mjm.exe
2011-12-14 02:36:37 -------- d-----w- C:\Users\Pudly\AppData\Roaming\SUPERAntiSpyware.com
2011-12-14 02:34:05 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-14 02:34:05 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-13 00:44:05 2646 ---ha-w- C:\aaw7boot.cmd
2011-12-13 00:27:49 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-12-13 00:27:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-12-13 00:27:32 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-12-10 22:13:17 -------- d-----we C:\Windows\system64
.
==================== Find3M ====================
.
.
============= FINISH: 16:12:26.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:35 AM

Posted 18 December 2011 - 03:49 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Pudly

Pudly
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 19 December 2011 - 04:42 PM

Combofix ran without any problems. Windows redirect seems to have stopped. Win 7 antivirus popped up again after 20 minutes, so I ran FixNCR.reg and Rkill to allow me to post this.

Edit: Ping.EXE re-appeared 1 hour after combofix

Combofix log.

ComboFix 11-12-19.01 - Pudly 12/19/2011 16:10:37.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2491 [GMT -5:00]
Running from: c:\users\Pudly\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Pudly\AppData\Local\bwp.exe
c:\users\Pudly\AppData\Local\mjm.exe
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{64940774-1c84-4d03-8a5c-e3bc915a3d0a}
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{64940774-1c84-4d03-8a5c-e3bc915a3d0a}\chrome.manifest
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{64940774-1c84-4d03-8a5c-e3bc915a3d0a}\chrome\xulcache.jar
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{64940774-1c84-4d03-8a5c-e3bc915a3d0a}\defaults\preferences\xulcache.js
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{64940774-1c84-4d03-8a5c-e3bc915a3d0a}\install.rdf
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{be744c10-67ed-4c13-8673-95edb4d4253d}
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{be744c10-67ed-4c13-8673-95edb4d4253d}\chrome.manifest
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{be744c10-67ed-4c13-8673-95edb4d4253d}\chrome\xulcache.jar
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{be744c10-67ed-4c13-8673-95edb4d4253d}\defaults\preferences\xulcache.js
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{be744c10-67ed-4c13-8673-95edb4d4253d}\install.rdf
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{f5407c6a-22b8-4690-b40a-a0db386e9fce}
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{f5407c6a-22b8-4690-b40a-a0db386e9fce}\chrome.manifest
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{f5407c6a-22b8-4690-b40a-a0db386e9fce}\chrome\xulcache.jar
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{f5407c6a-22b8-4690-b40a-a0db386e9fce}\defaults\preferences\xulcache.js
c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\extensions\{f5407c6a-22b8-4690-b40a-a0db386e9fce}\install.rdf
c:\users\Pudly\AppData\Roaming\RIFT
c:\users\Pudly\AppData\Roaming\RIFT\rift.cfg
c:\users\Pudly\AppData\Roaming\RIFT\riftpatch.cfg
c:\windows\system32\consrv.dll
c:\windows\System64
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 21:17 . 2011-12-19 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-16 13:54 . 2011-12-16 13:58 78848 ----a-w- c:\windows\SysWow64\43YJoB8.com_
2011-12-16 00:30 . 2011-12-13 00:34 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-15 19:52 . 2011-12-15 19:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-14 02:36 . 2011-12-14 02:36 -------- d-----w- c:\users\Pudly\AppData\Roaming\SUPERAntiSpyware.com
2011-12-14 02:34 . 2011-12-14 02:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-14 02:34 . 2011-12-14 02:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-13 00:44 . 2011-12-13 00:44 2646 ---ha-w- C:\aaw7boot.cmd
2011-12-13 00:27 . 2011-12-14 02:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-13 00:27 . 2011-12-13 00:30 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-12-13 00:27 . 2011-12-13 00:27 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-13 00:27 . 2011-12-13 00:27 -------- d-----w- c:\programdata\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-04 1242448]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2010-01-26 741040]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-10-26 328056]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2010-07-11 18707640]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-01-12 37888]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2009-12-16 311296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Livestream Procaster"="c:\program files (x86)\Livestream Procaster\Procaster.exe" [2010-02-22 6513952]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Pudly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-5-31 0]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\programdata\DShowRdpFilter32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 AMD FUEL Service32;AMD FUEL Service ;c:\windows\system32\xmlprovi32.exe [x]
R2 AppMgmt32;Application Management ;c:\programdata\perfproc32.exe [x]
R2 aspnet_state32;ASP.NET State Service ;c:\programdata\signdrv32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 defragsvc32;Disk Defragmenter ;c:\programdata\wlancfg32.exe [x]
R2 Dnscache32;DNS Client ;c:\programdata\KBDINBE132.exe [x]
R2 EFS32;Encrypting File System (EFS) ;c:\programdata\rpcnsh32.exe [x]
R2 FontCache3.0.0.032;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\NlsLexicons002432.exe [x]
R2 MSiSCSI32;Microsoft iSCSI Initiator Service ;c:\programdata\corpol32.exe [x]
R2 Netlogon32;Netlogon ;c:\programdata\physxcudart_2032.exe [x]
R2 NetTcpActivator32;Net.Tcp Listener Adapter ;c:\programdata\dot3cfg32.exe [x]
R2 NetTcpActivator3232;Net.Tcp Listener Adapter ;c:\programdata\iesysprep32.exe [x]
R2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\programdata\NlsData004532.exe [x]
R2 NetTcpPortSharing3232;Net.Tcp Port Sharing Service ;c:\programdata\KBDIBO32.exe [x]
R2 NlaSvc32;Network Location Awareness ;c:\programdata\odbc3232.exe [x]
R2 p2pimsvc32;Peer Networking Identity Manager ;c:\programdata\hbaapi32.exe [x]
R2 PlugPlay32;Plug and Play ;c:\programdata\pid32.exe [x]
R2 PnkBstrA32;PnkBstrA ;c:\programdata\wiavideo32.exe [x]
R2 ProfSvc32;User Profile Service ;c:\programdata\aclui32.exe [x]
R2 RasMan32;Remote Access Connection Manager ;c:\programdata\avifil3232.exe [x]
R2 SCardSvr32;Smart Card ;c:\programdata\ssdpapi32.exe [x]
R2 SDRSVC32;Windows Backup ;c:\programdata\d3dx9_2532.exe [x]
R2 sppuinotify32;SPP Notification Service ;c:\programdata\dot3dlg32.exe [x]
R2 Steam Client Service32;Steam Client Service ;c:\programdata\connect32.exe [x]
R2 Steam Client Service3232;Steam Client Service ;c:\programdata\Faultrep32.exe [x]
R2 Steam Client Service323232;Steam Client Service ;c:\programdata\iscsium32.exe [x]
R2 VSS32;Volume Shadow Copy ;c:\programdata\docprop32.exe [x]
R2 VSS3232;Volume Shadow Copy ;c:\programdata\dmdlgs32.exe [x]
R2 WbioSrvc32;Windows Biometric Service ;c:\programdata\api-ms-win-core-handle-l1-1-032.exe [x]
R2 WdiServiceHost32;Diagnostic Service Host ;c:\programdata\CPFilters32.exe [x]
R2 wercplsupport32;Problem Reports and Solutions Control Panel Support ;c:\programdata\SCardDlg32.exe [x]
R2 WerSvc32;Windows Error Reporting Service ;c:\programdata\NlsLexicons002232.exe [x]
R2 WMPNetworkSvc32;Windows Media Player Network Sharing Service ;c:\programdata\api-ms-win-core-delayload-l1-1-032.exe [x]
R2 WSearch32;Windows Search ;c:\programdata\KBDIR32.exe [x]
R2 WwanSvc32;WWAN AutoConfig ;c:\programdata\NlsLexicons002032.exe [x]
R3 cpuz130;cpuz130;c:\users\Pudly\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-25 365568]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-13 17152]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\At10.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At12.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At14.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At16.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At18.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At2.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-16 c:\windows\Tasks\At20.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-16 c:\windows\Tasks\At22.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-16 c:\windows\Tasks\At24.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-16 c:\windows\Tasks\At26.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-16 c:\windows\Tasks\At28.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-16 c:\windows\Tasks\At30.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-16 c:\windows\Tasks\At32.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At34.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-16 c:\windows\Tasks\At36.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At38.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At4.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At40.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At42.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At44.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At46.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At48.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At6.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
2011-12-19 c:\windows\Tasks\At8.job
- c:\windows\system32\43YJoB8.com_ [2011-12-16 13:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-12-10 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-12-10 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-12-10 4271624]
"combofix"="c:\combofix\CF12725.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-60848826.sys
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-World of Logs Client - c:\windows\system32\javaws.exe
AddRemove-World of Logs Client (4.2) - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-335352980-3007673436-3734627850-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e9,58,25,d1,72,c9,6a,a6,72,42,6c,5f,5d,1f,88,f1,9c,3d,a6,d3,9a,d0,63,
29,87,bb,e3,d5,22,56,33,69,96,fd,b5,c7,53,b4,8a,b2,84,3f,7d,94,29,51,0a,0f,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-335352980-3007673436-3734627850-1000\Software\SecuROM\License information*]
"datasecu"=hex:14,75,89,39,bf,5d,ff,45,a3,41,4e,a0,cd,ef,91,e2,06,11,8b,77,3c,
d0,87,2d,10,7c,db,63,37,0f,75,24,76,fe,b7,4d,53,20,35,5c,fc,40,41,0f,1f,4a,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
.
**************************************************************************
.
Completion time: 2011-12-19 16:25:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-19 21:25
.
Pre-Run: 416,200,392,704 bytes free
Post-Run: 415,588,593,664 bytes free
.
- - End Of File - - DDBE95C2907E409E1DE69E53078B5B92

Edited by Pudly, 19 December 2011 - 05:48 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:35 AM

Posted 19 December 2011 - 11:08 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

AtJob::

File::
c:\windows\SysWow64\43YJoB8.com_
c:\windows\SysWow64\43YJoB8.com

Folder::


Driver::
AppMgmt32
aspnet_state32
defragsvc32
Dnscache32
EFS32
FontCache3.0.0.032
MSiSCSI32
Netlogon32
NetTcpActivator32
NetTcpActivator3232
NetTcpPortSharing32
NetTcpPortSharing3232
NlaSvc32
p2pimsvc32
PlugPlay32
PnkBstrA32
ProfSvc32
RasMan32
SCardSvr32
SDRSVC32
sppuinotify32
Steam Client Service32
Steam Client Service3232
Steam Client Service323232
VSS32
VSS3232
WbioSrvc32
WdiServiceHost32
wercplsupport32
WerSvc32
WMPNetworkSvc32
WSearch32
WwanSvc32


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Pudly

Pudly
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 20 December 2011 - 01:09 PM

Posting Combofix log now, will edit if anything show up on my PC. Seems good for now.

Combofix log.

ComboFix 11-12-20.04 - Pudly 12/20/2011 12:39:11.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2681 [GMT -5:00]
Running from: c:\users\Pudly\Desktop\ComboFix.exe
Command switches used :: c:\users\Pudly\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\43YJoB8.com"
"c:\windows\SysWow64\43YJoB8.com_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pudly\AppData\Local\lay.exe
c:\users\Pudly\AppData\Local\uny.exe
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\43YJoB8.com_
c:\windows\Tasks\At10.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At8.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AppMgmt32
-------\Service_aspnet_state32
-------\Service_defragsvc32
-------\Service_Dnscache32
-------\Service_EFS32
-------\Service_FontCache3.0.0.032
-------\Service_MSiSCSI32
-------\Service_Netlogon32
-------\Service_NetTcpActivator32
-------\Service_NetTcpActivator3232
-------\Service_NetTcpPortSharing32
-------\Service_NetTcpPortSharing3232
-------\Service_NlaSvc32
-------\Service_p2pimsvc32
-------\Service_PlugPlay32
-------\Service_PnkBstrA32
-------\Service_ProfSvc32
-------\Service_RasMan32
-------\Service_SCardSvr32
-------\Service_SDRSVC32
-------\Service_sppuinotify32
-------\Service_Steam Client Service32
-------\Service_Steam Client Service3232
-------\Service_Steam Client Service323232
-------\Service_VSS32
-------\Service_VSS3232
-------\Service_WbioSrvc32
-------\Service_WdiServiceHost32
-------\Service_wercplsupport32
-------\Service_WerSvc32
-------\Service_WMPNetworkSvc32
-------\Service_WSearch32
-------\Service_WwanSvc32
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 17:51 . 2011-12-20 17:51 -------- d-----w- C:\found.002
2011-12-16 00:30 . 2011-12-13 00:34 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-15 19:52 . 2011-12-15 19:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-14 02:36 . 2011-12-14 02:36 -------- d-----w- c:\users\Pudly\AppData\Roaming\SUPERAntiSpyware.com
2011-12-14 02:34 . 2011-12-14 02:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-14 02:34 . 2011-12-14 02:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-13 00:44 . 2011-12-13 00:44 2646 ---ha-w- C:\aaw7boot.cmd
2011-12-13 00:27 . 2011-12-14 02:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-13 00:27 . 2011-12-13 00:30 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-12-13 00:27 . 2011-12-13 00:27 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-13 00:27 . 2011-12-13 00:27 -------- d-----w- c:\programdata\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-19_21.19.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-10 22:37 . 2011-12-20 09:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-10 22:37 . 2011-12-19 20:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-11 00:08 . 2011-12-19 20:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-12-11 00:08 . 2011-12-20 08:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-12-20 05:01 . 2011-12-20 09:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011122020111221\index.dat
+ 2011-12-20 01:45 . 2011-12-20 04:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121920111220\index.dat
+ 2011-12-20 01:45 . 2011-12-20 01:40 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121220111219\index.dat
+ 2011-12-10 23:00 . 2011-12-20 09:14 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-02-18 21:08 . 2011-12-20 17:29 51570 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-20 17:55 31368 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-18 00:55 . 2011-12-20 17:55 17684 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-335352980-3007673436-3734627850-1000_UserData.bin
+ 2010-02-18 03:39 . 2011-12-20 17:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-18 03:39 . 2011-12-19 20:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-18 03:39 . 2011-12-19 20:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-18 03:39 . 2011-12-20 17:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-19 20:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-20 17:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-17 23:23 . 2011-12-19 21:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-17 23:23 . 2011-12-20 17:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-17 23:23 . 2011-12-20 17:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-17 23:23 . 2011-12-19 21:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-17 23:23 . 2011-12-20 17:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-17 23:23 . 2011-12-19 21:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-18 01:33 . 2011-12-19 21:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-18 01:33 . 2011-12-20 17:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-18 01:33 . 2011-12-20 17:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-18 01:33 . 2011-12-19 21:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-20 17:53 . 2011-12-20 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-19 21:19 . 2011-12-19 21:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-20 17:53 . 2011-12-20 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-19 21:19 . 2011-12-19 21:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-12-19 21:19 573440 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-20 17:53 573440 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-20 04:19 . 2011-12-20 17:47 707344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-06-20 04:19 . 2011-12-19 21:18 707344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-12-20 17:47 280508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-19 21:18 280508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-14 05:52 . 2011-12-20 17:27 223744 c:\windows\assembly\temp\kwrd.dll
- 2011-12-14 05:52 . 2011-12-19 20:44 223744 c:\windows\assembly\temp\kwrd.dll
+ 2009-07-14 04:54 . 2011-12-20 17:37 5046272 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-19 21:16 5046272 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-19 21:16 8994816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-20 17:37 8994816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-09 20:00 . 2011-12-20 17:47 25402604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-335352980-3007673436-3734627850-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-04 1242448]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2010-01-26 741040]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Pudly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-5-31 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\programdata\DShowRdpFilter32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 AMD FUEL Service32;AMD FUEL Service ;c:\windows\system32\xmlprovi32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\Pudly\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-25 365568]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-13 17152]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-12-10 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-12-10 4271624]
"combofix"="c:\combofix\CF24600.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Pudly\AppData\Roaming\Mozilla\Firefox\Profiles\8qk51h5k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-335352980-3007673436-3734627850-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e9,58,25,d1,72,c9,6a,a6,72,42,6c,5f,5d,1f,88,f1,9c,3d,a6,d3,9a,d0,63,
29,87,bb,e3,d5,22,56,33,69,96,fd,b5,c7,53,b4,8a,b2,84,3f,7d,94,29,51,0a,0f,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-335352980-3007673436-3734627850-1000\Software\SecuROM\License information*]
"datasecu"=hex:14,75,89,39,bf,5d,ff,45,a3,41,4e,a0,cd,ef,91,e2,06,11,8b,77,3c,
d0,87,2d,10,7c,db,63,37,0f,75,24,76,fe,b7,4d,53,20,35,5c,fc,40,41,0f,1f,4a,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2011-12-20 12:59:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-20 17:59
ComboFix2.txt 2011-12-19 21:25
.
Pre-Run: 414,995,197,952 bytes free
Post-Run: 414,940,307,456 bytes free
.
- - End Of File - - ED2AA11DBA68E243F8EBAA7F657BDEF2

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:35 AM

Posted 20 December 2011 - 02:24 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Java™ 6 Update 18

and click on remove




Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:35 AM

Posted 23 December 2011 - 11:46 AM

Hello




Happy Holidays, It has been a couple of days since I have you heard from you so I came by to check on you



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Pudly

Pudly
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 24 December 2011 - 03:27 AM

Hello, sorry about the delay, its been a busy few days.

I won't be around for a few days, just to let you know.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:35 AM

Posted 24 December 2011 - 06:08 AM

Thanks for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Pudly

Pudly
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 26 December 2011 - 11:52 AM

Hey, I'm back, sorry for the delay.

I was running my computer for the first time after getting back from my trip, and the Win 7 security 2012 came up again, as well as ping.exe.

logs following.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122603

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/26/2011 11:44:33
mbam-log-2011-12-26 (11-44-33).txt

Scan type: Quick scan
Objects scanned: 174479
Time elapsed: 1 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Pudly\local settings\ded.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Pudly\local settings\vjw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Pudly\local settings\application data\ded.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\Pudly\local settings\application data\vjw.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.


~~~~~~~~~~~~~~~~~~~


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:50:13, on 12/26/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: CurseClientStartup.ccip
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ProgramData\DShowRdpFilter32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD FUEL Service (AMD FUEL Service32) - Unknown owner - C:\Windows\system32\xmlprovi32.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7832 bytes

Edited by Pudly, 26 December 2011 - 12:01 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:35 AM

Posted 26 December 2011 - 12:52 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Pudly

Pudly
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 26 December 2011 - 01:34 PM

13:33:03.0709 3956 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:33:04.0099 3956 ============================================================
13:33:04.0100 3956 Current date / time: 2011/12/26 13:33:04.0099
13:33:04.0100 3956 SystemInfo:
13:33:04.0100 3956
13:33:04.0100 3956 OS Version: 6.1.7600 ServicePack: 0.0
13:33:04.0100 3956 Product type: Workstation
13:33:04.0100 3956 ComputerName: PUDLY-PC
13:33:04.0100 3956 UserName: Pudly
13:33:04.0100 3956 Windows directory: C:\Windows
13:33:04.0100 3956 System windows directory: C:\Windows
13:33:04.0100 3956 Running under WOW64
13:33:04.0100 3956 Processor architecture: Intel x64
13:33:04.0100 3956 Number of processors: 4
13:33:04.0100 3956 Page size: 0x1000
13:33:04.0100 3956 Boot type: Normal boot
13:33:04.0100 3956 ============================================================
13:33:12.0970 3956 Initialize success
13:33:14.0559 1844 ============================================================
13:33:14.0559 1844 Scan started
13:33:14.0559 1844 Mode: Manual;
13:33:14.0560 1844 ============================================================
13:33:15.0175 1844 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:33:15.0178 1844 1394ohci - ok
13:33:15.0199 1844 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:33:15.0203 1844 ACPI - ok
13:33:15.0229 1844 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:33:15.0229 1844 AcpiPmi - ok
13:33:15.0262 1844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:33:15.0267 1844 adp94xx - ok
13:33:15.0279 1844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:33:15.0283 1844 adpahci - ok
13:33:15.0302 1844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:33:15.0304 1844 adpu320 - ok
13:33:15.0342 1844 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
13:33:15.0348 1844 AFD - ok
13:33:15.0364 1844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:33:15.0365 1844 agp440 - ok
13:33:15.0375 1844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:33:15.0377 1844 aliide - ok
13:33:15.0429 1844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:33:15.0430 1844 amdide - ok
13:33:15.0466 1844 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
13:33:15.0467 1844 amdiox64 - ok
13:33:15.0489 1844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:33:15.0490 1844 AmdK8 - ok
13:33:15.0671 1844 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:15.0810 1844 amdkmdag - ok
13:33:15.0848 1844 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
13:33:15.0872 1844 amdkmdap - ok
13:33:15.0893 1844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:33:15.0894 1844 AmdPPM - ok
13:33:16.0060 1844 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
13:33:16.0062 1844 amdsata - ok
13:33:16.0075 1844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:33:16.0078 1844 amdsbs - ok
13:33:16.0089 1844 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
13:33:16.0090 1844 amdxata - ok
13:33:16.0115 1844 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:33:16.0117 1844 AppID - ok
13:33:16.0135 1844 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:33:16.0137 1844 arc - ok
13:33:16.0148 1844 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:33:16.0149 1844 arcsas - ok
13:33:16.0184 1844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:16.0184 1844 AsyncMac - ok
13:33:16.0196 1844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:33:16.0197 1844 atapi - ok
13:33:16.0225 1844 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
13:33:16.0227 1844 AtiHDAudioService - ok
13:33:16.0255 1844 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
13:33:16.0257 1844 AtiHdmiService - ok
13:33:16.0430 1844 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:16.0480 1844 atikmdag - ok
13:33:16.0539 1844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:33:16.0545 1844 b06bdrv - ok
13:33:16.0566 1844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:33:16.0569 1844 b57nd60a - ok
13:33:16.0588 1844 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:33:16.0589 1844 Beep - ok
13:33:16.0607 1844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:33:16.0608 1844 blbdrive - ok
13:33:16.0623 1844 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
13:33:16.0624 1844 bowser - ok
13:33:16.0637 1844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:33:16.0638 1844 BrFiltLo - ok
13:33:16.0646 1844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:33:16.0647 1844 BrFiltUp - ok
13:33:16.0659 1844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:33:16.0663 1844 Brserid - ok
13:33:16.0680 1844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:33:16.0681 1844 BrSerWdm - ok
13:33:16.0693 1844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:33:16.0694 1844 BrUsbMdm - ok
13:33:16.0710 1844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:33:16.0711 1844 BrUsbSer - ok
13:33:16.0727 1844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:33:16.0728 1844 BTHMODEM - ok
13:33:16.0749 1844 catchme - ok
13:33:16.0769 1844 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:16.0770 1844 cdfs - ok
13:33:16.0784 1844 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:33:16.0787 1844 cdrom - ok
13:33:16.0817 1844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:33:16.0818 1844 circlass - ok
13:33:16.0850 1844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:33:16.0854 1844 CLFS - ok
13:33:16.0881 1844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:33:16.0882 1844 CmBatt - ok
13:33:16.0900 1844 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:33:16.0901 1844 cmdide - ok
13:33:16.0920 1844 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
13:33:16.0925 1844 CNG - ok
13:33:16.0933 1844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:33:16.0934 1844 Compbatt - ok
13:33:16.0961 1844 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:33:16.0962 1844 CompositeBus - ok
13:33:17.0000 1844 cpuz130 - ok
13:33:17.0057 1844 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
13:33:17.0058 1844 cpuz135 - ok
13:33:17.0066 1844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:33:17.0067 1844 crcdisk - ok
13:33:17.0110 1844 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
13:33:17.0116 1844 CSC - ok
13:33:17.0147 1844 DAdderFltr (bfa0d9e4563cfbd10393ae41e77ea7eb) C:\Windows\system32\drivers\dadder.sys
13:33:17.0148 1844 DAdderFltr - ok
13:33:17.0182 1844 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
13:33:17.0184 1844 DfsC - ok
13:33:17.0200 1844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:33:17.0201 1844 discache - ok
13:33:17.0216 1844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:33:17.0218 1844 Disk - ok
13:33:17.0251 1844 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:33:17.0252 1844 drmkaud - ok
13:33:17.0280 1844 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:17.0290 1844 DXGKrnl - ok
13:33:17.0353 1844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:33:17.0405 1844 ebdrv - ok
13:33:17.0435 1844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:33:17.0442 1844 elxstor - ok
13:33:17.0456 1844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:33:17.0457 1844 ErrDev - ok
13:33:17.0496 1844 EuMusDesignVirtualAudioCableWdm (5786f6a06eff17bddfeea128dca0b346) C:\Windows\system32\DRIVERS\vrtaucbl.sys
13:33:17.0498 1844 EuMusDesignVirtualAudioCableWdm - ok
13:33:17.0512 1844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:33:17.0515 1844 exfat - ok
13:33:17.0531 1844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:33:17.0534 1844 fastfat - ok
13:33:17.0554 1844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:33:17.0555 1844 fdc - ok
13:33:17.0583 1844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:33:17.0585 1844 FileInfo - ok
13:33:17.0597 1844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:33:17.0598 1844 Filetrace - ok
13:33:17.0611 1844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:33:17.0613 1844 flpydisk - ok
13:33:17.0630 1844 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:33:17.0633 1844 FltMgr - ok
13:33:17.0652 1844 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:33:17.0653 1844 FsDepends - ok
13:33:17.0666 1844 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:17.0667 1844 Fs_Rec - ok
13:33:17.0680 1844 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
13:33:17.0683 1844 fvevol - ok
13:33:17.0696 1844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:33:17.0697 1844 gagp30kx - ok
13:33:17.0734 1844 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:33:17.0735 1844 hamachi - ok
13:33:17.0745 1844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:33:17.0746 1844 hcw85cir - ok
13:33:17.0778 1844 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:33:17.0782 1844 HdAudAddService - ok
13:33:17.0805 1844 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:33:17.0806 1844 HDAudBus - ok
13:33:17.0814 1844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:33:17.0815 1844 HidBatt - ok
13:33:17.0834 1844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:33:17.0835 1844 HidBth - ok
13:33:17.0843 1844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:33:17.0845 1844 HidIr - ok
13:33:17.0873 1844 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:33:17.0874 1844 HidUsb - ok
13:33:17.0899 1844 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:33:17.0901 1844 HpSAMD - ok
13:33:17.0926 1844 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:33:17.0934 1844 HTTP - ok
13:33:17.0945 1844 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:33:17.0946 1844 hwpolicy - ok
13:33:17.0963 1844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:33:17.0964 1844 i8042prt - ok
13:33:17.0987 1844 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
13:33:17.0992 1844 iaStorV - ok
13:33:18.0012 1844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:33:18.0013 1844 iirsp - ok
13:33:18.0038 1844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:33:18.0039 1844 intelide - ok
13:33:18.0058 1844 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:18.0059 1844 intelppm - ok
13:33:18.0081 1844 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:18.0083 1844 IpFilterDriver - ok
13:33:18.0092 1844 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:33:18.0093 1844 IPMIDRV - ok
13:33:18.0106 1844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:33:18.0108 1844 IPNAT - ok
13:33:18.0139 1844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:33:18.0140 1844 IRENUM - ok
13:33:18.0148 1844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:33:18.0149 1844 isapnp - ok
13:33:18.0167 1844 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:33:18.0170 1844 iScsiPrt - ok
13:33:18.0185 1844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:18.0187 1844 kbdclass - ok
13:33:18.0203 1844 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:18.0205 1844 kbdhid - ok
13:33:18.0216 1844 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
13:33:18.0217 1844 KSecDD - ok
13:33:18.0229 1844 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
13:33:18.0231 1844 KSecPkg - ok
13:33:18.0245 1844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:33:18.0246 1844 ksthunk - ok
13:33:18.0352 1844 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
13:33:18.0353 1844 Lavasoft Kernexplorer - ok
13:33:18.0379 1844 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
13:33:18.0380 1844 LGBusEnum - ok
13:33:18.0397 1844 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
13:33:18.0398 1844 LGVirHid - ok
13:33:18.0418 1844 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:18.0420 1844 lltdio - ok
13:33:18.0448 1844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:33:18.0450 1844 LSI_FC - ok
13:33:18.0461 1844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:33:18.0464 1844 LSI_SAS - ok
13:33:18.0475 1844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:33:18.0476 1844 LSI_SAS2 - ok
13:33:18.0491 1844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:33:18.0493 1844 LSI_SCSI - ok
13:33:18.0507 1844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:33:18.0509 1844 luafv - ok
13:33:18.0543 1844 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
13:33:18.0544 1844 MBAMProtector - ok
13:33:18.0576 1844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:33:18.0577 1844 megasas - ok
13:33:18.0597 1844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:33:18.0601 1844 MegaSR - ok
13:33:18.0618 1844 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:33:18.0619 1844 Modem - ok
13:33:18.0644 1844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:33:18.0645 1844 monitor - ok
13:33:18.0662 1844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:33:18.0664 1844 mouclass - ok
13:33:18.0698 1844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:18.0699 1844 mouhid - ok
13:33:18.0713 1844 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:33:18.0715 1844 mountmgr - ok
13:33:18.0730 1844 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:33:18.0732 1844 mpio - ok
13:33:18.0750 1844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:33:18.0751 1844 mpsdrv - ok
13:33:18.0771 1844 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:33:18.0774 1844 MRxDAV - ok
13:33:18.0791 1844 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:18.0794 1844 mrxsmb - ok
13:33:18.0809 1844 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:18.0812 1844 mrxsmb10 - ok
13:33:18.0829 1844 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:18.0831 1844 mrxsmb20 - ok
13:33:18.0843 1844 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:33:18.0844 1844 msahci - ok
13:33:18.0855 1844 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:33:18.0857 1844 msdsm - ok
13:33:18.0886 1844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:33:18.0887 1844 Msfs - ok
13:33:18.0902 1844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:33:18.0903 1844 mshidkmdf - ok
13:33:18.0913 1844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:33:18.0914 1844 msisadrv - ok
13:33:18.0943 1844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:18.0944 1844 MSKSSRV - ok
13:33:18.0958 1844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:18.0958 1844 MSPCLOCK - ok
13:33:18.0972 1844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:33:18.0973 1844 MSPQM - ok
13:33:18.0991 1844 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:33:18.0996 1844 MsRPC - ok
13:33:19.0008 1844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:33:19.0008 1844 mssmbios - ok
13:33:19.0020 1844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:33:19.0021 1844 MSTEE - ok
13:33:19.0034 1844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:33:19.0035 1844 MTConfig - ok
13:33:19.0055 1844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:33:19.0056 1844 Mup - ok
13:33:19.0080 1844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:19.0084 1844 NativeWifiP - ok
13:33:19.0110 1844 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:33:19.0120 1844 NDIS - ok
13:33:19.0134 1844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:33:19.0135 1844 NdisCap - ok
13:33:19.0160 1844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:19.0161 1844 NdisTapi - ok
13:33:19.0170 1844 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:19.0171 1844 Ndisuio - ok
13:33:19.0185 1844 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:19.0188 1844 NdisWan - ok
13:33:19.0199 1844 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:33:19.0200 1844 NDProxy - ok
13:33:19.0208 1844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:33:19.0210 1844 NetBIOS - ok
13:33:19.0226 1844 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:33:19.0229 1844 NetBT - ok
13:33:19.0281 1844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:33:19.0282 1844 nfrd960 - ok
13:33:19.0302 1844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:33:19.0303 1844 Npfs - ok
13:33:19.0313 1844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:33:19.0314 1844 nsiproxy - ok
13:33:19.0356 1844 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
13:33:19.0377 1844 Ntfs - ok
13:33:19.0392 1844 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:33:19.0393 1844 Null - ok
13:33:19.0405 1844 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
13:33:19.0407 1844 nvraid - ok
13:33:19.0422 1844 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
13:33:19.0425 1844 nvstor - ok
13:33:19.0440 1844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:33:19.0442 1844 nv_agp - ok
13:33:19.0450 1844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:33:19.0452 1844 ohci1394 - ok
13:33:19.0471 1844 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:33:19.0473 1844 Parport - ok
13:33:19.0491 1844 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:33:19.0492 1844 partmgr - ok
13:33:19.0573 1844 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
13:33:19.0573 1844 pbfilter - ok
13:33:19.0590 1844 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:33:19.0592 1844 pci - ok
13:33:19.0607 1844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:33:19.0608 1844 pciide - ok
13:33:19.0626 1844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:33:19.0629 1844 pcmcia - ok
13:33:19.0637 1844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:33:19.0639 1844 pcw - ok
13:33:19.0661 1844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:33:19.0669 1844 PEAUTH - ok
13:33:19.0760 1844 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:33:19.0762 1844 PptpMiniport - ok
13:33:19.0775 1844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:33:19.0777 1844 Processor - ok
13:33:19.0794 1844 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:33:19.0796 1844 Psched - ok
13:33:19.0830 1844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:33:19.0847 1844 ql2300 - ok
13:33:19.0863 1844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:33:19.0865 1844 ql40xx - ok
13:33:19.0880 1844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:33:19.0881 1844 QWAVEdrv - ok
13:33:19.0895 1844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:33:19.0896 1844 RasAcd - ok
13:33:19.0911 1844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:33:19.0912 1844 RasAgileVpn - ok
13:33:19.0929 1844 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:19.0931 1844 Rasl2tp - ok
13:33:19.0950 1844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:19.0952 1844 RasPppoe - ok
13:33:19.0966 1844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:33:19.0967 1844 RasSstp - ok
13:33:19.0985 1844 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:33:19.0989 1844 rdbss - ok
13:33:20.0006 1844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:33:20.0007 1844 rdpbus - ok
13:33:20.0021 1844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:20.0022 1844 RDPCDD - ok
13:33:20.0041 1844 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
13:33:20.0044 1844 RDPDR - ok
13:33:20.0065 1844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:33:20.0066 1844 RDPENCDD - ok
13:33:20.0083 1844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:33:20.0084 1844 RDPREFMP - ok
13:33:20.0099 1844 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:33:20.0102 1844 RDPWD - ok
13:33:20.0118 1844 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:33:20.0121 1844 rdyboost - ok
13:33:20.0152 1844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:20.0153 1844 rspndr - ok
13:33:20.0183 1844 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:33:20.0186 1844 RTL8167 - ok
13:33:20.0269 1844 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:33:20.0270 1844 SASDIFSV - ok
13:33:20.0273 1844 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:33:20.0274 1844 SASKUTIL - ok
13:33:20.0290 1844 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:33:20.0292 1844 sbp2port - ok
13:33:20.0311 1844 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:33:20.0312 1844 scfilter - ok
13:33:20.0343 1844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:33:20.0344 1844 secdrv - ok
13:33:20.0374 1844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:33:20.0375 1844 Serenum - ok
13:33:20.0391 1844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:33:20.0393 1844 Serial - ok
13:33:20.0411 1844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:33:20.0412 1844 sermouse - ok
13:33:20.0437 1844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:33:20.0438 1844 sffdisk - ok
13:33:20.0446 1844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:33:20.0447 1844 sffp_mmc - ok
13:33:20.0455 1844 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:33:20.0456 1844 sffp_sd - ok
13:33:20.0489 1844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:33:20.0490 1844 sfloppy - ok
13:33:20.0506 1844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:33:20.0507 1844 SiSRaid2 - ok
13:33:20.0519 1844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:33:20.0520 1844 SiSRaid4 - ok
13:33:20.0544 1844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:33:20.0546 1844 Smb - ok
13:33:20.0570 1844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:33:20.0571 1844 spldr - ok
13:33:20.0602 1844 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
13:33:20.0607 1844 srv - ok
13:33:20.0625 1844 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
13:33:20.0630 1844 srv2 - ok
13:33:20.0649 1844 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:20.0651 1844 srvnet - ok
13:33:20.0674 1844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:33:20.0675 1844 stexstor - ok
13:33:20.0691 1844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:33:20.0692 1844 swenum - ok
13:33:20.0754 1844 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
13:33:20.0785 1844 Tcpip - ok
13:33:20.0811 1844 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:20.0821 1844 TCPIP6 - ok
13:33:20.0836 1844 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:33:20.0837 1844 tcpipreg - ok
13:33:20.0850 1844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:33:20.0851 1844 TDPIPE - ok
13:33:20.0864 1844 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:33:20.0865 1844 TDTCP - ok
13:33:20.0878 1844 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:33:20.0880 1844 tdx - ok
13:33:20.0888 1844 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:33:20.0890 1844 TermDD - ok
13:33:20.0920 1844 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:20.0922 1844 tssecsrv - ok
13:33:20.0957 1844 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:20.0959 1844 tunnel - ok
13:33:20.0974 1844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:33:20.0975 1844 uagp35 - ok
13:33:20.0990 1844 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:33:20.0994 1844 udfs - ok
13:33:21.0013 1844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:33:21.0014 1844 uliagpkx - ok
13:33:21.0036 1844 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:33:21.0037 1844 umbus - ok
13:33:21.0081 1844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:33:21.0082 1844 UmPass - ok
13:33:21.0117 1844 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
13:33:21.0119 1844 usbaudio - ok
13:33:21.0134 1844 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:21.0136 1844 usbccgp - ok
13:33:21.0153 1844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:33:21.0155 1844 usbcir - ok
13:33:21.0167 1844 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:21.0168 1844 usbehci - ok
13:33:21.0189 1844 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:21.0194 1844 usbhub - ok
13:33:21.0206 1844 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:33:21.0207 1844 usbohci - ok
13:33:21.0218 1844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:33:21.0219 1844 usbprint - ok
13:33:21.0232 1844 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:21.0234 1844 USBSTOR - ok
13:33:21.0252 1844 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:33:21.0253 1844 usbuhci - ok
13:33:21.0298 1844 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
13:33:21.0301 1844 usbvideo - ok
13:33:21.0318 1844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:33:21.0319 1844 vdrvroot - ok
13:33:21.0330 1844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:21.0331 1844 vga - ok
13:33:21.0341 1844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:33:21.0343 1844 VgaSave - ok
13:33:21.0356 1844 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:33:21.0359 1844 vhdmp - ok
13:33:21.0375 1844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:33:21.0377 1844 viaide - ok
13:33:21.0395 1844 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:33:21.0397 1844 volmgr - ok
13:33:21.0415 1844 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:33:21.0420 1844 volmgrx - ok
13:33:21.0440 1844 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:33:21.0444 1844 volsnap - ok
13:33:21.0463 1844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:33:21.0465 1844 vsmraid - ok
13:33:21.0476 1844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:33:21.0477 1844 vwifibus - ok
13:33:21.0495 1844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:33:21.0496 1844 WacomPen - ok
13:33:21.0519 1844 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:21.0521 1844 WANARP - ok
13:33:21.0525 1844 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:21.0526 1844 Wanarpv6 - ok
13:33:21.0543 1844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:33:21.0544 1844 Wd - ok
13:33:21.0573 1844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:33:21.0581 1844 Wdf01000 - ok
13:33:21.0617 1844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:33:21.0618 1844 WfpLwf - ok
13:33:21.0626 1844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:33:21.0627 1844 WIMMount - ok
13:33:21.0674 1844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:33:21.0676 1844 WmiAcpi - ok
13:33:21.0702 1844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:21.0703 1844 ws2ifsl - ok
13:33:21.0725 1844 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:33:21.0727 1844 WudfPf - ok
13:33:21.0768 1844 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:21.0770 1844 WUDFRd - ok
13:33:21.0786 1844 MBR (0x1B8) (0792f22bcc85cfd3b28324561fffcabb) \Device\Harddisk1\DR1
13:33:22.0335 1844 \Device\Harddisk1\DR1 - ok
13:33:22.0344 1844 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:33:22.0385 1844 \Device\Harddisk0\DR0 - ok
13:33:22.0389 1844 Boot (0x1200) (158b9a6afc366f553171361560222ad5) \Device\Harddisk1\DR1\Partition0
13:33:22.0389 1844 \Device\Harddisk1\DR1\Partition0 - ok
13:33:22.0394 1844 Boot (0x1200) (1aaa2a1d9a6d95dd36de096ffa4e189c) \Device\Harddisk0\DR0\Partition0
13:33:22.0395 1844 \Device\Harddisk0\DR0\Partition0 - ok
13:33:22.0405 1844 Boot (0x1200) (c3080c6f1b1db512ce11aa5c25e5d660) \Device\Harddisk0\DR0\Partition1
13:33:22.0406 1844 \Device\Harddisk0\DR0\Partition1 - ok
13:33:22.0406 1844 ============================================================
13:33:22.0406 1844 Scan finished
13:33:22.0406 1844 ============================================================
13:33:22.0421 4500 Detected object count: 0
13:33:22.0421 4500 Actual detected object count: 0
13:33:30.0855 0664 ============================================================
13:33:30.0855 0664 Scan started
13:33:30.0855 0664 Mode: Manual;
13:33:30.0855 0664 ============================================================
13:33:31.0208 0664 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:33:31.0210 0664 1394ohci - ok
13:33:31.0233 0664 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:33:31.0235 0664 ACPI - ok
13:33:31.0246 0664 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:33:31.0246 0664 AcpiPmi - ok
13:33:31.0270 0664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:33:31.0273 0664 adp94xx - ok
13:33:31.0284 0664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:33:31.0286 0664 adpahci - ok
13:33:31.0302 0664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:33:31.0303 0664 adpu320 - ok
13:33:31.0326 0664 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
13:33:31.0329 0664 AFD - ok
13:33:31.0339 0664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:33:31.0340 0664 agp440 - ok
13:33:31.0350 0664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:33:31.0350 0664 aliide - ok
13:33:31.0371 0664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:33:31.0371 0664 amdide - ok
13:33:31.0408 0664 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
13:33:31.0408 0664 amdiox64 - ok
13:33:31.0422 0664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:33:31.0423 0664 AmdK8 - ok
13:33:31.0596 0664 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:31.0645 0664 amdkmdag - ok
13:33:31.0674 0664 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
13:33:31.0675 0664 amdkmdap - ok
13:33:31.0693 0664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:33:31.0694 0664 AmdPPM - ok
13:33:31.0710 0664 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
13:33:31.0711 0664 amdsata - ok
13:33:31.0725 0664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:33:31.0726 0664 amdsbs - ok
13:33:31.0740 0664 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
13:33:31.0740 0664 amdxata - ok
13:33:31.0748 0664 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:33:31.0749 0664 AppID - ok
13:33:31.0765 0664 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:33:31.0765 0664 arc - ok
13:33:31.0781 0664 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:33:31.0782 0664 arcsas - ok
13:33:31.0799 0664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:31.0800 0664 AsyncMac - ok
13:33:31.0813 0664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:33:31.0814 0664 atapi - ok
13:33:31.0834 0664 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
13:33:31.0835 0664 AtiHDAudioService - ok
13:33:31.0847 0664 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
13:33:31.0848 0664 AtiHdmiService - ok
13:33:32.0020 0664 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:32.0069 0664 atikmdag - ok
13:33:32.0097 0664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:33:32.0100 0664 b06bdrv - ok
13:33:32.0116 0664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:33:32.0118 0664 b57nd60a - ok
13:33:32.0131 0664 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:33:32.0131 0664 Beep - ok
13:33:32.0149 0664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:33:32.0150 0664 blbdrive - ok
13:33:32.0165 0664 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
13:33:32.0165 0664 bowser - ok
13:33:32.0173 0664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:33:32.0173 0664 BrFiltLo - ok
13:33:32.0188 0664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:33:32.0189 0664 BrFiltUp - ok
13:33:32.0201 0664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:33:32.0203 0664 Brserid - ok
13:33:32.0213 0664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:33:32.0214 0664 BrSerWdm - ok
13:33:32.0223 0664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:33:32.0224 0664 BrUsbMdm - ok
13:33:32.0233 0664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:33:32.0233 0664 BrUsbSer - ok
13:33:32.0252 0664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:33:32.0253 0664 BTHMODEM - ok
13:33:32.0266 0664 catchme - ok
13:33:32.0286 0664 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:32.0286 0664 cdfs - ok
13:33:32.0301 0664 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:33:32.0302 0664 cdrom - ok
13:33:32.0313 0664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:33:32.0313 0664 circlass - ok
13:33:32.0342 0664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:33:32.0344 0664 CLFS - ok
13:33:32.0362 0664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:33:32.0362 0664 CmBatt - ok
13:33:32.0375 0664 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:33:32.0376 0664 cmdide - ok
13:33:32.0395 0664 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
13:33:32.0398 0664 CNG - ok
13:33:32.0405 0664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:33:32.0406 0664 Compbatt - ok
13:33:32.0419 0664 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:33:32.0420 0664 CompositeBus - ok
13:33:32.0449 0664 cpuz130 - ok
13:33:32.0473 0664 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
13:33:32.0474 0664 cpuz135 - ok
13:33:32.0483 0664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:33:32.0483 0664 crcdisk - ok
13:33:32.0527 0664 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
13:33:32.0529 0664 CSC - ok
13:33:32.0556 0664 DAdderFltr (bfa0d9e4563cfbd10393ae41e77ea7eb) C:\Windows\system32\drivers\dadder.sys
13:33:32.0556 0664 DAdderFltr - ok
13:33:32.0574 0664 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
13:33:32.0575 0664 DfsC - ok
13:33:32.0600 0664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:33:32.0600 0664 discache - ok
13:33:32.0616 0664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:33:32.0617 0664 Disk - ok
13:33:32.0652 0664 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:33:32.0652 0664 drmkaud - ok
13:33:32.0680 0664 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:32.0685 0664 DXGKrnl - ok
13:33:32.0745 0664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:33:32.0763 0664 ebdrv - ok
13:33:32.0794 0664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:33:32.0797 0664 elxstor - ok
13:33:32.0807 0664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:33:32.0807 0664 ErrDev - ok
13:33:32.0838 0664 EuMusDesignVirtualAudioCableWdm (5786f6a06eff17bddfeea128dca0b346) C:\Windows\system32\DRIVERS\vrtaucbl.sys
13:33:32.0839 0664 EuMusDesignVirtualAudioCableWdm - ok
13:33:32.0853 0664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:33:32.0855 0664 exfat - ok
13:33:32.0873 0664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:33:32.0875 0664 fastfat - ok
13:33:32.0888 0664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:33:32.0888 0664 fdc - ok
13:33:32.0909 0664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:33:32.0909 0664 FileInfo - ok
13:33:32.0922 0664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:33:32.0923 0664 Filetrace - ok
13:33:32.0937 0664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:33:32.0937 0664 flpydisk - ok
13:33:32.0955 0664 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:33:32.0957 0664 FltMgr - ok
13:33:32.0971 0664 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:33:32.0972 0664 FsDepends - ok
13:33:32.0983 0664 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:32.0983 0664 Fs_Rec - ok
13:33:32.0997 0664 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
13:33:32.0999 0664 fvevol - ok
13:33:33.0013 0664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:33:33.0014 0664 gagp30kx - ok
13:33:33.0050 0664 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:33:33.0051 0664 hamachi - ok
13:33:33.0061 0664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:33:33.0062 0664 hcw85cir - ok
13:33:33.0087 0664 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:33:33.0089 0664 HdAudAddService - ok
13:33:33.0105 0664 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:33:33.0106 0664 HDAudBus - ok
13:33:33.0115 0664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:33:33.0116 0664 HidBatt - ok
13:33:33.0134 0664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:33:33.0135 0664 HidBth - ok
13:33:33.0143 0664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:33:33.0143 0664 HidIr - ok
13:33:33.0156 0664 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:33:33.0157 0664 HidUsb - ok
13:33:33.0174 0664 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:33:33.0175 0664 HpSAMD - ok
13:33:33.0201 0664 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:33:33.0205 0664 HTTP - ok
13:33:33.0220 0664 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:33:33.0221 0664 hwpolicy - ok
13:33:33.0238 0664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:33:33.0239 0664 i8042prt - ok
13:33:33.0263 0664 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
13:33:33.0265 0664 iaStorV - ok
13:33:33.0275 0664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:33:33.0276 0664 iirsp - ok
13:33:33.0297 0664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:33:33.0297 0664 intelide - ok
13:33:33.0308 0664 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:33.0309 0664 intelppm - ok
13:33:33.0323 0664 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:33.0324 0664 IpFilterDriver - ok
13:33:33.0333 0664 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:33:33.0334 0664 IPMIDRV - ok
13:33:33.0348 0664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:33:33.0349 0664 IPNAT - ok
13:33:33.0364 0664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:33:33.0365 0664 IRENUM - ok
13:33:33.0372 0664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:33:33.0373 0664 isapnp - ok
13:33:33.0384 0664 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:33:33.0386 0664 iScsiPrt - ok
13:33:33.0402 0664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:33.0403 0664 kbdclass - ok
13:33:33.0420 0664 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:33.0421 0664 kbdhid - ok
13:33:33.0432 0664 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
13:33:33.0433 0664 KSecDD - ok
13:33:33.0446 0664 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
13:33:33.0447 0664 KSecPkg - ok
13:33:33.0462 0664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:33:33.0462 0664 ksthunk - ok
13:33:33.0535 0664 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
13:33:33.0536 0664 Lavasoft Kernexplorer - ok
13:33:33.0562 0664 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
13:33:33.0562 0664 LGBusEnum - ok
13:33:33.0581 0664 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
13:33:33.0581 0664 LGVirHid - ok
13:33:33.0593 0664 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:33.0594 0664 lltdio - ok
13:33:33.0615 0664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:33:33.0616 0664 LSI_FC - ok
13:33:33.0628 0664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:33:33.0629 0664 LSI_SAS - ok
13:33:33.0642 0664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:33:33.0643 0664 LSI_SAS2 - ok
13:33:33.0658 0664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:33:33.0659 0664 LSI_SCSI - ok
13:33:33.0674 0664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:33:33.0675 0664 luafv - ok
13:33:33.0710 0664 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
13:33:33.0710 0664 MBAMProtector - ok
13:33:33.0726 0664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:33:33.0727 0664 megasas - ok
13:33:33.0748 0664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:33:33.0749 0664 MegaSR - ok
13:33:33.0768 0664 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:33:33.0769 0664 Modem - ok
13:33:33.0786 0664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:33:33.0787 0664 monitor - ok
13:33:33.0804 0664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:33:33.0805 0664 mouclass - ok
13:33:33.0815 0664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:33.0815 0664 mouhid - ok
13:33:33.0830 0664 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:33:33.0831 0664 mountmgr - ok
13:33:33.0847 0664 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:33:33.0848 0664 mpio - ok
13:33:33.0859 0664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:33:33.0859 0664 mpsdrv - ok
13:33:33.0872 0664 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:33:33.0873 0664 MRxDAV - ok
13:33:33.0882 0664 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:33.0883 0664 mrxsmb - ok
13:33:33.0901 0664 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:33.0902 0664 mrxsmb10 - ok
13:33:33.0913 0664 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:33.0914 0664 mrxsmb20 - ok
13:33:33.0926 0664 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:33:33.0927 0664 msahci - ok
13:33:33.0938 0664 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:33:33.0939 0664 msdsm - ok
13:33:33.0961 0664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:33:33.0962 0664 Msfs - ok
13:33:33.0977 0664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:33:33.0977 0664 mshidkmdf - ok
13:33:33.0988 0664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:33:33.0989 0664 msisadrv - ok
13:33:34.0010 0664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:34.0011 0664 MSKSSRV - ok
13:33:34.0018 0664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:34.0018 0664 MSPCLOCK - ok
13:33:34.0031 0664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:33:34.0031 0664 MSPQM - ok
13:33:34.0050 0664 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:33:34.0052 0664 MsRPC - ok
13:33:34.0066 0664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:33:34.0067 0664 mssmbios - ok
13:33:34.0079 0664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:33:34.0080 0664 MSTEE - ok
13:33:34.0093 0664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:33:34.0093 0664 MTConfig - ok
13:33:34.0105 0664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:33:34.0106 0664 Mup - ok
13:33:34.0130 0664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:34.0132 0664 NativeWifiP - ok
13:33:34.0160 0664 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:33:34.0165 0664 NDIS - ok
13:33:34.0176 0664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:33:34.0177 0664 NdisCap - ok
13:33:34.0186 0664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:34.0186 0664 NdisTapi - ok
13:33:34.0195 0664 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:34.0195 0664 Ndisuio - ok
13:33:34.0211 0664 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:34.0212 0664 NdisWan - ok
13:33:34.0224 0664 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:33:34.0225 0664 NDProxy - ok
13:33:34.0234 0664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:33:34.0234 0664 NetBIOS - ok
13:33:34.0251 0664 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:33:34.0253 0664 NetBT - ok
13:33:34.0281 0664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:33:34.0281 0664 nfrd960 - ok
13:33:34.0302 0664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:33:34.0303 0664 Npfs - ok
13:33:34.0312 0664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:33:34.0313 0664 nsiproxy - ok
13:33:34.0356 0664 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
13:33:34.0365 0664 Ntfs - ok
13:33:34.0376 0664 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:33:34.0377 0664 Null - ok
13:33:34.0389 0664 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
13:33:34.0390 0664 nvraid - ok
13:33:34.0406 0664 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
13:33:34.0407 0664 nvstor - ok
13:33:34.0424 0664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:33:34.0425 0664 nv_agp - ok
13:33:34.0433 0664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:33:34.0434 0664 ohci1394 - ok
13:33:34.0455 0664 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:33:34.0456 0664 Parport - ok
13:33:34.0466 0664 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:33:34.0467 0664 partmgr - ok
13:33:34.0514 0664 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
13:33:34.0515 0664 pbfilter - ok
13:33:34.0549 0664 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:33:34.0550 0664 pci - ok
13:33:34.0566 0664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:33:34.0566 0664 pciide - ok
13:33:34.0584 0664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:33:34.0586 0664 pcmcia - ok
13:33:34.0594 0664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:33:34.0595 0664 pcw - ok
13:33:34.0620 0664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:33:34.0624 0664 PEAUTH - ok
13:33:34.0677 0664 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:33:34.0678 0664 PptpMiniport - ok
13:33:34.0692 0664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:33:34.0693 0664 Processor - ok
13:33:34.0710 0664 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:33:34.0711 0664 Psched - ok
13:33:34.0747 0664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:33:34.0756 0664 ql2300 - ok
13:33:34.0771 0664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:33:34.0772 0664 ql40xx - ok
13:33:34.0789 0664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:33:34.0789 0664 QWAVEdrv - ok
13:33:34.0803 0664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:33:34.0804 0664 RasAcd - ok
13:33:34.0819 0664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:33:34.0820 0664 RasAgileVpn - ok
13:33:34.0838 0664 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:34.0839 0664 Rasl2tp - ok
13:33:34.0859 0664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:34.0860 0664 RasPppoe - ok
13:33:34.0868 0664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:33:34.0869 0664 RasSstp - ok
13:33:34.0886 0664 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:33:34.0887 0664 rdbss - ok
13:33:34.0898 0664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:33:34.0899 0664 rdpbus - ok
13:33:34.0913 0664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:34.0913 0664 RDPCDD - ok
13:33:34.0933 0664 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
13:33:34.0934 0664 RDPDR - ok
13:33:34.0941 0664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:33:34.0942 0664 RDPENCDD - ok
13:33:34.0958 0664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:33:34.0958 0664 RDPREFMP - ok
13:33:34.0974 0664 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:33:34.0975 0664 RDPWD - ok
13:33:34.0993 0664 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:33:34.0995 0664 rdyboost - ok
13:33:35.0019 0664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:35.0019 0664 rspndr - ok
13:33:35.0042 0664 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:33:35.0043 0664 RTL8167 - ok
13:33:35.0128 0664 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:33:35.0128 0664 SASDIFSV - ok
13:33:35.0133 0664 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:33:35.0133 0664 SASKUTIL - ok
13:33:35.0149 0664 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:33:35.0150 0664 sbp2port - ok
13:33:35.0169 0664 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:33:35.0170 0664 scfilter - ok
13:33:35.0193 0664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:33:35.0193 0664 secdrv - ok
13:33:35.0216 0664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:33:35.0216 0664 Serenum - ok
13:33:35.0233 0664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:33:35.0234 0664 Serial - ok
13:33:35.0242 0664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:33:35.0243 0664 sermouse - ok
13:33:35.0271 0664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:33:35.0271 0664 sffdisk - ok
13:33:35.0279 0664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:33:35.0279 0664 sffp_mmc - ok
13:33:35.0288 0664 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:33:35.0289 0664 sffp_sd - ok
13:33:35.0306 0664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:33:35.0306 0664 sfloppy - ok
13:33:35.0323 0664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:33:35.0323 0664 SiSRaid2 - ok
13:33:35.0336 0664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:33:35.0337 0664 SiSRaid4 - ok
13:33:35.0353 0664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:33:35.0354 0664 Smb - ok
13:33:35.0379 0664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:33:35.0379 0664 spldr - ok
13:33:35.0402 0664 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
13:33:35.0405 0664 srv - ok
13:33:35.0426 0664 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
13:33:35.0428 0664 srv2 - ok
13:33:35.0449 0664 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:35.0450 0664 srvnet - ok
13:33:35.0475 0664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:33:35.0476 0664 stexstor - ok
13:33:35.0491 0664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:33:35.0492 0664 swenum - ok
13:33:35.0545 0664 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
13:33:35.0556 0664 Tcpip - ok
13:33:35.0595 0664 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:35.0605 0664 TCPIP6 - ok
13:33:35.0619 0664 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:33:35.0620 0664 tcpipreg - ok
13:33:35.0634 0664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:33:35.0634 0664 TDPIPE - ok
13:33:35.0647 0664 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:33:35.0648 0664 TDTCP - ok
13:33:35.0662 0664 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:33:35.0663 0664 tdx - ok
13:33:35.0672 0664 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:33:35.0672 0664 TermDD - ok
13:33:35.0704 0664 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:35.0705 0664 tssecsrv - ok
13:33:35.0716 0664 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:35.0717 0664 tunnel - ok
13:33:35.0733 0664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:33:35.0733 0664 uagp35 - ok
13:33:35.0749 0664 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:33:35.0751 0664 udfs - ok
13:33:35.0772 0664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:33:35.0772 0664 uliagpkx - ok
13:33:35.0787 0664 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:33:35.0787 0664 umbus - ok
13:33:35.0798 0664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:33:35.0798 0664 UmPass - ok
13:33:35.0825 0664 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
13:33:35.0827 0664 usbaudio - ok
13:33:35.0851 0664 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:35.0852 0664 usbccgp - ok
13:33:35.0870 0664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:33:35.0871 0664 usbcir - ok
13:33:35.0884 0664 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:35.0884 0664 usbehci - ok
13:33:35.0906 0664 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:35.0908 0664 usbhub - ok
13:33:35.0923 0664 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:33:35.0924 0664 usbohci - ok
13:33:35.0935 0664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:33:35.0936 0664 usbprint - ok
13:33:35.0949 0664 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:35.0950 0664 USBSTOR - ok
13:33:35.0957 0664 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:33:35.0958 0664 usbuhci - ok
13:33:35.0999 0664 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
13:33:36.0000 0664 usbvideo - ok
13:33:36.0018 0664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:33:36.0019 0664 vdrvroot - ok
13:33:36.0029 0664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:36.0030 0664 vga - ok
13:33:36.0042 0664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:33:36.0042 0664 VgaSave - ok
13:33:36.0057 0664 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:33:36.0058 0664 vhdmp - ok
13:33:36.0076 0664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:33:36.0077 0664 viaide - ok
13:33:36.0087 0664 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:33:36.0088 0664 volmgr - ok
13:33:36.0107 0664 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:33:36.0109 0664 volmgrx - ok
13:33:36.0132 0664 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:33:36.0134 0664 volsnap - ok
13:33:36.0146 0664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:33:36.0148 0664 vsmraid - ok
13:33:36.0158 0664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:33:36.0158 0664 vwifibus - ok
13:33:36.0179 0664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:33:36.0179 0664 WacomPen - ok
13:33:36.0195 0664 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:36.0195 0664 WANARP - ok
13:33:36.0199 0664 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:36.0200 0664 Wanarpv6 - ok
13:33:36.0219 0664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:33:36.0220 0664 Wd - ok
13:33:36.0249 0664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:33:36.0254 0664 Wdf01000 - ok
13:33:36.0284 0664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:33:36.0284 0664 WfpLwf - ok
13:33:36.0292 0664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:33:36.0293 0664 WIMMount - ok
13:33:36.0333 0664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:33:36.0334 0664 WmiAcpi - ok
13:33:36.0361 0664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:36.0361 0664 ws2ifsl - ok
13:33:36.0384 0664 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:33:36.0385 0664 WudfPf - ok
13:33:36.0401 0664 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:36.0402 0664 WUDFRd - ok
13:33:36.0420 0664 MBR (0x1B8) (0792f22bcc85cfd3b28324561fffcabb) \Device\Harddisk1\DR1
13:33:36.0970 0664 \Device\Harddisk1\DR1 - ok
13:33:36.0977 0664 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:33:37.0019 0664 \Device\Harddisk0\DR0 - ok
13:33:37.0022 0664 Boot (0x1200) (158b9a6afc366f553171361560222ad5) \Device\Harddisk1\DR1\Partition0
13:33:37.0023 0664 \Device\Harddisk1\DR1\Partition0 - ok
13:33:37.0028 0664 Boot (0x1200) (1aaa2a1d9a6d95dd36de096ffa4e189c) \Device\Harddisk0\DR0\Partition0
13:33:37.0028 0664 \Device\Harddisk0\DR0\Partition0 - ok
13:33:37.0039 0664 Boot (0x1200) (c3080c6f1b1db512ce11aa5c25e5d660) \Device\Harddisk0\DR0\Partition1
13:33:37.0039 0664 \Device\Harddisk0\DR0\Partition1 - ok
13:33:37.0040 0664 ============================================================
13:33:37.0040 0664 Scan finished
13:33:37.0040 0664 ============================================================
13:33:37.0050 4564 Detected object count: 0
13:33:37.0050 4564 Actual detected object count: 0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:35 AM

Posted 26 December 2011 - 03:53 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Pudly

Pudly
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 26 December 2011 - 04:02 PM

you didnt mention anything about the downloading the avast virus definitions, should I have done that?


aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-26 16:00:30
-----------------------------
16:00:30.507 OS Version: Windows x64 6.1.7600
16:00:30.507 Number of processors: 4 586 0x203
16:00:30.508 ComputerName: PUDLY-PC UserName: Pudly
16:00:31.905 Initialize success
16:00:34.099 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
16:00:34.101 Disk 0 Vendor: WDC_WD1001FALS-00E8B0 05.00K05 Size: 953869MB BusType: 3
16:00:34.103 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
16:00:34.105 Disk 1 Vendor: Maxtor_6L300S0 BACE1G20 Size: 286188MB BusType: 3
16:00:36.117 Disk 0 MBR read successfully
16:00:36.120 Disk 0 MBR scan
16:00:36.122 Disk 0 Windows 7 default MBR code
16:00:36.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:00:36.145 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
16:00:36.148 Service scanning
16:00:37.283 Modules scanning
16:00:37.287 Disk 0 trace - called modules:
16:00:37.291 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:00:37.295 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a1d060]
16:00:37.300 3 CLASSPNP.SYS[fffff880018ae43f] -> nt!IofCallDriver -> [0xfffffa80047bb520]
16:00:37.305 5 ACPI.sys[fffff88000e46781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80047b9680]
16:00:37.311 Scan finished successfully
16:00:45.978 Disk 0 MBR has been saved successfully to "C:\Users\Pudly\Desktop\MBR.dat"
16:00:45.983 The log file has been saved successfully to "C:\Users\Pudly\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:35 AM

Posted 26 December 2011 - 04:17 PM

Still have the same symptoms?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users