Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe infected, computer slow and buggy, task manager barely works


  • This topic is locked This topic is locked
15 replies to this topic

#1 vanguardxl

vanguardxl

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 09 January 2012 - 08:34 AM

Pretty sure my computer is infected. Running the latest version of Malwarebyte's Anti-malware. It constantly blocks outbound IPs from svchost.exe. Trying to run a quick scan with it causes the computer to crash. Slowdowns are a constant problem and attempting to bring up the task manager yields "Login process has failed to create the security options dialog."
Any help will be much appreciated.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:33:19 AM, on 1/9/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Travis Carver\Downloads\HijackThis(1).exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CacheBoost] C:\Program Files\Systweak\Systweak CacheBoost\trayicon.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O20 - AppInit_DLLs: d3dgearload.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Systweak Inc - C:\Program Files\Systweak\Systweak CacheBoost\cbsrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 7331 bytes

Edited by vanguardxl, 09 January 2012 - 08:39 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 AM

Posted 10 January 2012 - 12:19 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 vanguardxl

vanguardxl
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 10 January 2012 - 01:30 AM

Thanks for responding. Here is DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
Run by Travis Carver at 1:18:48 on 2012-01-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1497 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Systweak\Systweak CacheBoost\trayicon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CacheBoost] c:\program files\systweak\systweak cacheboost\trayicon.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn311\wlancfg5.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{B1B15731-4EA2-4946-865B-F857A43B90D7} : DhcpNameServer = 10.0.0.1
AppInit_DLLs: d3dgearload.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\travis carver\appdata\roaming\mozilla\firefox\profiles\jetz3pbj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\roblox\versions\version-9d8ee47fdc21422e\NPRobloxProxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-25 176128]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-7-28 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-13 652872]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-10-25 8853504]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-10-25 264192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-6-6 81936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-24 20464]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 CacheBoost Service;CacheBoost Performance Optimizer and Tuner Service;c:\program files\systweak\systweak cacheboost\cbSrv.exe [2009-4-28 187120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-24 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-24 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-9 40776]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2011-4-14 103336]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-10 04:28:18 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b61e40ad-82af-4620-9769-b952f9c87488}\offreg.dll
2012-01-09 09:56:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-09 09:15:26 -------- d-----w- c:\users\travis carver\appdata\local\Ubisoft
2012-01-09 06:13:43 -------- d-----w- c:\users\travis carver\appdata\local\AOL
2012-01-09 06:13:27 -------- d-----w- c:\programdata\AIM
2012-01-09 06:13:25 -------- d-----w- c:\program files\AIM
2012-01-09 06:13:24 -------- d-----w- c:\program files\common files\Software Update Utility
2012-01-09 06:13:21 -------- d-----w- c:\program files\common files\AOL
2012-01-06 09:11:42 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b61e40ad-82af-4620-9769-b952f9c87488}\mpengine.dll
2011-12-31 07:33:18 -------- d-----w- c:\users\travis carver\appdata\roaming\Ubisoft
2011-12-30 21:54:50 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-30 21:54:50 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2011-12-30 21:54:50 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2011-12-30 21:54:50 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2011-12-28 09:22:40 -------- d-sh--w- C:\found.007
2011-12-28 08:20:07 -------- d-sh--w- C:\found.006
2011-12-27 22:17:37 -------- d-----w- c:\users\travis carver\appdata\roaming\SpaceMonger
2011-12-27 22:17:37 -------- d-----w- c:\program files\SpaceMonger
2011-12-21 09:58:03 -------- d-----w- c:\program files\Gemini Rue
2011-12-19 03:04:28 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-19 03:04:27 22328 ----a-w- c:\users\travis carver\appdata\roaming\PnkBstrK.sys
2011-12-19 03:03:54 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-19 03:03:52 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-12-19 03:03:52 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2011-12-14 03:48:41 -------- d-----w- c:\users\travis carver\appdata\roaming\GameRanger
2011-12-13 03:21:53 -------- d-----w- c:\users\travis carver\appdata\local\SanctionedMedia
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 20:50:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-04 14:54:57 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 03:03:48 8853504 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-26 02:21:48 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-10-26 02:21:34 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-10-26 02:20:42 13950464 ----a-w- c:\windows\system32\amdocl.dll
2011-10-26 02:19:50 44032 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-26 02:06:10 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 02:05:58 748544 ----a-w- c:\windows\system32\aticfx32.dll
2011-10-26 02:01:46 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:01:18 417792 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-26 02:00:46 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-26 01:59:48 18757120 ----a-w- c:\windows\system32\atioglxx.dll
2011-10-26 01:59:32 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-10-26 01:59:16 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-10-26 01:59:04 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-10-26 01:58:56 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-26 01:58:48 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-10-26 01:55:48 4292096 ----a-w- c:\windows\system32\atidxx32.dll
2011-10-26 01:43:24 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-10-26 01:38:30 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-10-26 01:38:18 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-10-26 01:35:38 4353536 ----a-w- c:\windows\system32\atiumdag.dll
2011-10-26 01:34:56 8449024 ----a-w- c:\windows\system32\aticaldd.dll
2011-10-26 01:32:30 4189184 ----a-w- c:\windows\system32\atiumdva.dll
2011-10-26 01:29:22 52736 ----a-w- c:\windows\system32\coinst.dll
2011-10-26 01:22:28 339968 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:22:16 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-26 01:22:06 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-10-26 01:21:36 264192 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-26 01:21:06 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-10-26 01:20:52 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-10-26 01:20:30 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-10-26 01:20:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:15:58 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-10-26 01:15:58 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-20 15:55:43 834048 ----a-w- c:\windows\system32\wininet.dll
2011-10-20 14:08:44 389632 ----a-w- c:\windows\system32\html.iec
2011-10-14 16:02:19 429056 ----a-w- c:\windows\system32\EncDec.dll
.
============= FINISH: 1:19:38.20 ===============

#4 vanguardxl

vanguardxl
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 10 January 2012 - 01:37 AM

...and Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/20/2011 4:38:33 AM
System Uptime: 1/9/2012 11:27:55 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel® Core™2 Duo CPU E8500 @ 3.16GHz | CPU | 3158/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 249.057 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 5.042 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_294C&SUBSYS_02151028&REV_02\3&172E68DD&0&C8
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_294C&SUBSYS_02151028&REV_02\3&172E68DD&0&C8
Service:
.
Class GUID:
Description: Creative Live! Cam Vista IM
Device ID: USB\VID_041E&PID_4052\5&C663B7B&0&1
Manufacturer:
Name: Creative Live! Cam Vista IM
PNP Device ID: USB\VID_041E&PID_4052\5&C663B7B&0&1
Service:
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02151028&REV_02\3&172E68DD&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02151028&REV_02\3&172E68DD&0&FB
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Professional CS5.5
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS5.1
Adobe Reader X (10.1.0)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 7
AMD APP SDK Runtime
AMD Catalyst Install Manager
Amnesia - The Dark Descent
ANNO 2070
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Call Of Cthulhu DCoTE
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
Cities XL 2011
Combined Community Codec Pack 2011-07-30
Command & Conquer Generals
Creative WebCam Center
D3DGear
DDS Thumbnail Viewer
Deus Ex - Human Revolution version 1.0
Download Updater (AOL LLC)
Far Cry 2
Flash Mod ver 1.0.1 Polish + English
Gemini Rue version 1.0
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Installer
iTunes
Java Auto Updater
Java™ 6 Update 26
Malwarebytes Anti-Malware version 1.60.0.1800
Manhunt
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 9.0.1 (x86 en-US)
NETGEAR WPN311 Wireless Adapter
Notepad++
NVIDIA Photoshop Plug-ins
Octoshape add-in for Adobe Flash Player
OpenAL
PDF Settings
PDF Settings CS5
Portal
Project64 1.6
PunkBuster Services
QuickTime
Roblox
S.W.A.T. 4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Silent Hill 2
Skype™ 5.5
Sothink SWF Decompiler
SpaceMonger 2.1.1
Spotify
Steam™
StencylWorks
Stronghold Crusader Extreme
StumbleUpon IE Toolbar
Swiff Player 1.7.2
Terragen 2 Free Edition
Terranim v2.1.4b
THE HOUSE OF THE DEAD 3
Thief - Deadly Shadows
Tom Clancy's Splinter Cell Conviction
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
WiedŸmin Edycja Rozszerzona
WinRAR 4.01 (32-bit)
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 11:49:31 AM, Error: Service Control Manager [7038] - The SstpSvc service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/9/2012 11:49:31 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service did not start due to a logon failure.
1/9/2012 11:49:31 AM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The service did not start due to a logon failure.
1/10/2012 1:22:55 AM, Error: Service Control Manager [7023] - The Secure Socket Tunneling Protocol Service service terminated with the following error: The system cannot find the file specified.
1/10/2012 1:22:55 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The system cannot find the file specified.
1/10/2012 1:01:39 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service has not been started.
.
==== End Of File ===========================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 AM

Posted 10 January 2012 - 09:29 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 vanguardxl

vanguardxl
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 10 January 2012 - 05:34 PM

I can't run the program, it won't let me. It says I need "administrative privileges," even when I right-click it and select "Run as Administrator."

I did it exactly as you said. What's the problem?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 AM

Posted 10 January 2012 - 06:58 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 vanguardxl

vanguardxl
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 11 January 2012 - 05:00 PM

That seems to have done the trick. It removed 1 rootkit that was lodged somewhere in my system files. My computer seems to be running back up to speed now with no hitches.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * *

23:42:50.0025 35904 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
23:42:50.0321 35904 ============================================================
23:42:50.0321 35904 Current date / time: 2012/01/10 23:42:50.0321
23:42:50.0321 35904 SystemInfo:
23:42:50.0321 35904
23:42:50.0321 35904 OS Version: 6.0.6002 ServicePack: 2.0
23:42:50.0321 35904 Product type: Workstation
23:42:50.0321 35904 ComputerName: OLESEMKO-PC
23:42:50.0321 35904 UserName: Ole Semko
23:42:50.0321 35904 Windows directory: C:\Windows
23:42:50.0321 35904 System windows directory: C:\Windows
23:42:50.0321 35904 Processor architecture: Intel x86
23:42:50.0321 35904 Number of processors: 2
23:42:50.0321 35904 Page size: 0x1000
23:42:50.0321 35904 Boot type: Normal boot
23:42:50.0321 35904 ============================================================
23:42:50.0945 35904 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000, SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
23:42:51.0273 35904 Initialize success
23:43:01.0304 32920 ============================================================
23:43:01.0304 32920 Scan started
23:43:01.0304 32920 Mode: Manual;
23:43:01.0304 32920 ============================================================
23:43:02.0396 32920 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:43:02.0411 32920 ACPI - ok
23:43:02.0474 32920 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
23:43:02.0489 32920 adp94xx - ok
23:43:02.0505 32920 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
23:43:02.0521 32920 adpahci - ok
23:43:02.0536 32920 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
23:43:02.0536 32920 adpu160m - ok
23:43:02.0567 32920 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
23:43:02.0567 32920 adpu320 - ok
23:43:02.0614 32920 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:43:02.0630 32920 AFD - ok
23:43:02.0692 32920 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
23:43:02.0692 32920 agp440 - ok
23:43:02.0739 32920 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:43:02.0755 32920 aic78xx - ok
23:43:02.0833 32920 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
23:43:02.0833 32920 aliide - ok
23:43:02.0864 32920 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
23:43:02.0879 32920 amdagp - ok
23:43:02.0926 32920 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
23:43:02.0926 32920 amdide - ok
23:43:02.0942 32920 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
23:43:02.0942 32920 AmdK7 - ok
23:43:02.0973 32920 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
23:43:02.0973 32920 AmdK8 - ok
23:43:03.0207 32920 amdkmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys
23:43:03.0301 32920 amdkmdag - ok
23:43:03.0316 32920 amdkmdap (f566c90e4bbe387e905130b6e490dccd) C:\Windows\system32\DRIVERS\atikmpag.sys
23:43:03.0316 32920 amdkmdap - ok
23:43:03.0363 32920 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
23:43:03.0363 32920 arc - ok
23:43:03.0394 32920 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
23:43:03.0394 32920 arcsas - ok
23:43:03.0441 32920 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:43:03.0441 32920 AsyncMac - ok
23:43:03.0472 32920 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
23:43:03.0472 32920 atapi - ok
23:43:03.0519 32920 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
23:43:03.0535 32920 athr - ok
23:43:03.0628 32920 AtiHDAudioService (f71b6ee018eadf4cfd52f3c83847e5f6) C:\Windows\system32\drivers\AtihdLH3.sys
23:43:03.0628 32920 AtiHDAudioService - ok
23:43:03.0659 32920 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:43:03.0659 32920 Beep - ok
23:43:03.0675 32920 blbdrive - ok
23:43:03.0691 32920 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:43:03.0691 32920 bowser - ok
23:43:03.0722 32920 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:43:03.0722 32920 BrFiltLo - ok
23:43:03.0737 32920 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:43:03.0737 32920 BrFiltUp - ok
23:43:03.0753 32920 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:43:03.0753 32920 Brserid - ok
23:43:03.0784 32920 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:43:03.0784 32920 BrSerWdm - ok
23:43:03.0800 32920 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:43:03.0800 32920 BrUsbMdm - ok
23:43:03.0800 32920 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:43:03.0800 32920 BrUsbSer - ok
23:43:03.0815 32920 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:43:03.0815 32920 BTHMODEM - ok
23:43:03.0847 32920 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:43:03.0847 32920 cdfs - ok
23:43:03.0878 32920 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:43:03.0893 32920 cdrom - ok
23:43:03.0925 32920 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
23:43:03.0925 32920 circlass - ok
23:43:03.0940 32920 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:43:03.0956 32920 CLFS - ok
23:43:04.0003 32920 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
23:43:04.0003 32920 cmdide - ok
23:43:04.0018 32920 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
23:43:04.0018 32920 Compbatt - ok
23:43:04.0081 32920 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
23:43:04.0081 32920 crcdisk - ok
23:43:04.0096 32920 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
23:43:04.0096 32920 Crusoe - ok
23:43:04.0127 32920 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:43:04.0127 32920 DfsC - ok
23:43:04.0190 32920 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:43:04.0190 32920 disk - ok
23:43:04.0221 32920 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:43:04.0221 32920 drmkaud - ok
23:43:04.0252 32920 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:43:04.0268 32920 DXGKrnl - ok
23:43:04.0283 32920 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:43:04.0283 32920 E1G60 - ok
23:43:04.0315 32920 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:43:04.0315 32920 Ecache - ok
23:43:04.0346 32920 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
23:43:04.0346 32920 elxstor - ok
23:43:04.0408 32920 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:43:04.0408 32920 exfat - ok
23:43:04.0455 32920 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:43:04.0471 32920 fastfat - ok
23:43:04.0502 32920 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
23:43:04.0502 32920 fdc - ok
23:43:04.0533 32920 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:43:04.0533 32920 FileInfo - ok
23:43:04.0595 32920 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:43:04.0595 32920 Filetrace - ok
23:43:04.0627 32920 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
23:43:04.0627 32920 flpydisk - ok
23:43:04.0658 32920 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:43:04.0658 32920 FltMgr - ok
23:43:04.0673 32920 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:43:04.0673 32920 Fs_Rec - ok
23:43:04.0689 32920 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
23:43:04.0689 32920 gagp30kx - ok
23:43:04.0720 32920 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:43:04.0720 32920 GEARAspiWDM - ok
23:43:04.0767 32920 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
23:43:04.0767 32920 HdAudAddService - ok
23:43:04.0798 32920 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:43:04.0814 32920 HDAudBus - ok
23:43:04.0829 32920 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:43:04.0829 32920 HidBth - ok
23:43:04.0861 32920 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:43:04.0861 32920 HidIr - ok
23:43:04.0892 32920 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:43:04.0892 32920 HidUsb - ok
23:43:04.0954 32920 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
23:43:04.0954 32920 HpCISSs - ok
23:43:04.0985 32920 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:43:05.0001 32920 HTTP - ok
23:43:05.0017 32920 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
23:43:05.0017 32920 i2omp - ok
23:43:05.0095 32920 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:43:05.0095 32920 i8042prt - ok
23:43:05.0141 32920 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:43:05.0141 32920 iaStorV - ok
23:43:05.0157 32920 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:43:05.0157 32920 iirsp - ok
23:43:05.0188 32920 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
23:43:05.0188 32920 intelide - ok
23:43:05.0219 32920 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:43:05.0219 32920 intelppm - ok
23:43:05.0251 32920 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:43:05.0251 32920 IpFilterDriver - ok
23:43:05.0251 32920 IpInIp - ok
23:43:05.0282 32920 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
23:43:05.0282 32920 IPMIDRV - ok
23:43:05.0297 32920 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:43:05.0297 32920 IPNAT - ok
23:43:05.0329 32920 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:43:05.0329 32920 IRENUM - ok
23:43:05.0344 32920 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
23:43:05.0344 32920 isapnp - ok
23:43:05.0375 32920 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
23:43:05.0375 32920 iScsiPrt - ok
23:43:05.0407 32920 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:43:05.0407 32920 iteatapi - ok
23:43:05.0438 32920 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:43:05.0438 32920 iteraid - ok
23:43:05.0485 32920 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:43:05.0485 32920 kbdclass - ok
23:43:05.0531 32920 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:43:05.0531 32920 kbdhid - ok
23:43:05.0563 32920 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
23:43:05.0563 32920 KSecDD - ok
23:43:05.0578 32920 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:43:05.0594 32920 lltdio - ok
23:43:05.0609 32920 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
23:43:05.0609 32920 LSI_FC - ok
23:43:05.0656 32920 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
23:43:05.0656 32920 LSI_SAS - ok
23:43:05.0672 32920 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
23:43:05.0672 32920 LSI_SCSI - ok
23:43:05.0703 32920 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:43:05.0703 32920 luafv - ok
23:43:05.0719 32920 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
23:43:05.0719 32920 MBAMProtector - ok
23:43:05.0734 32920 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
23:43:05.0750 32920 megasas - ok
23:43:05.0765 32920 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:43:05.0765 32920 Modem - ok
23:43:05.0781 32920 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
23:43:05.0781 32920 monitor - ok
23:43:05.0797 32920 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:43:05.0797 32920 mouclass - ok
23:43:05.0812 32920 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:43:05.0812 32920 mouhid - ok
23:43:05.0843 32920 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:43:05.0843 32920 MountMgr - ok
23:43:05.0859 32920 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
23:43:05.0859 32920 mpio - ok
23:43:05.0890 32920 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:43:05.0890 32920 mpsdrv - ok
23:43:05.0906 32920 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:43:05.0906 32920 Mraid35x - ok
23:43:05.0953 32920 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:43:05.0953 32920 MRxDAV - ok
23:43:05.0984 32920 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:43:05.0984 32920 mrxsmb - ok
23:43:05.0999 32920 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:43:05.0999 32920 mrxsmb10 - ok
23:43:06.0015 32920 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:43:06.0015 32920 mrxsmb20 - ok
23:43:06.0046 32920 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
23:43:06.0046 32920 msahci - ok
23:43:06.0077 32920 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
23:43:06.0077 32920 msdsm - ok
23:43:06.0109 32920 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:43:06.0109 32920 Msfs - ok
23:43:06.0124 32920 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:43:06.0124 32920 msisadrv - ok
23:43:06.0171 32920 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:43:06.0171 32920 MSKSSRV - ok
23:43:06.0202 32920 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:43:06.0202 32920 MSPCLOCK - ok
23:43:06.0202 32920 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:43:06.0202 32920 MSPQM - ok
23:43:06.0218 32920 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:43:06.0233 32920 MsRPC - ok
23:43:06.0249 32920 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:43:06.0249 32920 mssmbios - ok
23:43:06.0265 32920 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:43:06.0265 32920 MSTEE - ok
23:43:06.0296 32920 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:43:06.0296 32920 Mup - ok
23:43:06.0343 32920 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:43:06.0343 32920 NativeWifiP - ok
23:43:06.0374 32920 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:43:06.0389 32920 NDIS - ok
23:43:06.0436 32920 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:43:06.0436 32920 NdisTapi - ok
23:43:06.0467 32920 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:43:06.0467 32920 Ndisuio - ok
23:43:06.0499 32920 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:43:06.0514 32920 NdisWan - ok
23:43:06.0530 32920 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:43:06.0530 32920 NDProxy - ok
23:43:06.0545 32920 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:43:06.0545 32920 NetBIOS - ok
23:43:06.0577 32920 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:43:06.0577 32920 netbt - ok
23:43:06.0608 32920 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:43:06.0608 32920 nfrd960 - ok
23:43:06.0639 32920 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:43:06.0639 32920 Npfs - ok
23:43:06.0670 32920 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:43:06.0670 32920 nsiproxy - ok
23:43:06.0717 32920 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:43:06.0717 32920 Ntfs - ok
23:43:06.0748 32920 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:43:06.0748 32920 ntrigdigi - ok
23:43:06.0764 32920 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:43:06.0764 32920 Null - ok
23:43:06.0795 32920 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
23:43:06.0795 32920 nvraid - ok
23:43:06.0811 32920 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
23:43:06.0811 32920 nvstor - ok
23:43:06.0842 32920 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
23:43:06.0842 32920 nv_agp - ok
23:43:06.0842 32920 NwlnkFlt - ok
23:43:06.0857 32920 NwlnkFwd - ok
23:43:06.0889 32920 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
23:43:06.0889 32920 ohci1394 - ok
23:43:06.0904 32920 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:43:06.0904 32920 Parport - ok
23:43:06.0935 32920 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:43:06.0935 32920 partmgr - ok
23:43:06.0967 32920 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:43:06.0967 32920 Parvdm - ok
23:43:06.0998 32920 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:43:06.0998 32920 pci - ok
23:43:07.0013 32920 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
23:43:07.0013 32920 pciide - ok
23:43:07.0029 32920 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:43:07.0029 32920 pcmcia - ok
23:43:07.0076 32920 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:43:07.0076 32920 PEAUTH - ok
23:43:07.0123 32920 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:43:07.0123 32920 PptpMiniport - ok
23:43:07.0154 32920 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
23:43:07.0154 32920 Processor - ok
23:43:07.0201 32920 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:43:07.0201 32920 PSched - ok
23:43:07.0232 32920 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
23:43:07.0247 32920 ql2300 - ok
23:43:07.0263 32920 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:43:07.0263 32920 ql40xx - ok
23:43:07.0310 32920 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:43:07.0310 32920 QWAVEdrv - ok
23:43:07.0325 32920 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:43:07.0325 32920 RasAcd - ok
23:43:07.0341 32920 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:43:07.0357 32920 Rasl2tp - ok
23:43:07.0372 32920 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:43:07.0372 32920 RasPppoe - ok
23:43:07.0403 32920 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:43:07.0403 32920 RasSstp - ok
23:43:07.0450 32920 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:43:07.0450 32920 rdbss - ok
23:43:07.0497 32920 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:43:07.0513 32920 RDPCDD - ok
23:43:07.0528 32920 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
23:43:07.0528 32920 rdpdr - ok
23:43:07.0544 32920 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:43:07.0544 32920 RDPENCDD - ok
23:43:07.0559 32920 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
23:43:07.0559 32920 RDPWD - ok
23:43:07.0591 32920 RivaTuner32 - ok
23:43:07.0622 32920 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:43:07.0622 32920 rspndr - ok
23:43:07.0637 32920 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:43:07.0637 32920 sbp2port - ok
23:43:07.0669 32920 secdrv (ba0d892d2f786bcebdf03b0a252b47f3) C:\Windows\system32\drivers\secdrv.sys
23:43:07.0669 32920 secdrv - ok
23:43:07.0700 32920 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:43:07.0700 32920 Serenum - ok
23:43:07.0731 32920 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:43:07.0731 32920 Serial - ok
23:43:07.0762 32920 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:43:07.0762 32920 sermouse - ok
23:43:07.0793 32920 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
23:43:07.0793 32920 sffdisk - ok
23:43:07.0793 32920 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
23:43:07.0793 32920 sffp_mmc - ok
23:43:07.0809 32920 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
23:43:07.0809 32920 sffp_sd - ok
23:43:07.0825 32920 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:43:07.0840 32920 sfloppy - ok
23:43:07.0856 32920 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
23:43:07.0856 32920 sisagp - ok
23:43:07.0887 32920 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
23:43:07.0887 32920 SiSRaid2 - ok
23:43:07.0903 32920 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
23:43:07.0903 32920 SiSRaid4 - ok
23:43:07.0934 32920 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:43:07.0934 32920 Smb - ok
23:43:07.0949 32920 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:43:07.0949 32920 spldr - ok
23:43:08.0012 32920 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:43:08.0012 32920 srv - ok
23:43:08.0043 32920 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:43:08.0043 32920 srv2 - ok
23:43:08.0059 32920 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:43:08.0059 32920 srvnet - ok
23:43:08.0105 32920 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:43:08.0105 32920 swenum - ok
23:43:08.0137 32920 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:43:08.0152 32920 Symc8xx - ok
23:43:08.0183 32920 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:43:08.0183 32920 Sym_hi - ok
23:43:08.0199 32920 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:43:08.0199 32920 Sym_u3 - ok
23:43:08.0261 32920 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
23:43:08.0277 32920 Tcpip - ok
23:43:08.0293 32920 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
23:43:08.0293 32920 Tcpip6 - ok
23:43:08.0324 32920 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:43:08.0324 32920 tcpipreg - ok
23:43:08.0355 32920 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:43:08.0355 32920 TDPIPE - ok
23:43:08.0371 32920 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:43:08.0371 32920 TDTCP - ok
23:43:08.0402 32920 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:43:08.0402 32920 tdx - ok
23:43:08.0433 32920 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
23:43:08.0433 32920 TermDD - ok
23:43:08.0449 32920 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:43:08.0449 32920 tssecsrv - ok
23:43:08.0480 32920 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:43:08.0480 32920 tunmp - ok
23:43:08.0527 32920 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:43:08.0527 32920 tunnel - ok
23:43:08.0542 32920 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
23:43:08.0542 32920 uagp35 - ok
23:43:08.0573 32920 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:43:08.0589 32920 udfs - ok
23:43:08.0605 32920 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
23:43:08.0605 32920 uliagpkx - ok
23:43:08.0636 32920 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
23:43:08.0651 32920 uliahci - ok
23:43:08.0698 32920 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:43:08.0698 32920 UlSata - ok
23:43:08.0729 32920 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:43:08.0729 32920 ulsata2 - ok
23:43:08.0776 32920 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:43:08.0776 32920 umbus - ok
23:43:08.0807 32920 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
23:43:08.0807 32920 USBAAPL - ok
23:43:08.0870 32920 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
23:43:08.0870 32920 usbaudio - ok
23:43:08.0963 32920 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:43:08.0963 32920 usbccgp - ok
23:43:08.0995 32920 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:43:08.0995 32920 usbcir - ok
23:43:09.0057 32920 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:43:09.0057 32920 usbehci - ok
23:43:09.0104 32920 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:43:09.0104 32920 usbhub - ok
23:43:09.0135 32920 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:43:09.0135 32920 usbohci - ok
23:43:09.0182 32920 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
23:43:09.0182 32920 usbprint - ok
23:43:09.0197 32920 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:43:09.0197 32920 USBSTOR - ok
23:43:09.0213 32920 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:43:09.0213 32920 usbuhci - ok
23:43:09.0260 32920 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:43:09.0260 32920 usbvideo - ok
23:43:09.0291 32920 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
23:43:09.0291 32920 vga - ok
23:43:09.0322 32920 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:43:09.0322 32920 VgaSave - ok
23:43:09.0338 32920 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
23:43:09.0338 32920 viaagp - ok
23:43:09.0369 32920 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
23:43:09.0369 32920 ViaC7 - ok
23:43:09.0416 32920 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
23:43:09.0416 32920 viaide - ok
23:43:09.0447 32920 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:43:09.0447 32920 volmgr - ok
23:43:09.0478 32920 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:43:09.0494 32920 volmgrx - ok
23:43:09.0509 32920 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:43:09.0509 32920 volsnap - ok
23:43:09.0541 32920 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
23:43:09.0541 32920 vsmraid - ok
23:43:09.0572 32920 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
23:43:09.0572 32920 VSTHWBS2 - ok
23:43:09.0603 32920 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:43:09.0603 32920 VST_DPV - ok
23:43:09.0634 32920 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:43:09.0634 32920 WacomPen - ok
23:43:09.0665 32920 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:43:09.0665 32920 Wanarp - ok
23:43:09.0681 32920 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:43:09.0681 32920 Wanarpv6 - ok
23:43:09.0697 32920 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
23:43:09.0697 32920 Wd - ok
23:43:09.0728 32920 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:43:09.0743 32920 Wdf01000 - ok
23:43:09.0759 32920 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:43:09.0775 32920 winachsf - ok
23:43:09.0806 32920 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
23:43:09.0806 32920 WinUsb - ok
23:43:09.0821 32920 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
23:43:09.0821 32920 WmiAcpi - ok
23:43:09.0868 32920 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:43:09.0868 32920 WpdUsb - ok
23:43:09.0931 32920 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:43:09.0931 32920 ws2ifsl - ok
23:43:09.0946 32920 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:43:09.0962 32920 WUDFRd - ok
23:43:09.0977 32920 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
23:43:10.0009 32920 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
23:43:10.0009 32920 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
23:43:10.0040 32920 Boot (0x1200) (1bfa86fd4de7a5f8b0a54ce123669f05) \Device\Harddisk0\DR0\Partition0
23:43:10.0040 32920 \Device\Harddisk0\DR0\Partition0 - ok
23:43:10.0055 32920 Boot (0x1200) (56c4322007f5b03b822ae1bec80e2e25) \Device\Harddisk0\DR0\Partition1
23:43:10.0055 32920 \Device\Harddisk0\DR0\Partition1 - ok
23:43:10.0055 32920 ============================================================
23:43:10.0055 32920 Scan finished
23:43:10.0055 32920 ============================================================
23:43:10.0055 36776 Detected object count: 1
23:43:10.0055 36776 Actual detected object count: 1
23:43:18.0932 36776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
23:43:18.0932 36776 \Device\Harddisk0\DR0 - ok
23:43:18.0994 36776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
23:43:21.0849 35272 Deinitialize success

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 AM

Posted 11 January 2012 - 06:28 PM

Hello


try and run combofix for me now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 vanguardxl

vanguardxl
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 12 January 2012 - 05:18 PM

Sorry gringo, can't run it. My computer seems to be fine though. Should I follow up with anything else?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 AM

Posted 12 January 2012 - 05:37 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 AM

Posted 15 January 2012 - 02:57 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 vanguardxl

vanguardxl
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 17 January 2012 - 09:06 PM

Sorry, I was out for a while without access to a computer. I'll get that done soon.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 AM

Posted 18 January 2012 - 11:14 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 AM

Posted 21 January 2012 - 02:22 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users