Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 Security and internet security


  • This topic is locked This topic is locked
66 replies to this topic

#1 mierna

mierna

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 16 January 2012 - 08:51 AM

I ran malware bytes and removed 4 malice programs yesterday and again 3 today. but I think there is still something amiss.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.5.0_16
Run by mierna at 8:28:39 on 2012-01-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.1758 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\mierna\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
-netsvcs
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\mierna\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\mierna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QRU7CZCO\Defogger[1].exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=173611105403p0444v1l5r4731t262
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=173611105403p0444v1l5r4731t262
uInternet Settings,ProxyOverride = *.local
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
uRun: [MtdAcqu] "C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s
uRun: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\mierna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HPSIMP~1.LNK - C:\Users\mierna\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://www.gamehouse.com/games/NightshiftJaguarsEye.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CE8789A5-E15B-4335-B643-5CE18BC80551} : DhcpNameServer = 192.168.1.1
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\mierna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111028.030\IDSviA64.sys [2011-10-28 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]
R2 BackupService;BackupService;C:\Users\mierna\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2011-8-18 83512]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2011-11-8 138760]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-6-7 243232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-20 136824]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-29 135664]
S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-29 135664]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-16 13:20:46 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{149AB679-3AED-47CC-A922-BC50A9CF0488}\offreg.dll
2012-01-16 08:55:45 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-01-15 23:22:26 -------- d-s---w- C:\ComboFix
2012-01-15 22:09:16 98816 ----a-w- C:\Windows\sed.exe
2012-01-15 22:09:16 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-15 22:09:16 256000 ----a-w- C:\Windows\PEV.exe
2012-01-15 22:09:16 208896 ----a-w- C:\Windows\MBR.exe
2012-01-15 18:23:53 -------- d-----w- C:\Users\mierna\AppData\Roaming\Malwarebytes
2012-01-15 18:23:32 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-15 18:23:31 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-15 18:23:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-15 12:54:30 20480 ----a-w- C:\Windows\svchost.exe
2012-01-15 04:13:02 124392 --sh--w- C:\Users\mierna\AppData\Local\dplayx.dll
2012-01-15 02:15:10 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{149AB679-3AED-47CC-A922-BC50A9CF0488}\mpengine.dll
2012-01-15 02:15:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-11 18:24:49 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 18:24:49 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 18:24:49 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 18:24:49 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 18:23:52 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 18:23:52 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 18:23:23 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 18:23:23 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-05 00:33:31 -------- d-----w- C:\Program Files (x86)\DVDFab 8 Qt
2012-01-03 16:22:01 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-10 13:29:19 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-20 02:51:35 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
.
============= FINISH: 8:32:56.38 ===============

GMER did not allow me to select all of the options. Only Services, Registry and Files were clicked and I could not change any others.
also ADS was checked.
this was all that was returned on the attached log.

Attached Files

  • Attached File  DDS.txt   17.48KB   0 downloads
  • Attached File  gmer.log   274bytes   0 downloads


BC AdBot (Login to Remove)

 


#2 mierna

mierna
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 16 January 2012 - 09:04 AM

I forgot to attache this.

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 PM

Posted 19 January 2012 - 02:53 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 mierna

mierna
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 19 January 2012 - 09:55 AM

I downloaded combofix and ran it.
It is getting stuck at Completed stage 4.
It has been about 30 minutes, is there something I need to do?

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 PM

Posted 19 January 2012 - 12:00 PM

Hello

Lets try running this tool and see what it does

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 mierna

mierna
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 19 January 2012 - 12:19 PM

12:14:19.0366 5028 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
12:14:19.0724 5028 ============================================================
12:14:19.0724 5028 Current date / time: 2012/01/19 12:14:19.0724
12:14:19.0724 5028 SystemInfo:
12:14:19.0724 5028
12:14:19.0724 5028 OS Version: 6.1.7600 ServicePack: 0.0
12:14:19.0724 5028 Product type: Workstation
12:14:19.0724 5028 ComputerName: MIERNA-PC
12:14:19.0724 5028 UserName: mierna
12:14:19.0724 5028 Windows directory: C:\Windows
12:14:19.0724 5028 System windows directory: C:\Windows
12:14:19.0724 5028 Running under WOW64
12:14:19.0724 5028 Processor architecture: Intel x64
12:14:19.0724 5028 Number of processors: 2
12:14:19.0724 5028 Page size: 0x1000
12:14:19.0724 5028 Boot type: Normal boot
12:14:19.0724 5028 ============================================================
12:14:26.0401 5028 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:14:26.0401 5028 Drive \Device\Harddisk1\DR1 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:14:26.0994 5028 Initialize success
12:14:43.0202 3188 ============================================================
12:14:43.0202 3188 Scan started
12:14:43.0202 3188 Mode: Manual;
12:14:43.0202 3188 ============================================================
12:14:51.0065 3188 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:14:51.0065 3188 1394ohci - ok
12:14:51.0158 3188 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:14:51.0174 3188 ACPI - ok
12:14:51.0221 3188 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:14:51.0221 3188 AcpiPmi - ok
12:14:51.0361 3188 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:14:51.0392 3188 adp94xx - ok
12:14:51.0533 3188 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:14:51.0548 3188 adpahci - ok
12:14:51.0595 3188 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:14:51.0595 3188 adpu320 - ok
12:14:51.0704 3188 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
12:14:51.0720 3188 AFD - ok
12:14:51.0814 3188 AGERESoftModem (2173e070647ac68c16b8214fe5c05ec3) C:\Windows\system32\DRIVERS\agrsm64.sys
12:14:51.0845 3188 AGERESoftModem - ok
12:14:51.0923 3188 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:14:51.0923 3188 agp440 - ok
12:14:51.0985 3188 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:14:51.0985 3188 aliide - ok
12:14:52.0063 3188 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:14:52.0079 3188 amdide - ok
12:14:52.0126 3188 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:14:52.0141 3188 AmdK8 - ok
12:14:52.0391 3188 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:14:52.0391 3188 AmdPPM - ok
12:14:52.0516 3188 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
12:14:52.0531 3188 amdsata - ok
12:14:52.0594 3188 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:14:52.0594 3188 amdsbs - ok
12:14:52.0796 3188 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
12:14:52.0796 3188 amdxata - ok
12:14:52.0968 3188 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:14:52.0968 3188 AppID - ok
12:14:53.0124 3188 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:14:53.0140 3188 arc - ok
12:14:53.0233 3188 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:14:53.0233 3188 arcsas - ok
12:14:53.0296 3188 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:14:53.0311 3188 AsyncMac - ok
12:14:53.0514 3188 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:14:53.0514 3188 atapi - ok
12:14:53.0748 3188 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:14:53.0779 3188 b06bdrv - ok
12:14:53.0920 3188 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:14:53.0935 3188 b57nd60a - ok
12:14:54.0200 3188 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:14:54.0216 3188 Beep - ok
12:14:54.0356 3188 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:14:54.0372 3188 blbdrive - ok
12:14:54.0497 3188 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:14:54.0512 3188 bowser - ok
12:14:54.0575 3188 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:14:54.0575 3188 BrFiltLo - ok
12:14:54.0840 3188 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:14:54.0840 3188 BrFiltUp - ok
12:14:55.0152 3188 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:14:55.0183 3188 BridgeMP - ok
12:14:55.0339 3188 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:14:55.0339 3188 Brserid - ok
12:14:55.0370 3188 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:14:55.0370 3188 BrSerWdm - ok
12:14:55.0558 3188 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:14:55.0558 3188 BrUsbMdm - ok
12:14:55.0589 3188 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:14:55.0589 3188 BrUsbSer - ok
12:14:55.0760 3188 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:14:55.0760 3188 BTHMODEM - ok
12:14:55.0994 3188 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:14:56.0010 3188 cdfs - ok
12:14:56.0306 3188 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:14:56.0306 3188 cdrom - ok
12:14:56.0603 3188 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:14:56.0603 3188 circlass - ok
12:14:57.0086 3188 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:14:57.0102 3188 CLFS - ok
12:14:57.0617 3188 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:14:57.0664 3188 CmBatt - ok
12:14:58.0350 3188 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:14:58.0381 3188 cmdide - ok
12:14:58.0818 3188 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
12:14:58.0880 3188 CNG - ok
12:14:59.0473 3188 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:14:59.0489 3188 Compbatt - ok
12:14:59.0707 3188 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:14:59.0707 3188 CompositeBus - ok
12:14:59.0926 3188 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:14:59.0926 3188 crcdisk - ok
12:15:00.0316 3188 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:15:00.0316 3188 DfsC - ok
12:15:00.0440 3188 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:15:00.0440 3188 discache - ok
12:15:00.0877 3188 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:15:00.0893 3188 Disk - ok
12:15:01.0080 3188 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:15:01.0080 3188 drmkaud - ok
12:15:01.0454 3188 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:15:01.0470 3188 DXGKrnl - ok
12:15:02.0141 3188 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:15:02.0266 3188 ebdrv - ok
12:15:02.0671 3188 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:15:02.0718 3188 elxstor - ok
12:15:03.0342 3188 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:15:03.0342 3188 ErrDev - ok
12:15:03.0436 3188 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:15:03.0451 3188 exfat - ok
12:15:03.0716 3188 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:15:03.0732 3188 fastfat - ok
12:15:03.0904 3188 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:15:03.0950 3188 fdc - ok
12:15:04.0028 3188 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:15:04.0044 3188 FileInfo - ok
12:15:04.0060 3188 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:15:04.0075 3188 Filetrace - ok
12:15:04.0746 3188 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:15:04.0777 3188 flpydisk - ok
12:15:05.0167 3188 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:15:05.0198 3188 FltMgr - ok
12:15:05.0526 3188 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:15:05.0526 3188 FsDepends - ok
12:15:05.0588 3188 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:15:05.0588 3188 Fs_Rec - ok
12:15:05.0744 3188 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:15:05.0760 3188 fvevol - ok
12:15:06.0010 3188 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:15:06.0056 3188 gagp30kx - ok
12:15:06.0509 3188 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:15:06.0509 3188 GEARAspiWDM - ok
12:15:06.0852 3188 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:15:06.0868 3188 hcw85cir - ok
12:15:07.0164 3188 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:15:07.0180 3188 HdAudAddService - ok
12:15:07.0336 3188 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:15:07.0351 3188 HDAudBus - ok
12:15:07.0414 3188 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:15:07.0429 3188 HidBatt - ok
12:15:07.0507 3188 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:15:07.0538 3188 HidBth - ok
12:15:07.0835 3188 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:15:07.0835 3188 HidIr - ok
12:15:08.0069 3188 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:15:08.0100 3188 HidUsb - ok
12:15:08.0381 3188 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:15:08.0381 3188 HpSAMD - ok
12:15:08.0630 3188 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:15:08.0646 3188 HTTP - ok
12:15:09.0114 3188 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:15:09.0114 3188 hwpolicy - ok
12:15:09.0348 3188 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:15:09.0379 3188 i8042prt - ok
12:15:09.0691 3188 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
12:15:09.0754 3188 iaStorV - ok
12:15:09.0894 3188 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:15:09.0941 3188 iirsp - ok
12:15:10.0627 3188 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
12:15:10.0627 3188 IntcAzAudAddService - ok
12:15:10.0861 3188 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:15:10.0908 3188 intelide - ok
12:15:11.0080 3188 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:15:11.0080 3188 intelppm - ok
12:15:11.0126 3188 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:15:11.0142 3188 IpFilterDriver - ok
12:15:11.0766 3188 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:15:11.0813 3188 IPMIDRV - ok
12:15:11.0906 3188 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:15:11.0938 3188 IPNAT - ok
12:15:11.0984 3188 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:15:11.0984 3188 IRENUM - ok
12:15:12.0234 3188 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:15:12.0234 3188 isapnp - ok
12:15:12.0312 3188 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:15:12.0359 3188 iScsiPrt - ok
12:15:12.0390 3188 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:15:12.0390 3188 kbdclass - ok
12:15:12.0499 3188 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:15:12.0499 3188 kbdhid - ok
12:15:12.0624 3188 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
12:15:12.0640 3188 KSecDD - ok
12:15:12.0686 3188 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
12:15:12.0686 3188 KSecPkg - ok
12:15:12.0796 3188 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:15:12.0796 3188 ksthunk - ok
12:15:12.0967 3188 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:15:12.0983 3188 lltdio - ok
12:15:13.0030 3188 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:15:13.0030 3188 LSI_FC - ok
12:15:13.0139 3188 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:15:13.0154 3188 LSI_SAS - ok
12:15:13.0201 3188 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:15:13.0201 3188 LSI_SAS2 - ok
12:15:13.0451 3188 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:15:13.0451 3188 LSI_SCSI - ok
12:15:13.0560 3188 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:15:13.0560 3188 luafv - ok
12:15:13.0622 3188 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:15:13.0622 3188 megasas - ok
12:15:13.0997 3188 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:15:14.0028 3188 MegaSR - ok
12:15:14.0168 3188 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:15:14.0184 3188 Modem - ok
12:15:14.0278 3188 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:15:14.0278 3188 monitor - ok
12:15:14.0324 3188 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:15:14.0324 3188 mouclass - ok
12:15:14.0699 3188 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:15:14.0699 3188 mouhid - ok
12:15:14.0746 3188 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:15:14.0746 3188 mountmgr - ok
12:15:14.0839 3188 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:15:14.0839 3188 mpio - ok
12:15:15.0042 3188 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:15:15.0073 3188 mpsdrv - ok
12:15:15.0292 3188 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:15:15.0307 3188 MRxDAV - ok
12:15:15.0432 3188 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:15:15.0463 3188 mrxsmb - ok
12:15:15.0713 3188 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:15:15.0728 3188 mrxsmb10 - ok
12:15:15.0760 3188 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:15:15.0775 3188 mrxsmb20 - ok
12:15:15.0869 3188 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:15:15.0884 3188 msahci - ok
12:15:15.0947 3188 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:15:15.0962 3188 msdsm - ok
12:15:16.0087 3188 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:15:16.0087 3188 Msfs - ok
12:15:16.0118 3188 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:15:16.0134 3188 mshidkmdf - ok
12:15:16.0306 3188 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:15:16.0321 3188 msisadrv - ok
12:15:16.0508 3188 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:15:16.0524 3188 MSKSSRV - ok
12:15:16.0602 3188 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:15:16.0618 3188 MSPCLOCK - ok
12:15:16.0711 3188 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:15:16.0727 3188 MSPQM - ok
12:15:16.0774 3188 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:15:16.0774 3188 MsRPC - ok
12:15:16.0836 3188 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:15:16.0836 3188 mssmbios - ok
12:15:16.0992 3188 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:15:16.0992 3188 MSTEE - ok
12:15:17.0054 3188 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:15:17.0070 3188 MTConfig - ok
12:15:17.0132 3188 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:15:17.0132 3188 Mup - ok
12:15:17.0366 3188 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:15:17.0366 3188 NativeWifiP - ok
12:15:17.0866 3188 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:15:17.0928 3188 NDIS - ok
12:15:18.0474 3188 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:15:18.0474 3188 NdisCap - ok
12:15:18.0848 3188 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:15:18.0864 3188 NdisTapi - ok
12:15:18.0926 3188 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:15:18.0958 3188 Ndisuio - ok
12:15:19.0004 3188 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:15:19.0020 3188 NdisWan - ok
12:15:19.0114 3188 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:15:19.0129 3188 NDProxy - ok
12:15:19.0270 3188 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:15:19.0301 3188 NetBIOS - ok
12:15:19.0628 3188 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:15:19.0628 3188 NetBT - ok
12:15:19.0878 3188 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:15:19.0878 3188 nfrd960 - ok
12:15:20.0018 3188 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:15:20.0034 3188 Npfs - ok
12:15:20.0065 3188 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:15:20.0065 3188 nsiproxy - ok
12:15:20.0268 3188 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
12:15:20.0284 3188 Ntfs - ok
12:15:20.0377 3188 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
12:15:20.0393 3188 NuidFltr - ok
12:15:20.0471 3188 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:15:20.0486 3188 Null - ok
12:15:20.0783 3188 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
12:15:20.0798 3188 NVENETFD - ok
12:15:21.0656 3188 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:15:21.0734 3188 nvlddmkm - ok
12:15:21.0844 3188 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
12:15:21.0844 3188 NVNET - ok
12:15:21.0937 3188 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
12:15:21.0937 3188 nvraid - ok
12:15:22.0171 3188 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
12:15:22.0187 3188 nvstor - ok
12:15:22.0296 3188 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
12:15:22.0296 3188 nvstor64 - ok
12:15:22.0436 3188 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:15:22.0436 3188 nv_agp - ok
12:15:22.0561 3188 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:15:22.0577 3188 ohci1394 - ok
12:15:22.0655 3188 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:15:22.0655 3188 Parport - ok
12:15:22.0967 3188 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:15:22.0982 3188 partmgr - ok
12:15:23.0232 3188 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:15:23.0248 3188 pci - ok
12:15:23.0450 3188 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:15:23.0450 3188 pciide - ok
12:15:23.0825 3188 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:15:23.0825 3188 pcmcia - ok
12:15:23.0965 3188 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
12:15:23.0996 3188 pcouffin - ok
12:15:24.0043 3188 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:15:24.0043 3188 pcw - ok
12:15:24.0262 3188 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:15:24.0308 3188 PEAUTH - ok
12:15:24.0527 3188 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:15:24.0542 3188 PptpMiniport - ok
12:15:24.0605 3188 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:15:24.0605 3188 Processor - ok
12:15:24.0667 3188 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:15:24.0667 3188 Psched - ok
12:15:24.0792 3188 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:15:24.0808 3188 ql2300 - ok
12:15:24.0948 3188 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:15:24.0948 3188 ql40xx - ok
12:15:25.0104 3188 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:15:25.0104 3188 QWAVEdrv - ok
12:15:25.0135 3188 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:15:25.0135 3188 RasAcd - ok
12:15:25.0322 3188 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:15:25.0338 3188 RasAgileVpn - ok
12:15:25.0416 3188 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:15:25.0432 3188 Rasl2tp - ok
12:15:25.0525 3188 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:15:25.0541 3188 RasPppoe - ok
12:15:25.0588 3188 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:15:25.0588 3188 RasSstp - ok
12:15:25.0744 3188 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:15:25.0759 3188 rdbss - ok
12:15:26.0102 3188 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:15:26.0118 3188 rdpbus - ok
12:15:26.0305 3188 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:15:26.0305 3188 RDPCDD - ok
12:15:26.0352 3188 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:15:26.0352 3188 RDPENCDD - ok
12:15:26.0477 3188 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:15:26.0508 3188 RDPREFMP - ok
12:15:26.0711 3188 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:15:26.0711 3188 RDPWD - ok
12:15:26.0960 3188 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:15:26.0976 3188 rdyboost - ok
12:15:27.0319 3188 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:15:27.0335 3188 RimUsb - ok
12:15:27.0428 3188 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:15:27.0444 3188 rspndr - ok
12:15:27.0475 3188 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:15:27.0475 3188 sbp2port - ok
12:15:27.0584 3188 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:15:27.0600 3188 scfilter - ok
12:15:27.0662 3188 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:15:27.0662 3188 secdrv - ok
12:15:27.0772 3188 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:15:27.0772 3188 Serenum - ok
12:15:27.0803 3188 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:15:27.0803 3188 Serial - ok
12:15:27.0974 3188 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:15:27.0974 3188 sermouse - ok
12:15:28.0146 3188 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:15:28.0146 3188 sffdisk - ok
12:15:28.0177 3188 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:15:28.0177 3188 sffp_mmc - ok
12:15:28.0286 3188 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:15:28.0302 3188 sffp_sd - ok
12:15:28.0333 3188 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:15:28.0333 3188 sfloppy - ok
12:15:28.0505 3188 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:15:28.0505 3188 Sftfs - ok
12:15:28.0692 3188 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:15:28.0692 3188 Sftplay - ok
12:15:28.0817 3188 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:15:28.0817 3188 Sftredir - ok
12:15:28.0942 3188 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:15:28.0942 3188 Sftvol - ok
12:15:29.0378 3188 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:15:29.0410 3188 SiSRaid2 - ok
12:15:29.0519 3188 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:15:29.0534 3188 SiSRaid4 - ok
12:15:29.0644 3188 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:15:29.0659 3188 Smb - ok
12:15:29.0956 3188 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:15:29.0956 3188 spldr - ok
12:15:30.0252 3188 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:15:30.0268 3188 srv - ok
12:15:30.0439 3188 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:15:30.0455 3188 srv2 - ok
12:15:30.0751 3188 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:15:30.0767 3188 srvnet - ok
12:15:30.0892 3188 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:15:30.0923 3188 stexstor - ok
12:15:30.0970 3188 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
12:15:30.0970 3188 StillCam - ok
12:15:31.0126 3188 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:15:31.0126 3188 swenum - ok
12:15:31.0422 3188 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
12:15:31.0453 3188 Tcpip - ok
12:15:31.0781 3188 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
12:15:31.0781 3188 TCPIP6 - ok
12:15:32.0186 3188 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:15:32.0186 3188 tcpipreg - ok
12:15:32.0311 3188 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:15:32.0342 3188 TDPIPE - ok
12:15:32.0374 3188 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:15:32.0374 3188 TDTCP - ok
12:15:32.0545 3188 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:15:32.0561 3188 tdx - ok
12:15:32.0779 3188 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:15:32.0779 3188 TermDD - ok
12:15:33.0076 3188 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:15:33.0091 3188 tssecsrv - ok
12:15:33.0216 3188 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:15:33.0247 3188 tunnel - ok
12:15:33.0294 3188 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:15:33.0294 3188 uagp35 - ok
12:15:33.0403 3188 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
12:15:33.0403 3188 udfs - ok
12:15:33.0450 3188 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:15:33.0450 3188 uliagpkx - ok
12:15:33.0575 3188 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:15:33.0590 3188 umbus - ok
12:15:33.0668 3188 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:15:33.0684 3188 UmPass - ok
12:15:33.0762 3188 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:15:33.0778 3188 USBAAPL64 - ok
12:15:33.0887 3188 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
12:15:33.0902 3188 usbccgp - ok
12:15:33.0980 3188 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:15:33.0996 3188 usbcir - ok
12:15:34.0152 3188 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
12:15:34.0168 3188 usbehci - ok
12:15:34.0324 3188 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
12:15:34.0324 3188 usbhub - ok
12:15:34.0386 3188 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
12:15:34.0386 3188 usbohci - ok
12:15:34.0651 3188 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:15:34.0682 3188 usbprint - ok
12:15:34.0963 3188 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:15:34.0963 3188 usbscan - ok
12:15:35.0088 3188 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:15:35.0119 3188 USBSTOR - ok
12:15:35.0244 3188 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
12:15:35.0244 3188 usbuhci - ok
12:15:35.0306 3188 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:15:35.0306 3188 vdrvroot - ok
12:15:35.0587 3188 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:15:35.0603 3188 vga - ok
12:15:35.0759 3188 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:15:35.0759 3188 VgaSave - ok
12:15:35.0821 3188 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:15:35.0821 3188 vhdmp - ok
12:15:35.0930 3188 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:15:35.0946 3188 viaide - ok
12:15:35.0993 3188 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:15:35.0993 3188 volmgr - ok
12:15:36.0196 3188 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:15:36.0211 3188 volmgrx - ok
12:15:36.0305 3188 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:15:36.0320 3188 volsnap - ok
12:15:36.0383 3188 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:15:36.0398 3188 vsmraid - ok
12:15:36.0664 3188 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:15:36.0679 3188 vwifibus - ok
12:15:36.0976 3188 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:15:36.0991 3188 WacomPen - ok
12:15:37.0069 3188 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:15:37.0069 3188 WANARP - ok
12:15:37.0085 3188 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:15:37.0085 3188 Wanarpv6 - ok
12:15:37.0241 3188 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:15:37.0272 3188 Wd - ok
12:15:37.0303 3188 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:15:37.0319 3188 Wdf01000 - ok
12:15:37.0522 3188 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:15:37.0537 3188 WfpLwf - ok
12:15:37.0615 3188 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:15:37.0631 3188 WIMMount - ok
12:15:37.0958 3188 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
12:15:37.0990 3188 WinUsb - ok
12:15:38.0114 3188 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:15:38.0114 3188 WmiAcpi - ok
12:15:38.0411 3188 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:15:38.0426 3188 ws2ifsl - ok
12:15:38.0473 3188 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:15:38.0489 3188 WudfPf - ok
12:15:38.0629 3188 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:15:38.0629 3188 WUDFRd - ok
12:15:38.0676 3188 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
12:15:38.0707 3188 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:15:38.0707 3188 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:15:38.0723 3188 MBR (0x1B8) (a37654aff661080bf986ebd6e9ea1ac5) \Device\Harddisk1\DR1
12:15:38.0723 3188 \Device\Harddisk1\DR1 - ok
12:15:38.0754 3188 Boot (0x1200) (063d9d118a7cb1c6d0cbbb8e6384eabb) \Device\Harddisk0\DR0\Partition0
12:15:38.0770 3188 \Device\Harddisk0\DR0\Partition0 - ok
12:15:38.0801 3188 Boot (0x1200) (1485b20db94d29dfca6261d43ff71e9a) \Device\Harddisk0\DR0\Partition1
12:15:38.0801 3188 \Device\Harddisk0\DR0\Partition1 - ok
12:15:38.0816 3188 Boot (0x1200) (385fdb8cae324a00549542526b91cd2c) \Device\Harddisk1\DR1\Partition0
12:15:38.0816 3188 \Device\Harddisk1\DR1\Partition0 - ok
12:15:38.0816 3188 ============================================================
12:15:38.0816 3188 Scan finished
12:15:38.0816 3188 ============================================================
12:15:38.0832 3428 Detected object count: 1
12:15:38.0832 3428 Actual detected object count: 1
12:16:34.0228 3428 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:16:34.0228 3428 \Device\Harddisk0\DR0 - ok
12:16:34.0228 3428 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:17:06.0395 5036 Deinitialize success

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 PM

Posted 19 January 2012 - 12:53 PM

now I would like you to rerun combofix for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mierna

mierna
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 19 January 2012 - 01:02 PM

I ran Combofix again and it is stuck on Completed Stage 4 again.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 PM

Posted 19 January 2012 - 01:08 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mierna

mierna
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 19 January 2012 - 01:19 PM

In Safemode it is still getting stuck at Completed Stage 4

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 PM

Posted 19 January 2012 - 02:40 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mierna

mierna
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 19 January 2012 - 02:58 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 14:54:09
-----------------------------
14:54:09.832 OS Version: Windows x64 6.1.7600
14:54:09.832 Number of processors: 2 586 0x603
14:54:09.832 ComputerName: MIERNA-PC UserName: mierna
14:54:12.391 Initialize success
14:55:00.752 AVAST engine defs: 12011901
14:55:33.010 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
14:55:33.010 Disk 0 Vendor: Hitachi_ JP2O Size: 476940MB BusType: 3
14:55:33.025 Disk 0 MBR read successfully
14:55:33.041 Disk 0 MBR scan
14:55:33.041 Disk 0 Windows 7 default MBR code
14:55:33.041 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
14:55:33.056 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
14:55:33.072 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460454 MB offset 33761280
14:55:33.088 Service scanning
14:55:37.081 Modules scanning
14:55:37.081 Disk 0 trace - called modules:
14:55:37.112 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
14:55:37.112 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045fa060]
14:55:37.128 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800428dc10]
14:55:37.144 5 ACPI.sys[fffff88000efc781] -> nt!IofCallDriver -> \Device\00000058[0xfffffa8004295060]
14:55:39.624 AVAST engine scan C:\Windows
14:55:51.761 AVAST engine scan C:\Windows\system32
14:57:19.090 AVAST engine scan C:\Windows\system32\drivers
14:57:29.261 AVAST engine scan C:\Users\mierna
14:57:34.955 File: C:\Users\mierna\AppData\Local\dplayx.dll **INFECTED** Win32:FakeAV-CUW [Trj]
14:58:03.752 Disk 0 MBR has been saved successfully to "C:\Users\mierna\Desktop\MBR.dat"
14:58:03.752 The log file has been saved successfully to "C:\Users\mierna\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 PM

Posted 19 January 2012 - 03:04 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 mierna

mierna
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 19 January 2012 - 03:11 PM

OTL logfile created on: 1/19/2012 3:07:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\mierna\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 68.89% Memory free
7.50 Gb Paging File | 6.20 Gb Available in Paging File | 82.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.66 Gb Total Space | 224.78 Gb Free Space | 49.99% Space Free | Partition Type: NTFS
Drive E: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 930.86 Gb Total Space | 672.42 Gb Free Space | 72.24% Space Free | Partition Type: NTFS

Computer Name: MIERNA-PC | User Name: mierna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\mierna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Users\mierna\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe ()
PRC - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Users\mierna\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe (ArcSoft, Inc.)
PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Users\mierna\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe ()
MOD - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
MOD - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll ()
MOD - C:\Users\mierna\AppData\Roaming\HP SimpleSave Application\FileMapInfoDB.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe ()
MOD - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncRs.crl ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM)) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BackupService) -- C:\Users\mierna\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe (ArcSoft, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTUPnPSv) -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (CTDevice_Srv) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 PM

Posted 19 January 2012 - 04:49 PM

hello

the report got cut off can you send me the whole report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users