Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware, some google redirect, attempts to block task manager


  • Please log in to reply
9 replies to this topic

#1 Ugoff

Ugoff

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 30 January 2012 - 05:10 PM

I have some sort of trojan launching from svchost.exe, I'm just not sure which one. Malwarebytes detects it every time I do a scan, and blocks the attempts to stop me from opening the task manager. The only time google redirects is when I do any sort of search related to "svchost.exe trojan removal". Any help is appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:08 PM

Posted 30 January 2012 - 06:18 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Post the clean log

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Ugoff

Ugoff
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 30 January 2012 - 11:26 PM

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.30.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
NickStadmiller :: PCNS [administrator]

Protection: Enabled

1/30/2012 9:30:54 PM
mbam-log-2012-01-30 (21-30-54).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 394605
Time elapsed: 58 minute(s), 8 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3196 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

22:36:45.0810 2188 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
22:36:46.0228 2188 ============================================================
22:36:46.0228 2188 Current date / time: 2012/01/30 22:36:46.0228
22:36:46.0228 2188 SystemInfo:
22:36:46.0228 2188
22:36:46.0228 2188 OS Version: 6.1.7600 ServicePack: 0.0
22:36:46.0228 2188 Product type: Workstation
22:36:46.0229 2188 ComputerName: PCNS
22:36:46.0229 2188 UserName: NickStadmiller
22:36:46.0229 2188 Windows directory: C:\Windows
22:36:46.0229 2188 System windows directory: C:\Windows
22:36:46.0229 2188 Running under WOW64
22:36:46.0229 2188 Processor architecture: Intel x64
22:36:46.0229 2188 Number of processors: 2
22:36:46.0229 2188 Page size: 0x1000
22:36:46.0229 2188 Boot type: Normal boot
22:36:46.0229 2188 ============================================================
22:36:47.0922 2188 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:36:47.0933 2188 \Device\Harddisk0\DR0:
22:36:47.0944 2188 MBR used
22:36:47.0944 2188 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
22:36:48.0015 2188 Initialize success
22:36:48.0015 2188 ============================================================
22:37:04.0165 4856 ============================================================
22:37:04.0165 4856 Scan started
22:37:04.0165 4856 Mode: Manual; TDLFS;
22:37:04.0165 4856 ============================================================
22:37:05.0531 4856 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:37:05.0535 4856 1394ohci - ok
22:37:05.0638 4856 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:37:05.0644 4856 ACPI - ok
22:37:05.0767 4856 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:37:05.0768 4856 AcpiPmi - ok
22:37:05.0889 4856 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:37:05.0906 4856 adp94xx - ok
22:37:06.0034 4856 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:37:06.0045 4856 adpahci - ok
22:37:06.0432 4856 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:37:06.0452 4856 adpu320 - ok
22:37:06.0820 4856 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
22:37:06.0841 4856 AFD - ok
22:37:06.0936 4856 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:37:06.0939 4856 agp440 - ok
22:37:07.0026 4856 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:37:07.0028 4856 aliide - ok
22:37:07.0097 4856 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:37:07.0099 4856 amdide - ok
22:37:07.0201 4856 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:37:07.0205 4856 AmdK8 - ok
22:37:07.0302 4856 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:37:07.0305 4856 AmdPPM - ok
22:37:07.0404 4856 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
22:37:07.0408 4856 amdsata - ok
22:37:07.0523 4856 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:37:07.0529 4856 amdsbs - ok
22:37:07.0627 4856 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
22:37:07.0629 4856 amdxata - ok
22:37:07.0729 4856 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:37:07.0732 4856 AppID - ok
22:37:07.0837 4856 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:37:07.0841 4856 arc - ok
22:37:07.0944 4856 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:37:07.0948 4856 arcsas - ok
22:37:07.0965 4856 AsIO - ok
22:37:08.0080 4856 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:37:08.0082 4856 AsyncMac - ok
22:37:08.0147 4856 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:37:08.0149 4856 atapi - ok
22:37:08.0246 4856 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:37:08.0248 4856 AtiPcie - ok
22:37:08.0392 4856 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:37:08.0407 4856 b06bdrv - ok
22:37:08.0522 4856 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:37:08.0533 4856 b57nd60a - ok
22:37:08.0631 4856 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:37:08.0632 4856 Beep - ok
22:37:08.0774 4856 BlackBox - ok
22:37:08.0856 4856 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:37:08.0859 4856 blbdrive - ok
22:37:08.0974 4856 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
22:37:08.0977 4856 bowser - ok
22:37:09.0069 4856 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:37:09.0071 4856 BrFiltLo - ok
22:37:09.0139 4856 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:37:09.0141 4856 BrFiltUp - ok
22:37:09.0229 4856 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:37:09.0239 4856 Brserid - ok
22:37:09.0310 4856 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:37:09.0313 4856 BrSerWdm - ok
22:37:09.0407 4856 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:37:09.0408 4856 BrUsbMdm - ok
22:37:09.0473 4856 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:37:09.0475 4856 BrUsbSer - ok
22:37:09.0575 4856 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:37:09.0578 4856 BTHMODEM - ok
22:37:09.0675 4856 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
22:37:09.0677 4856 Cardex - ok
22:37:09.0778 4856 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:37:09.0782 4856 cdfs - ok
22:37:09.0889 4856 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:37:09.0896 4856 cdrom - ok
22:37:09.0999 4856 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:37:10.0002 4856 circlass - ok
22:37:10.0082 4856 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:37:10.0097 4856 CLFS - ok
22:37:10.0221 4856 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:37:10.0223 4856 CmBatt - ok
22:37:10.0296 4856 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:37:10.0298 4856 cmdide - ok
22:37:10.0386 4856 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
22:37:10.0404 4856 CNG - ok
22:37:10.0487 4856 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:37:10.0489 4856 Compbatt - ok
22:37:10.0579 4856 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:37:10.0582 4856 CompositeBus - ok
22:37:10.0679 4856 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:37:10.0681 4856 crcdisk - ok
22:37:10.0811 4856 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
22:37:10.0815 4856 DfsC - ok
22:37:10.0896 4856 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:37:10.0899 4856 discache - ok
22:37:11.0016 4856 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:37:11.0024 4856 Disk - ok
22:37:11.0164 4856 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:37:11.0166 4856 drmkaud - ok
22:37:11.0296 4856 dtsoftbus01 (1cecd1252261153c7873b5d9eb259d65) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:37:11.0305 4856 dtsoftbus01 - ok
22:37:11.0444 4856 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
22:37:11.0469 4856 DXGKrnl - ok
22:37:11.0574 4856 EagleX64 - ok
22:37:11.0762 4856 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:37:11.0861 4856 ebdrv - ok
22:37:11.0991 4856 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:37:12.0016 4856 elxstor - ok
22:37:12.0107 4856 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:37:12.0109 4856 ErrDev - ok
22:37:12.0224 4856 EuMusDesignVirtualAudioCableWdm (932c05033053ada2404fd836c9ab2c70) C:\Windows\system32\DRIVERS\vrtaucbl.sys
22:37:12.0227 4856 EuMusDesignVirtualAudioCableWdm - ok
22:37:12.0313 4856 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:37:12.0319 4856 exfat - ok
22:37:12.0640 4856 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:37:12.0664 4856 fastfat - ok
22:37:13.0047 4856 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:37:13.0050 4856 fdc - ok
22:37:13.0247 4856 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:37:13.0251 4856 FileInfo - ok
22:37:13.0340 4856 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:37:13.0357 4856 Filetrace - ok
22:37:13.0542 4856 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:37:13.0544 4856 flpydisk - ok
22:37:13.0646 4856 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:37:13.0653 4856 FltMgr - ok
22:37:13.0742 4856 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:37:13.0744 4856 FsDepends - ok
22:37:13.0811 4856 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:37:13.0813 4856 Fs_Rec - ok
22:37:13.0914 4856 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
22:37:13.0921 4856 fvevol - ok
22:37:14.0010 4856 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:37:14.0011 4856 gagp30kx - ok
22:37:14.0099 4856 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:37:14.0102 4856 GEARAspiWDM - ok
22:37:14.0182 4856 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:37:14.0185 4856 hcw85cir - ok
22:37:14.0301 4856 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:37:14.0312 4856 HdAudAddService - ok
22:37:14.0411 4856 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:37:14.0415 4856 HDAudBus - ok
22:37:14.0481 4856 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:37:14.0482 4856 HidBatt - ok
22:37:14.0551 4856 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:37:14.0555 4856 HidBth - ok
22:37:14.0637 4856 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:37:14.0640 4856 HidIr - ok
22:37:14.0783 4856 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:37:14.0785 4856 HidUsb - ok
22:37:14.0921 4856 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:37:14.0925 4856 HpSAMD - ok
22:37:15.0056 4856 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:37:15.0082 4856 HTTP - ok
22:37:15.0169 4856 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:37:15.0171 4856 hwpolicy - ok
22:37:15.0283 4856 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:37:15.0287 4856 i8042prt - ok
22:37:15.0404 4856 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
22:37:15.0417 4856 iaStorV - ok
22:37:15.0569 4856 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:37:15.0571 4856 iirsp - ok
22:37:15.0652 4856 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:37:15.0655 4856 intelide - ok
22:37:15.0747 4856 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:37:15.0750 4856 intelppm - ok
22:37:15.0835 4856 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:37:15.0839 4856 IpFilterDriver - ok
22:37:15.0922 4856 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:37:15.0926 4856 IPMIDRV - ok
22:37:16.0000 4856 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:37:16.0006 4856 IPNAT - ok
22:37:16.0130 4856 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:37:16.0136 4856 IRENUM - ok
22:37:16.0218 4856 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:37:16.0220 4856 isapnp - ok
22:37:16.0306 4856 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:37:16.0314 4856 iScsiPrt - ok
22:37:16.0548 4856 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:37:16.0551 4856 kbdclass - ok
22:37:16.0655 4856 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:37:16.0658 4856 kbdhid - ok
22:37:16.0771 4856 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
22:37:16.0775 4856 KSecDD - ok
22:37:17.0040 4856 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
22:37:17.0090 4856 KSecPkg - ok
22:37:17.0186 4856 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:37:17.0188 4856 ksthunk - ok
22:37:17.0311 4856 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
22:37:17.0313 4856 LGBusEnum - ok
22:37:17.0412 4856 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
22:37:17.0414 4856 LGVirHid - ok
22:37:17.0522 4856 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:37:17.0525 4856 lltdio - ok
22:37:17.0653 4856 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:37:17.0658 4856 LSI_FC - ok
22:37:17.0771 4856 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:37:17.0775 4856 LSI_SAS - ok
22:37:17.0865 4856 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:37:17.0870 4856 LSI_SAS2 - ok
22:37:17.0973 4856 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:37:17.0977 4856 LSI_SCSI - ok
22:37:18.0089 4856 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:37:18.0093 4856 luafv - ok
22:37:18.0227 4856 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
22:37:18.0229 4856 MBAMProtector - ok
22:37:18.0343 4856 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:37:18.0345 4856 megasas - ok
22:37:18.0429 4856 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:37:18.0440 4856 MegaSR - ok
22:37:18.0541 4856 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:37:18.0543 4856 Modem - ok
22:37:18.0643 4856 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:37:18.0648 4856 monitor - ok
22:37:18.0750 4856 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:37:18.0753 4856 mouclass - ok
22:37:18.0852 4856 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:37:18.0854 4856 mouhid - ok
22:37:18.0925 4856 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:37:18.0929 4856 mountmgr - ok
22:37:19.0003 4856 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:37:19.0009 4856 mpio - ok
22:37:19.0136 4856 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:37:19.0140 4856 mpsdrv - ok
22:37:19.0234 4856 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:37:19.0240 4856 MRxDAV - ok
22:37:19.0337 4856 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:37:19.0343 4856 mrxsmb - ok
22:37:19.0425 4856 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:37:19.0437 4856 mrxsmb10 - ok
22:37:19.0531 4856 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:37:19.0538 4856 mrxsmb20 - ok
22:37:19.0612 4856 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:37:19.0615 4856 msahci - ok
22:37:19.0704 4856 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:37:19.0709 4856 msdsm - ok
22:37:19.0787 4856 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:37:19.0790 4856 Msfs - ok
22:37:19.0872 4856 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:37:19.0873 4856 mshidkmdf - ok
22:37:19.0953 4856 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:37:19.0954 4856 msisadrv - ok
22:37:20.0051 4856 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:37:20.0053 4856 MSKSSRV - ok
22:37:20.0149 4856 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:37:20.0151 4856 MSPCLOCK - ok
22:37:20.0242 4856 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:37:20.0244 4856 MSPQM - ok
22:37:20.0338 4856 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:37:20.0350 4856 MsRPC - ok
22:37:20.0449 4856 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:37:20.0451 4856 mssmbios - ok
22:37:20.0545 4856 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:37:20.0547 4856 MSTEE - ok
22:37:20.0630 4856 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:37:20.0632 4856 MTConfig - ok
22:37:20.0779 4856 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
22:37:20.0781 4856 MTsensor - ok
22:37:20.0896 4856 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:37:20.0900 4856 Mup - ok
22:37:21.0008 4856 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:37:21.0019 4856 NativeWifiP - ok
22:37:21.0155 4856 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:37:21.0190 4856 NDIS - ok
22:37:21.0291 4856 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:37:21.0294 4856 NdisCap - ok
22:37:21.0389 4856 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:37:21.0391 4856 NdisTapi - ok
22:37:21.0514 4856 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:37:21.0517 4856 Ndisuio - ok
22:37:21.0614 4856 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:37:21.0620 4856 NdisWan - ok
22:37:21.0711 4856 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:37:21.0714 4856 NDProxy - ok
22:37:21.0811 4856 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:37:21.0814 4856 NetBIOS - ok
22:37:21.0896 4856 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:37:21.0906 4856 NetBT - ok
22:37:22.0029 4856 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:37:22.0032 4856 nfrd960 - ok
22:37:22.0172 4856 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:37:22.0175 4856 Npfs - ok
22:37:22.0286 4856 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:37:22.0288 4856 nsiproxy - ok
22:37:22.0457 4856 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
22:37:22.0505 4856 Ntfs - ok
22:37:22.0603 4856 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:37:22.0605 4856 Null - ok
22:37:22.0729 4856 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
22:37:22.0742 4856 NVENETFD - ok
22:37:23.0207 4856 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:37:23.0549 4856 nvlddmkm - ok
22:37:23.0650 4856 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
22:37:23.0653 4856 nvraid - ok
22:37:23.0739 4856 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
22:37:23.0745 4856 nvstor - ok
22:37:23.0849 4856 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:37:23.0854 4856 nv_agp - ok
22:37:23.0929 4856 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:37:23.0936 4856 ohci1394 - ok
22:37:24.0085 4856 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:37:24.0089 4856 Parport - ok
22:37:24.0161 4856 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:37:24.0165 4856 partmgr - ok
22:37:24.0256 4856 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:37:24.0263 4856 pci - ok
22:37:24.0354 4856 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:37:24.0356 4856 pciide - ok
22:37:24.0449 4856 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:37:24.0457 4856 pcmcia - ok
22:37:24.0549 4856 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:37:24.0552 4856 pcw - ok
22:37:24.0650 4856 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:37:24.0679 4856 PEAUTH - ok
22:37:24.0810 4856 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:37:24.0814 4856 PptpMiniport - ok
22:37:24.0891 4856 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:37:24.0894 4856 Processor - ok
22:37:24.0992 4856 PROCEXP151 - ok
22:37:25.0103 4856 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:37:25.0110 4856 Psched - ok
22:37:25.0257 4856 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:37:25.0294 4856 ql2300 - ok
22:37:25.0379 4856 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:37:25.0384 4856 ql40xx - ok
22:37:25.0461 4856 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:37:25.0464 4856 QWAVEdrv - ok
22:37:25.0534 4856 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:37:25.0536 4856 RasAcd - ok
22:37:25.0624 4856 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:37:25.0627 4856 RasAgileVpn - ok
22:37:25.0728 4856 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:37:25.0733 4856 Rasl2tp - ok
22:37:25.0844 4856 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:37:25.0848 4856 RasPppoe - ok
22:37:25.0948 4856 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:37:25.0952 4856 RasSstp - ok
22:37:26.0041 4856 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:37:26.0051 4856 rdbss - ok
22:37:26.0128 4856 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:37:26.0131 4856 rdpbus - ok
22:37:26.0207 4856 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:37:26.0212 4856 RDPCDD - ok
22:37:26.0323 4856 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:37:26.0325 4856 RDPENCDD - ok
22:37:26.0407 4856 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:37:26.0411 4856 RDPREFMP - ok
22:37:26.0498 4856 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
22:37:26.0510 4856 RDPWD - ok
22:37:26.0615 4856 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:37:26.0622 4856 rdyboost - ok
22:37:26.0768 4856 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:37:26.0772 4856 rspndr - ok
22:37:26.0865 4856 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:37:26.0872 4856 RTL8167 - ok
22:37:26.0948 4856 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:37:26.0953 4856 sbp2port - ok
22:37:27.0041 4856 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:37:27.0045 4856 scfilter - ok
22:37:27.0256 4856 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:37:27.0307 4856 secdrv - ok
22:37:27.0484 4856 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:37:27.0487 4856 Serenum - ok
22:37:27.0603 4856 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:37:27.0607 4856 Serial - ok
22:37:27.0703 4856 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:37:27.0705 4856 sermouse - ok
22:37:27.0814 4856 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:37:27.0816 4856 sffdisk - ok
22:37:27.0889 4856 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:37:27.0891 4856 sffp_mmc - ok
22:37:27.0965 4856 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:37:27.0967 4856 sffp_sd - ok
22:37:28.0048 4856 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:37:28.0050 4856 sfloppy - ok
22:37:28.0138 4856 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:37:28.0141 4856 SiSRaid2 - ok
22:37:28.0227 4856 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:37:28.0230 4856 SiSRaid4 - ok
22:37:28.0328 4856 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:37:28.0333 4856 Smb - ok
22:37:28.0430 4856 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:37:28.0432 4856 spldr - ok
22:37:28.0598 4856 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
22:37:28.0599 4856 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
22:37:28.0613 4856 sptd ( LockedFile.Multi.Generic ) - warning
22:37:28.0614 4856 sptd - detected LockedFile.Multi.Generic (1)
22:37:28.0726 4856 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
22:37:28.0761 4856 srv - ok
22:37:28.0873 4856 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
22:37:28.0885 4856 srv2 - ok
22:37:28.0983 4856 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
22:37:28.0989 4856 srvnet - ok
22:37:29.0107 4856 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:37:29.0109 4856 stexstor - ok
22:37:29.0207 4856 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:37:29.0209 4856 swenum - ok
22:37:29.0304 4856 TBPanel - ok
22:37:29.0456 4856 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
22:37:29.0524 4856 Tcpip - ok
22:37:29.0699 4856 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
22:37:29.0712 4856 TCPIP6 - ok
22:37:29.0802 4856 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:37:29.0805 4856 tcpipreg - ok
22:37:29.0910 4856 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:37:29.0914 4856 TDPIPE - ok
22:37:29.0982 4856 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:37:29.0985 4856 TDTCP - ok
22:37:30.0072 4856 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:37:30.0077 4856 tdx - ok
22:37:30.0153 4856 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:37:30.0156 4856 TermDD - ok
22:37:30.0247 4856 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:37:30.0250 4856 tssecsrv - ok
22:37:30.0347 4856 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:37:30.0352 4856 tunnel - ok
22:37:30.0417 4856 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:37:30.0421 4856 uagp35 - ok
22:37:30.0492 4856 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:37:30.0503 4856 udfs - ok
22:37:30.0595 4856 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:37:30.0599 4856 uliagpkx - ok
22:37:30.0691 4856 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:37:30.0694 4856 umbus - ok
22:37:30.0761 4856 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:37:30.0762 4856 UmPass - ok
22:37:30.0844 4856 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
22:37:30.0849 4856 UnlockerDriver5 - ok
22:37:30.0966 4856 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:37:30.0969 4856 USBAAPL64 - ok
22:37:31.0087 4856 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
22:37:31.0091 4856 usbaudio - ok
22:37:31.0160 4856 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
22:37:31.0164 4856 usbccgp - ok
22:37:31.0237 4856 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:37:31.0241 4856 usbcir - ok
22:37:31.0329 4856 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
22:37:31.0332 4856 usbehci - ok
22:37:31.0448 4856 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
22:37:31.0460 4856 usbhub - ok
22:37:31.0553 4856 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
22:37:31.0555 4856 usbohci - ok
22:37:31.0627 4856 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:37:31.0629 4856 usbprint - ok
22:37:31.0702 4856 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:37:31.0706 4856 USBSTOR - ok
22:37:31.0782 4856 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:37:31.0785 4856 usbuhci - ok
22:37:31.0899 4856 VaneFltr (18436f7006443fb76145b3d35162a810) C:\Windows\system32\drivers\Lachesis.sys
22:37:31.0902 4856 VaneFltr - ok
22:37:31.0992 4856 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:37:31.0994 4856 vdrvroot - ok
22:37:32.0095 4856 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:37:32.0098 4856 vga - ok
22:37:32.0180 4856 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:37:32.0182 4856 VgaSave - ok
22:37:32.0262 4856 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:37:32.0269 4856 vhdmp - ok
22:37:32.0432 4856 VIAHdAudAddService (574b29f436c4c63d37020c6e570a7528) C:\Windows\system32\drivers\viahduaa.sys
22:37:32.0492 4856 VIAHdAudAddService - ok
22:37:32.0576 4856 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:37:32.0577 4856 viaide - ok
22:37:32.0644 4856 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:37:32.0651 4856 volmgr - ok
22:37:32.0749 4856 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:37:32.0756 4856 volmgrx - ok
22:37:32.0862 4856 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:37:32.0871 4856 volsnap - ok
22:37:32.0970 4856 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:37:32.0976 4856 vsmraid - ok
22:37:33.0069 4856 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:37:33.0071 4856 vwifibus - ok
22:37:33.0171 4856 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:37:33.0173 4856 WacomPen - ok
22:37:33.0308 4856 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:37:33.0312 4856 WANARP - ok
22:37:33.0341 4856 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:37:33.0343 4856 Wanarpv6 - ok
22:37:33.0449 4856 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:37:33.0453 4856 Wd - ok
22:37:33.0538 4856 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:37:33.0555 4856 Wdf01000 - ok
22:37:33.0927 4856 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:37:33.0929 4856 WfpLwf - ok
22:37:34.0032 4856 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:37:34.0035 4856 WIMMount - ok
22:37:34.0192 4856 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:37:34.0195 4856 WinUsb - ok
22:37:34.0267 4856 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:37:34.0270 4856 WmiAcpi - ok
22:37:34.0384 4856 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:37:34.0387 4856 ws2ifsl - ok
22:37:34.0485 4856 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:37:34.0490 4856 WudfPf - ok
22:37:34.0589 4856 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:37:34.0595 4856 WUDFRd - ok
22:37:34.0632 4856 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
22:37:34.0652 4856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:37:34.0652 4856 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:37:34.0684 4856 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:37:34.0684 4856 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:37:34.0706 4856 Boot (0x1200) (351c5fa1038b50972379614fdda473bd) \Device\Harddisk0\DR0\Partition0
22:37:34.0706 4856 \Device\Harddisk0\DR0\Partition0 - ok
22:37:34.0707 4856 ============================================================
22:37:34.0707 4856 Scan finished
22:37:34.0707 4856 ============================================================
22:37:34.0719 3216 Detected object count: 3
22:37:34.0719 3216 Actual detected object count: 3
22:39:01.0263 3216 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:39:01.0263 3216 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:39:01.0349 3216 \Device\Harddisk0\DR0\# - copied to quarantine
22:39:01.0350 3216 \Device\Harddisk0\DR0 - copied to quarantine
22:39:01.0390 3216 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:39:01.0391 3216 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:39:01.0396 3216 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:39:01.0403 3216 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:39:01.0404 3216 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:39:01.0404 3216 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:39:01.0405 3216 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:39:01.0407 3216 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:39:01.0408 3216 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:39:01.0409 3216 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:39:01.0452 3216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
22:39:01.0453 3216 \Device\Harddisk0\DR0 - ok
22:39:01.0480 3216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
22:39:01.0481 3216 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:39:01.0481 3216 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-30 23:08:00
Windows 6.1.7600
Running: v2z9dwof.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0xF9 0xED 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x49 0x50 0xD2 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x56 0x74 0x06 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0xF9 0xED 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x49 0x50 0xD2 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x56 0x74 0x06 0xD4 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\9852[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\pixel[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\visit[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\fw-nonplayer-banner[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\market[1].xml 10576 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\31TBCAZTLX19CA1Y9K2NCA6AVYE5CANUAI7CCA0BL1U3CAGAV4GFCAS4RD8JCA7358TFCAXAA6E9CAF1ZC7HCAI8M9XDCAN5W0GQCABBZ8GUCAJXH0VZCAVZ1TFFCAC5XLSS.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\AdaptvAdserverVastVideoVPR[2].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\track[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\DWXDCAQS4L7PCAEKVNFGCANP4S0BCA9T6AP7CA0V3UOHCA2MH3EBCAAD0LEGCAX1JL9BCA5F4TJKCAP5ZP3MCAVN3K46CAD0MUU5CA01ZFWBCA0MQLSCCACL541QCA41724R.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\creative[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\604PCACXJOTPCAIBUCKCCA2604V8CAHYGZB3CAYH1P56CAS3H79XCAGOYYG9CAX3TYAUCALAMMTPCAZWVKCBCAA6YMT1CA0BNJ67CA6HP71DCA0AGL61CAP3JQFXCAVOVP33.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\b[2].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\MyspaceCP[1].jpg 83369 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\sync[1].gif 42 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\8JGWCAYOQ99CCAJRXBS4CAY73RB8CAG1TV2RCAQX1V1BCA81J3D5CAXC2V6BCA5267GSCA52ZBCICAPMBJ3VCAACCRHJCAQ5YKIFCA5B8O58CAM8UYA7CA368AUMCAL0SHOJ.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\log.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\log[10].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\log[11].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\log[8].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\log[9].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\KTI0CAB2D9G8CA2V61P9CA3XIZ44CA39ILD8CAD4SE6OCA5YL1F2CAODOGFOCAJVR7ABCAZU67FOCAW2NFM3CAJ2RDIMCALXYH49CA3J7CNLCAZW3IVKCA63SEHGCAK61SV2.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\XS2GCAWM6Z09CA2LSBCVCADCXU6KCA0GEQQACAGGBW6ACA16D3BSCAPB5APDCAU9FKWHCADZU2LACAP3M0WFCA8U7FMLCA6VRETSCALGAINDCAERSZ2VCAGUJDTQCA4KGANK.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\r[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\s-60[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\s60[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SAR2VDA\VastVpaidShim[2].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\20120131035309[1].htm 7660 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\0CJBCA1U3I68CAG8DHH4CAF87DFSCAXOTLM9CAGFI13VCA8SRFJOCAH7PBHLCA81M68NCAVAD8KKCAR5QHTSCA0N9UGWCAKSN07WCASI7W7HCA6JCCEVCAFBKH4YCAZJ6PX6.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\0e8e7af2a7f4ad06a864ce5331d74296[1].js 59717 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\0F11CAG3AM2LCAW0V5GGCANY58VVCABMM00VCA00EY8FCAP02LHWCANR1GKNCAND0B9KCAVC1X5ICAS4CLWPCA5DIETOCA3DKVGPCAW05638CA4CTWKOCAGT8ML9CAFUMM7R.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\11284323152@x96[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\114014889@x23[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\1144167306@x23[1].htm 2191 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\120101_22_BUN_DBL_FeaturesPlus_60_728x90[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\120101_22_BUN_DBL_FeaturesPlus_60_728x90[2].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\1259518194@x23[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\background_coolmint[1].jpg 43281 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\fp[1] 21934 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\1281210461@x96[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\1295485905@x15[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\144167306@x96[1].htm 7475 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\1516CA0WIHMECA33R0SYCAMXL0KNCABD8PPUCAFZFHHACALOQWZ8CA04D9ZBCAGSF3WTCA0IHSJ2CATEOOG9CASA3MG4CADJP06MCA52088XCAFTDX12CAYN6LOJCAIDUGRF.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\1636062818@x96[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\1970169254@x96[1].htm 7479 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\259518194@x96[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\300x250-slipknot-hits-w[1].gif 48793 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\ad[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\ad[2] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\ads[4].js 11877 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\gl[1].js 487 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\g[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\UNCGCAFOUAD7CAV5VAYZCAQISJ47CA9ZYD0QCAIDMWZ0CAUHNTFOCA732NH3CAWR7MHKCADVJA6ECA5WRQZOCAP1P98MCAJW6E3OCA5731BTCAWWERM6CAS049YECAT92O7N.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\user-match[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\usync[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\4195[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\E33SCARQ05GECAJEWU85CAOSSQG6CAMH6SWJCAJHG06RCA2ETXZBCANCPTXNCAZLIIHKCA5FCXLZCAZ7DL64CAYN0WEECA8GJFF8CAYZHWF6CAK5HTPOCA7966SGCALJ3W4D.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\ckhdlr[1].js 1795 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\cms-2-frame[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\createASLId[1].jsp 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\post[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\p[1].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\bullet[1] 3169 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\WDH2CA2706GYCALH580KCASFKS5YCAVU1HDICA188FQLCAYW06BNCAH2FB3BCAQKP1OVCA147XCICAPTX3J1CAGECQKICA0E1KXSCATXK1N9CAQSMNN4CA7D56LXCAY9G157.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\surly[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\surveyPopupControl[1].js 3083 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\swfobject[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\sync[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\sync[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\tap[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\tap[3].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\tap[4].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\tap[5].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\tap[6].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\log[5].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\log[6].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\log[7].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\log[8].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\log[9].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\log.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\log[10].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\log[11].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\log[1].gif 42 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\log[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\512287637@x96[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\yWcn99Bqcinnf7ILrHue[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\log[4].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\skin[1].js 3495 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\srad[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\style[1].css 107794 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\style[2].css 108518 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\KEZ3CAX84HV0CAGVW9KRCA47LIS8CA98MIWPCA7D4QGRCA16TWZSCAP0F84TCA1VA4JKCAATUWXSCA10FVSXCAOGE88RCAKTYHBKCAD3LM03CA1P0AI3CA9D9X8ECA43UWIT.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\20120131035330[1].htm 7660 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\track[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\BrightrollBidHandler[1].txt 21 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\QOBWCAWLK0H3CAMDRA4OCA0PE07VCAMOTJB7CAMKJE48CAMNO3Z2CAI0HDNZCAE6BC3ICABD8J2LCAL1GWAACA6YHYR0CA8XUFAUCABUZY27CACXBFIPCA0XANGICAC395DW.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\qseg[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\892846510@x96[1].htm 7479 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\ZDNZCAL47H24CA86DWEFCAM1P36FCA8OI79KCAY72ZRDCANH7E3UCA8K061NCATJKD42CAYFWDIACAZXTSQQCAF5MFA6CAFI0JI6CAC19EDYCAD61LGXCAJEES7TCAA2Y2F0.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\passback.c.r[1].php 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\HRB_ExtraContent_v1[1].swf 50825 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\httpErrorPagesScripts[1] 8601 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\ie7_visine[1].css 2316 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\iframe2[1].js 19327 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\738677262@x96[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\visit[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\visit[9].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\2064090225@x96[1].htm 7475 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYR3N11Y\2451185_300x250_stp_ON_Tier_2_1-1-12[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\rsiads[1].js 790 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\20120131035310[1].htm 7668 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\fieldgroup[1].css 166 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\BO2ZCAX2UT36CATO5DQPCAVJ8B4KCA5NRSFSCA49N2RZCAEEUTW1CAWDQBHUCANUQ9W0CA0MVHXXCA54EQM7CAI60UEACAJ1R5Q3CABK6AVTCADW33DOCA3193VSCARDNH4N.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\jquery[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\js[1] 835 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\beacon[1].js 1194 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\b[5].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\newVAST[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\DateFunctions[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\1837278438@x23[1].htm 2191 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\pixel_adsafeprotected_com[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\control[2].xml 39194 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\1219829023@x23[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\VastVpaidShim[1].swf 68115 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\qtip[1].css 301 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\log_ad_play[3].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\brightroll[3].bid 21 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\b[4].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\WY6BCA254T7ACAG1MC4BCAMKEYBPCAS0YQO5CA3QIO50CAICJBO2CAF5CWL2CAR3RFXECA6K0MR2CAOOVUUFCAHJ50Y6CAOCYDC0CAYWY6KUCASCZO34CAKZCBWRCAXLMB65.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\node[1].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\P5W7CADQ4GG9CA3KF180CAS5QGQVCA6UFR0ECAH0XTP7CAF00VMJCATSK6VTCAG8MFNACAL25VK5CAMQVH0NCAYXY1CDCA9KEZE5CARV6GVECAD02ZS4CAR6PLC4CAQD7VG2.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\cookiematch[1].htm 124 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\foresee-trigger[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\FormFunctions[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\201201Upgrades012312[1].flv 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\impression[1] 4 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\include[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\skin[1].css 2472 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\stc_imagine_300x250_100705[1].gif 15311 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\P12ZCA58WD6VCAR95SI2CABJXYMSCASW91GVCAY7IP1QCAQKS6S3CAK7YY2KCAPO337HCAVM537DCAS1KAIACA81SLNKCA5PE585CAXI4MIHCA8SPWNGCA8TVZSPCA89D6AE.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\81165_Half.com_Q1_2011_C_Q3_2010_BTS_300x250[1].js 3099 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\84932_Half_2011_Q4_Save_Pink_300x250[1].js 3079 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBA9CX51\Z3A0CAEEZHMVCASGDKI9CAY9APMHCAJAMAXICALEK8FGCA1QRPJ3CAM6LLZWCA6REDS3CAY64WRHCA2BR70CCA8854DACAQVCBFICAVDA7NOCAQNJV18CAKH1J6TCA4QXC5T.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\fpi[2].htm 11250 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\vh[2].htm 2656 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\fw-nonplayer-banner[4].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\fw-nonplayer-banner[7].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\1123331520@Top1[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\1240613577@Top1[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\DRNECAL4TB1NCANTGL3OCAZ0DZJ9CAYPVE9HCAK6ERH7CAH0XHTRCAHZ0RK5CA94QGC1CAIVMUY7CAFUQSC4CA3S3WBRCACHYNCOCAHMORKQCAX4NMFJCAOYN6LJCALXTJ04.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\default_165768-16[1].js 408 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\fw-nonplayer-banner[3].htm 1311 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\1534853655@Top1[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\vh[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\2IHYCAIIL4VMCAL43UUXCAQMR53WCAAIN2ICCAO4AOHHCAPY61PLCAW82EWBCAC2H07DCAOR0WYRCAZE76C0CA1E2LJTCADKQL6ZCA70916NCAPQZRIJCAHSGW0YCADMSR23.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\js[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\KFM9CAETGECBCA8XPUIOCAM2UJDUCA0YY0NOCAIEKQOUCALH41A4CAQA6VVOCAHTIFHGCADGSQTRCAQTATA2CAD62YKSCA4SM8RFCA77X2ZJCA6JUTIFCAIYV3F9CA64FPS8.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\BrightrollBidHandler[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\g_u_if_c[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\7ZEPCA8P0J4UCAU27G3CCAVUKZD8CA4II5R5CAXVN1NPCAEF4X46CAZQLMGICACSG20CCAV28G2GCA30QV3FCAA7I7G7CAUB7LPQCAC15YC4CA2H018HCAR0CCBMCAO72GFU.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\CreativeConfig_13[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\6MR5CAL0R419CA7S8OU2CAJSFEN6CALH1SVKCACH5YGWCAYPVN5SCA6761LXCA7PYR2ZCA7IN1LMCA4ID0FACAVNYVYDCAODSD19CAWCFRHLCAZ8HZQ1CA80FDD3CA4RCCCL.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\6RTBCAWQPS3LCA7VGSXNCADSGF61CA4R9OUBCAGASZCLCAUQYJYFCA1XXYIQCA0520FVCAQWAXVNCA5COT2ICAW17ZX9CAMAID5ICACLDPEYCAQAMQQWCAHGXYR3CA48BHFK.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\Y7R0CA8UY7RBCATAL5J5CAOIJGUQCA6G061NCAPLEHU8CA23I730CA1TXX0HCADA6A0XCAOK84PNCAZ6QV8BCABAWJL1CAQ6MXYACAISAEUZCASPXBV0CAZFGU07CAKDI5UB.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\YOWZCAPYV2OQCAZF33OOCAQ1522UCAYAQF47CAA57W1ICAZABW6XCA74L8WDCABUJ3WCCACGA32KCA1BI3FZCAZA8S3YCA7A2XF8CATVF2OCCA8Y9ZHRCA3XX4OJCAVWHK89.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\ZN3ECA5HA0A6CAB23FZICAYR1YIWCAMLH1S8CAUFNEOTCAMS02NSCA2AUDCOCA1B03STCABOO22UCA9PUVKLCABEZ3AZCAQTPZHSCAJX0SLGCAIQFKCFCAD3T3Z1CATXB8RM.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\TI1OCAGKO0N3CA4WJEGECAB61TFKCATME8GSCAKZY8DZCAD1JGG1CAFUINH6CAB7P1CQCASOE6J3CA9MI8TECA9GQMQ2CAG82MLXCAON7IO3CAH23J7VCAD3VH5GCAN6EFZ8.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\TidalTV_VPAID_V1_0_04[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\Q5L5CALWCF5RCA3J8KBQCAVC04SMCASNDARTCAS72W7UCA3B1JR6CAKFGD2LCA31ZIL0CAVWE62JCABJBNWDCABEKURFCAHYIMPBCAIM3RWJCAPGVJO0CA8DNPF9CA9QI80I.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\QM_NewYear_103568_728x90_122011[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\1652608123@x15[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\set[1].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\st.beta[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\beacon[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\b[2].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\crossdomain[7].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R49AYX1G\GrabOSMFPlayer[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[2].txt 0 bytes

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-30 23:09:36
-----------------------------
23:09:36.543 OS Version: Windows x64 6.1.7600
23:09:36.544 Number of processors: 2 586 0x403
23:09:36.554 ComputerName: PCNS UserName:
23:09:50.361 Initialize success
23:10:57.248 AVAST engine defs: 12013000
23:11:04.158 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
23:11:04.163 Disk 0 Vendor: WDC_WD2500BB-00GUA0 08.02D08 Size: 238475MB BusType: 3
23:11:04.168 Device \Driver\atapi -> MajorFunction fffffa8002c355c4
23:11:04.180 Disk 0 MBR read successfully
23:11:04.185 Disk 0 MBR scan
23:11:04.252 Disk 0 MBR:Pihar-C [Rtk]
23:11:04.266 Disk 0 TDL4@MBR code has been found
23:11:04.275 Disk 0 Windows 7 default MBR code found via API
23:11:04.282 Disk 0 MBR hidden
23:11:04.303 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
23:11:04.308 Disk 0 MBR [TDL4] **ROOTKIT**
23:11:04.311 Disk 0 trace - called modules:
23:11:04.315 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80048c6510]<<25497223.sys >>UNKNOWN [0xfffffa8002c355c4]<<
23:11:04.329 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002868060]
23:11:04.333 3 CLASSPNP.SYS[fffff880013c443f] -> nt!IofCallDriver -> [0xfffffa800282be40]
23:11:04.337 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8002817060]
23:11:04.342 \Driver\atapi[0xfffffa8002a729e0] -> IRP_MJ_CREATE -> 0xfffffa8002c355c4
23:11:06.806 AVAST engine scan C:\Windows
23:11:08.748 AVAST engine scan C:\Windows\system32
23:15:10.513 AVAST engine scan C:\Windows\system32\drivers
23:15:21.504 AVAST engine scan C:\Users\NickStadmiller
23:25:14.460 Disk 0 MBR has been saved successfully to "C:\Users\NickStadmiller\Desktop\MBR.dat"
23:25:14.571 The log file has been saved successfully to "C:\Users\NickStadmiller\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:08 PM

Posted 31 January 2012 - 12:44 AM

Hi

I want you to reboot and run malwarebytes, TDSSkiller and aswmbr once

Post the logs again

Good luck

#5 Ugoff

Ugoff
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 31 January 2012 - 08:42 AM

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.30.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
NickStadmiller :: PCNS [administrator]

Protection: Enabled

1/31/2012 7:20:07 AM
mbam-log-2012-01-31 (07-20-07).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 391775
Time elapsed: 1 hour(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

08:22:01.0097 3936 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
08:22:01.0504 3936 ============================================================
08:22:01.0504 3936 Current date / time: 2012/01/31 08:22:01.0504
08:22:01.0504 3936 SystemInfo:
08:22:01.0504 3936
08:22:01.0504 3936 OS Version: 6.1.7600 ServicePack: 0.0
08:22:01.0504 3936 Product type: Workstation
08:22:01.0504 3936 ComputerName: PCNS
08:22:01.0504 3936 UserName: NickStadmiller
08:22:01.0504 3936 Windows directory: C:\Windows
08:22:01.0504 3936 System windows directory: C:\Windows
08:22:01.0504 3936 Running under WOW64
08:22:01.0504 3936 Processor architecture: Intel x64
08:22:01.0504 3936 Number of processors: 2
08:22:01.0504 3936 Page size: 0x1000
08:22:01.0504 3936 Boot type: Normal boot
08:22:01.0504 3936 ============================================================
08:22:03.0919 3936 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:22:03.0936 3936 \Device\Harddisk0\DR0:
08:22:03.0936 3936 MBR used
08:22:03.0936 3936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
08:22:04.0029 3936 Initialize success
08:22:04.0029 3936 ============================================================
08:22:08.0953 4816 ============================================================
08:22:08.0953 4816 Scan started
08:22:08.0953 4816 Mode: Manual; TDLFS;
08:22:08.0953 4816 ============================================================
08:22:10.0470 4816 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
08:22:10.0475 4816 1394ohci - ok
08:22:10.0598 4816 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
08:22:10.0608 4816 ACPI - ok
08:22:10.0708 4816 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
08:22:10.0708 4816 AcpiPmi - ok
08:22:10.0848 4816 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:22:10.0875 4816 adp94xx - ok
08:22:11.0013 4816 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:22:11.0020 4816 adpahci - ok
08:22:11.0130 4816 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:22:11.0138 4816 adpu320 - ok
08:22:11.0278 4816 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
08:22:11.0295 4816 AFD - ok
08:22:11.0398 4816 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
08:22:11.0400 4816 agp440 - ok
08:22:11.0493 4816 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
08:22:11.0495 4816 aliide - ok
08:22:11.0573 4816 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
08:22:11.0573 4816 amdide - ok
08:22:11.0665 4816 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:22:11.0668 4816 AmdK8 - ok
08:22:11.0775 4816 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:22:11.0778 4816 AmdPPM - ok
08:22:11.0878 4816 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
08:22:11.0880 4816 amdsata - ok
08:22:11.0980 4816 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:22:11.0988 4816 amdsbs - ok
08:22:12.0075 4816 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
08:22:12.0078 4816 amdxata - ok
08:22:12.0180 4816 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
08:22:12.0183 4816 AppID - ok
08:22:12.0295 4816 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:22:12.0340 4816 arc - ok
08:22:12.0635 4816 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:22:12.0640 4816 arcsas - ok
08:22:12.0653 4816 AsIO - ok
08:22:12.0770 4816 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:22:12.0775 4816 AsyncMac - ok
08:22:12.0845 4816 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
08:22:12.0848 4816 atapi - ok
08:22:12.0945 4816 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
08:22:12.0948 4816 AtiPcie - ok
08:22:13.0095 4816 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:22:13.0140 4816 b06bdrv - ok
08:22:13.0265 4816 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:22:13.0275 4816 b57nd60a - ok
08:22:13.0398 4816 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:22:13.0399 4816 Beep - ok
08:22:13.0523 4816 BlackBox - ok
08:22:13.0598 4816 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:22:13.0600 4816 blbdrive - ok
08:22:13.0705 4816 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
08:22:13.0710 4816 bowser - ok
08:22:13.0803 4816 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:22:13.0803 4816 BrFiltLo - ok
08:22:13.0873 4816 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:22:13.0873 4816 BrFiltUp - ok
08:22:14.0000 4816 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:22:14.0010 4816 Brserid - ok
08:22:14.0093 4816 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:22:14.0095 4816 BrSerWdm - ok
08:22:14.0188 4816 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:22:14.0190 4816 BrUsbMdm - ok
08:22:14.0263 4816 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:22:14.0265 4816 BrUsbSer - ok
08:22:14.0358 4816 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:22:14.0360 4816 BTHMODEM - ok
08:22:14.0465 4816 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
08:22:14.0468 4816 Cardex - ok
08:22:14.0553 4816 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:22:14.0555 4816 cdfs - ok
08:22:14.0655 4816 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
08:22:14.0660 4816 cdrom - ok
08:22:14.0765 4816 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:22:14.0768 4816 circlass - ok
08:22:14.0848 4816 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:22:14.0860 4816 CLFS - ok
08:22:14.0988 4816 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:22:14.0988 4816 CmBatt - ok
08:22:15.0053 4816 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
08:22:15.0055 4816 cmdide - ok
08:22:15.0143 4816 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
08:22:15.0160 4816 CNG - ok
08:22:15.0245 4816 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:22:15.0248 4816 Compbatt - ok
08:22:15.0370 4816 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:22:15.0373 4816 CompositeBus - ok
08:22:15.0460 4816 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:22:15.0463 4816 crcdisk - ok
08:22:15.0578 4816 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
08:22:15.0580 4816 DfsC - ok
08:22:15.0653 4816 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:22:15.0658 4816 discache - ok
08:22:15.0748 4816 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:22:15.0750 4816 Disk - ok
08:22:15.0863 4816 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:22:15.0865 4816 drmkaud - ok
08:22:15.0975 4816 dtsoftbus01 (1cecd1252261153c7873b5d9eb259d65) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
08:22:15.0985 4816 dtsoftbus01 - ok
08:22:16.0100 4816 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
08:22:16.0135 4816 DXGKrnl - ok
08:22:16.0240 4816 EagleX64 - ok
08:22:16.0395 4816 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:22:16.0488 4816 ebdrv - ok
08:22:16.0615 4816 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:22:16.0640 4816 elxstor - ok
08:22:16.0733 4816 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
08:22:16.0750 4816 ErrDev - ok
08:22:16.0890 4816 EuMusDesignVirtualAudioCableWdm (932c05033053ada2404fd836c9ab2c70) C:\Windows\system32\DRIVERS\vrtaucbl.sys
08:22:16.0893 4816 EuMusDesignVirtualAudioCableWdm - ok
08:22:16.0995 4816 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:22:17.0003 4816 exfat - ok
08:22:17.0090 4816 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:22:17.0098 4816 fastfat - ok
08:22:17.0198 4816 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:22:17.0200 4816 fdc - ok
08:22:17.0308 4816 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:22:17.0310 4816 FileInfo - ok
08:22:17.0383 4816 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:22:17.0385 4816 Filetrace - ok
08:22:17.0485 4816 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:22:17.0488 4816 flpydisk - ok
08:22:17.0598 4816 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
08:22:17.0640 4816 FltMgr - ok
08:22:17.0735 4816 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:22:17.0738 4816 FsDepends - ok
08:22:17.0813 4816 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:22:17.0815 4816 Fs_Rec - ok
08:22:17.0915 4816 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
08:22:17.0923 4816 fvevol - ok
08:22:18.0013 4816 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:22:18.0015 4816 gagp30kx - ok
08:22:18.0093 4816 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:22:18.0095 4816 GEARAspiWDM - ok
08:22:18.0183 4816 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:22:18.0185 4816 hcw85cir - ok
08:22:18.0300 4816 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
08:22:18.0310 4816 HdAudAddService - ok
08:22:18.0430 4816 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:22:18.0433 4816 HDAudBus - ok
08:22:18.0500 4816 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:22:18.0503 4816 HidBatt - ok
08:22:18.0578 4816 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:22:18.0580 4816 HidBth - ok
08:22:18.0655 4816 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:22:18.0658 4816 HidIr - ok
08:22:18.0768 4816 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
08:22:18.0770 4816 HidUsb - ok
08:22:18.0888 4816 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
08:22:18.0893 4816 HpSAMD - ok
08:22:19.0073 4816 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
08:22:19.0095 4816 HTTP - ok
08:22:19.0185 4816 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
08:22:19.0188 4816 hwpolicy - ok
08:22:19.0293 4816 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:22:19.0295 4816 i8042prt - ok
08:22:19.0413 4816 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
08:22:19.0425 4816 iaStorV - ok
08:22:19.0538 4816 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:22:19.0540 4816 iirsp - ok
08:22:19.0628 4816 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
08:22:19.0630 4816 intelide - ok
08:22:19.0723 4816 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:22:19.0725 4816 intelppm - ok
08:22:19.0808 4816 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:22:19.0813 4816 IpFilterDriver - ok
08:22:19.0915 4816 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:22:19.0918 4816 IPMIDRV - ok
08:22:20.0000 4816 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:22:20.0005 4816 IPNAT - ok
08:22:20.0123 4816 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:22:20.0125 4816 IRENUM - ok
08:22:20.0210 4816 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
08:22:20.0213 4816 isapnp - ok
08:22:20.0290 4816 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
08:22:20.0298 4816 iScsiPrt - ok
08:22:20.0390 4816 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:22:20.0395 4816 kbdclass - ok
08:22:20.0490 4816 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
08:22:20.0493 4816 kbdhid - ok
08:22:20.0561 4816 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
08:22:20.0564 4816 KSecDD - ok
08:22:20.0651 4816 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
08:22:20.0659 4816 KSecPkg - ok
08:22:20.0754 4816 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:22:20.0756 4816 ksthunk - ok
08:22:20.0889 4816 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
08:22:20.0891 4816 LGBusEnum - ok
08:22:20.0981 4816 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
08:22:20.0984 4816 LGVirHid - ok
08:22:21.0091 4816 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:22:21.0094 4816 lltdio - ok
08:22:21.0206 4816 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:22:21.0211 4816 LSI_FC - ok
08:22:21.0306 4816 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:22:21.0311 4816 LSI_SAS - ok
08:22:21.0409 4816 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:22:21.0411 4816 LSI_SAS2 - ok
08:22:21.0509 4816 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:22:21.0514 4816 LSI_SCSI - ok
08:22:21.0666 4816 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:22:21.0671 4816 luafv - ok
08:22:21.0796 4816 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
08:22:21.0799 4816 MBAMProtector - ok
08:22:21.0911 4816 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:22:21.0914 4816 megasas - ok
08:22:21.0996 4816 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:22:22.0006 4816 MegaSR - ok
08:22:22.0134 4816 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:22:22.0139 4816 Modem - ok
08:22:22.0244 4816 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:22:22.0246 4816 monitor - ok
08:22:22.0344 4816 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:22:22.0346 4816 mouclass - ok
08:22:22.0446 4816 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:22:22.0449 4816 mouhid - ok
08:22:22.0526 4816 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
08:22:22.0531 4816 mountmgr - ok
08:22:22.0604 4816 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
08:22:22.0611 4816 mpio - ok
08:22:22.0686 4816 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:22:22.0689 4816 mpsdrv - ok
08:22:22.0769 4816 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
08:22:22.0776 4816 MRxDAV - ok
08:22:22.0889 4816 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:22:22.0894 4816 mrxsmb - ok
08:22:23.0001 4816 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:22:23.0006 4816 mrxsmb10 - ok
08:22:23.0076 4816 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:22:23.0081 4816 mrxsmb20 - ok
08:22:23.0164 4816 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
08:22:23.0166 4816 msahci - ok
08:22:23.0251 4816 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
08:22:23.0259 4816 msdsm - ok
08:22:23.0356 4816 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:22:23.0359 4816 Msfs - ok
08:22:23.0434 4816 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:22:23.0434 4816 mshidkmdf - ok
08:22:23.0506 4816 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
08:22:23.0509 4816 msisadrv - ok
08:22:23.0611 4816 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:22:23.0614 4816 MSKSSRV - ok
08:22:23.0726 4816 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:22:23.0729 4816 MSPCLOCK - ok
08:22:23.0829 4816 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:22:23.0831 4816 MSPQM - ok
08:22:24.0061 4816 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
08:22:24.0131 4816 MsRPC - ok
08:22:24.0226 4816 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:22:24.0229 4816 mssmbios - ok
08:22:24.0321 4816 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:22:24.0324 4816 MSTEE - ok
08:22:24.0406 4816 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:22:24.0409 4816 MTConfig - ok
08:22:24.0531 4816 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
08:22:24.0534 4816 MTsensor - ok
08:22:24.0632 4816 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:22:24.0635 4816 Mup - ok
08:22:24.0742 4816 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:22:24.0752 4816 NativeWifiP - ok
08:22:24.0882 4816 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
08:22:24.0917 4816 NDIS - ok
08:22:25.0010 4816 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:22:25.0012 4816 NdisCap - ok
08:22:25.0115 4816 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:22:25.0117 4816 NdisTapi - ok
08:22:25.0217 4816 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
08:22:25.0220 4816 Ndisuio - ok
08:22:25.0300 4816 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:22:25.0305 4816 NdisWan - ok
08:22:25.0372 4816 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
08:22:25.0375 4816 NDProxy - ok
08:22:25.0472 4816 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:22:25.0475 4816 NetBIOS - ok
08:22:25.0557 4816 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
08:22:25.0565 4816 NetBT - ok
08:22:25.0682 4816 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:22:25.0685 4816 nfrd960 - ok
08:22:25.0782 4816 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:22:25.0785 4816 Npfs - ok
08:22:25.0862 4816 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:22:25.0865 4816 nsiproxy - ok
08:22:26.0027 4816 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
08:22:26.0087 4816 Ntfs - ok
08:22:26.0172 4816 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:22:26.0172 4816 Null - ok
08:22:26.0290 4816 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
08:22:26.0302 4816 NVENETFD - ok
08:22:26.0752 4816 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:22:27.0090 4816 nvlddmkm - ok
08:22:27.0195 4816 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
08:22:27.0200 4816 nvraid - ok
08:22:27.0285 4816 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
08:22:27.0290 4816 nvstor - ok
08:22:27.0402 4816 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
08:22:27.0407 4816 nv_agp - ok
08:22:27.0490 4816 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
08:22:27.0495 4816 ohci1394 - ok
08:22:27.0655 4816 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:22:27.0657 4816 Parport - ok
08:22:27.0730 4816 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
08:22:27.0735 4816 partmgr - ok
08:22:27.0817 4816 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
08:22:27.0825 4816 pci - ok
08:22:27.0907 4816 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
08:22:27.0907 4816 pciide - ok
08:22:27.0992 4816 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:22:28.0002 4816 pcmcia - ok
08:22:28.0077 4816 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:22:28.0080 4816 pcw - ok
08:22:28.0177 4816 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:22:28.0205 4816 PEAUTH - ok
08:22:28.0370 4816 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
08:22:28.0375 4816 PptpMiniport - ok
08:22:28.0470 4816 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:22:28.0472 4816 Processor - ok
08:22:28.0578 4816 PROCEXP151 - ok
08:22:28.0688 4816 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
08:22:28.0693 4816 Psched - ok
08:22:28.0843 4816 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:22:28.0911 4816 ql2300 - ok
08:22:28.0998 4816 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:22:29.0003 4816 ql40xx - ok
08:22:29.0123 4816 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:22:29.0126 4816 QWAVEdrv - ok
08:22:29.0231 4816 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:22:29.0233 4816 RasAcd - ok
08:22:29.0311 4816 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:22:29.0318 4816 RasAgileVpn - ok
08:22:29.0696 4816 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:22:29.0698 4816 Rasl2tp - ok
08:22:29.0918 4816 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:22:29.0923 4816 RasPppoe - ok
08:22:30.0051 4816 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:22:30.0053 4816 RasSstp - ok
08:22:30.0156 4816 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
08:22:30.0188 4816 rdbss - ok
08:22:30.0313 4816 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:22:30.0316 4816 rdpbus - ok
08:22:30.0398 4816 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:22:30.0401 4816 RDPCDD - ok
08:22:30.0473 4816 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:22:30.0476 4816 RDPENCDD - ok
08:22:30.0551 4816 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:22:30.0551 4816 RDPREFMP - ok
08:22:30.0633 4816 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
08:22:30.0638 4816 RDPWD - ok
08:22:30.0751 4816 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
08:22:30.0756 4816 rdyboost - ok
08:22:30.0886 4816 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:22:30.0891 4816 rspndr - ok
08:22:30.0991 4816 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:22:30.0998 4816 RTL8167 - ok
08:22:31.0091 4816 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
08:22:31.0096 4816 sbp2port - ok
08:22:31.0176 4816 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
08:22:31.0178 4816 scfilter - ok
08:22:31.0316 4816 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:22:31.0318 4816 secdrv - ok
08:22:31.0411 4816 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:22:31.0413 4816 Serenum - ok
08:22:31.0581 4816 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:22:31.0583 4816 Serial - ok
08:22:31.0696 4816 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:22:31.0698 4816 sermouse - ok
08:22:31.0791 4816 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
08:22:31.0793 4816 sffdisk - ok
08:22:31.0866 4816 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:22:31.0868 4816 sffp_mmc - ok
08:22:31.0941 4816 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:22:31.0943 4816 sffp_sd - ok
08:22:32.0026 4816 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:22:32.0028 4816 sfloppy - ok
08:22:32.0116 4816 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:22:32.0118 4816 SiSRaid2 - ok
08:22:32.0203 4816 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:22:32.0208 4816 SiSRaid4 - ok
08:22:32.0306 4816 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:22:32.0308 4816 Smb - ok
08:22:32.0391 4816 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:22:32.0393 4816 spldr - ok
08:22:32.0558 4816 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
08:22:32.0558 4816 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
08:22:32.0573 4816 sptd ( LockedFile.Multi.Generic ) - warning
08:22:32.0573 4816 sptd - detected LockedFile.Multi.Generic (1)
08:22:32.0688 4816 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
08:22:32.0706 4816 srv - ok
08:22:32.0816 4816 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
08:22:32.0828 4816 srv2 - ok
08:22:32.0936 4816 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
08:22:32.0941 4816 srvnet - ok
08:22:33.0068 4816 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:22:33.0071 4816 stexstor - ok
08:22:33.0176 4816 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:22:33.0178 4816 swenum - ok
08:22:33.0263 4816 TBPanel - ok
08:22:33.0423 4816 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
08:22:33.0483 4816 Tcpip - ok
08:22:33.0689 4816 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
08:22:33.0704 4816 TCPIP6 - ok
08:22:33.0794 4816 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
08:22:33.0797 4816 tcpipreg - ok
08:22:33.0894 4816 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:22:33.0897 4816 TDPIPE - ok
08:22:33.0959 4816 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:22:33.0962 4816 TDTCP - ok
08:22:34.0039 4816 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
08:22:34.0044 4816 tdx - ok
08:22:34.0112 4816 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
08:22:34.0114 4816 TermDD - ok
08:22:34.0379 4816 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:22:34.0422 4816 tssecsrv - ok
08:22:34.0529 4816 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
08:22:34.0534 4816 tunnel - ok
08:22:34.0602 4816 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:22:34.0604 4816 uagp35 - ok
08:22:34.0692 4816 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
08:22:34.0704 4816 udfs - ok
08:22:34.0797 4816 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
08:22:34.0799 4816 uliagpkx - ok
08:22:34.0892 4816 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
08:22:34.0894 4816 umbus - ok
08:22:34.0952 4816 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:22:34.0957 4816 UmPass - ok
08:22:35.0029 4816 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
08:22:35.0029 4816 UnlockerDriver5 - ok
08:22:35.0199 4816 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
08:22:35.0202 4816 USBAAPL64 - ok
08:22:35.0344 4816 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
08:22:35.0349 4816 usbaudio - ok
08:22:35.0419 4816 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
08:22:35.0424 4816 usbccgp - ok
08:22:35.0497 4816 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
08:22:35.0499 4816 usbcir - ok
08:22:35.0572 4816 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
08:22:35.0574 4816 usbehci - ok
08:22:35.0689 4816 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
08:22:35.0699 4816 usbhub - ok
08:22:35.0779 4816 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
08:22:35.0782 4816 usbohci - ok
08:22:35.0852 4816 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:22:35.0854 4816 usbprint - ok
08:22:35.0944 4816 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:22:35.0947 4816 USBSTOR - ok
08:22:36.0017 4816 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
08:22:36.0019 4816 usbuhci - ok
08:22:36.0124 4816 VaneFltr (18436f7006443fb76145b3d35162a810) C:\Windows\system32\drivers\Lachesis.sys
08:22:36.0127 4816 VaneFltr - ok
08:22:36.0217 4816 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
08:22:36.0219 4816 vdrvroot - ok
08:22:36.0322 4816 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:22:36.0324 4816 vga - ok
08:22:36.0397 4816 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:22:36.0399 4816 VgaSave - ok
08:22:36.0479 4816 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
08:22:36.0487 4816 vhdmp - ok
08:22:36.0645 4816 VIAHdAudAddService (574b29f436c4c63d37020c6e570a7528) C:\Windows\system32\drivers\viahduaa.sys
08:22:36.0690 4816 VIAHdAudAddService - ok
08:22:36.0778 4816 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
08:22:36.0780 4816 viaide - ok
08:22:36.0853 4816 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
08:22:36.0855 4816 volmgr - ok
08:22:36.0943 4816 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
08:22:36.0955 4816 volmgrx - ok
08:22:37.0078 4816 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
08:22:37.0088 4816 volsnap - ok
08:22:37.0180 4816 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:22:37.0185 4816 vsmraid - ok
08:22:37.0270 4816 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:22:37.0273 4816 vwifibus - ok
08:22:37.0355 4816 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:22:37.0358 4816 WacomPen - ok
08:22:37.0493 4816 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:22:37.0495 4816 WANARP - ok
08:22:37.0508 4816 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:22:37.0513 4816 Wanarpv6 - ok
08:22:37.0615 4816 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:22:37.0618 4816 Wd - ok
08:22:37.0718 4816 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:22:37.0745 4816 Wdf01000 - ok
08:22:37.0870 4816 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:22:37.0873 4816 WfpLwf - ok
08:22:37.0943 4816 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:22:37.0945 4816 WIMMount - ok
08:22:38.0078 4816 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
08:22:38.0080 4816 WinUsb - ok
08:22:38.0160 4816 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:22:38.0163 4816 WmiAcpi - ok
08:22:38.0283 4816 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:22:38.0285 4816 ws2ifsl - ok
08:22:38.0378 4816 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
08:22:38.0383 4816 WudfPf - ok
08:22:38.0500 4816 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:22:38.0505 4816 WUDFRd - ok
08:22:38.0533 4816 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:22:38.0620 4816 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:22:38.0620 4816 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:22:38.0630 4816 Boot (0x1200) (351c5fa1038b50972379614fdda473bd) \Device\Harddisk0\DR0\Partition0
08:22:38.0635 4816 \Device\Harddisk0\DR0\Partition0 - ok
08:22:38.0635 4816 ============================================================
08:22:38.0635 4816 Scan finished
08:22:38.0635 4816 ============================================================
08:22:38.0653 1640 Detected object count: 2
08:22:38.0653 1640 Actual detected object count: 2
08:22:46.0707 1640 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:22:46.0707 1640 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
08:22:46.0709 1640 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:22:46.0709 1640 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-30 23:09:36
-----------------------------
23:09:36.543 OS Version: Windows x64 6.1.7600
23:09:36.544 Number of processors: 2 586 0x403
23:09:36.554 ComputerName: PCNS UserName:
23:09:50.361 Initialize success
23:10:57.248 AVAST engine defs: 12013000
23:11:04.158 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
23:11:04.163 Disk 0 Vendor: WDC_WD2500BB-00GUA0 08.02D08 Size: 238475MB BusType: 3
23:11:04.168 Device \Driver\atapi -> MajorFunction fffffa8002c355c4
23:11:04.180 Disk 0 MBR read successfully
23:11:04.185 Disk 0 MBR scan
23:11:04.252 Disk 0 MBR:Pihar-C [Rtk]
23:11:04.266 Disk 0 TDL4@MBR code has been found
23:11:04.275 Disk 0 Windows 7 default MBR code found via API
23:11:04.282 Disk 0 MBR hidden
23:11:04.303 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
23:11:04.308 Disk 0 MBR [TDL4] **ROOTKIT**
23:11:04.311 Disk 0 trace - called modules:
23:11:04.315 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80048c6510]<<25497223.sys >>UNKNOWN [0xfffffa8002c355c4]<<
23:11:04.329 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002868060]
23:11:04.333 3 CLASSPNP.SYS[fffff880013c443f] -> nt!IofCallDriver -> [0xfffffa800282be40]
23:11:04.337 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8002817060]
23:11:04.342 \Driver\atapi[0xfffffa8002a729e0] -> IRP_MJ_CREATE -> 0xfffffa8002c355c4
23:11:06.806 AVAST engine scan C:\Windows
23:11:08.748 AVAST engine scan C:\Windows\system32
23:15:10.513 AVAST engine scan C:\Windows\system32\drivers
23:15:21.504 AVAST engine scan C:\Users\NickStadmiller
23:25:14.460 Disk 0 MBR has been saved successfully to "C:\Users\NickStadmiller\Desktop\MBR.dat"
23:25:14.571 The log file has been saved successfully to "C:\Users\NickStadmiller\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-31 08:23:22
-----------------------------
08:23:22.149 OS Version: Windows x64 6.1.7600
08:23:22.149 Number of processors: 2 586 0x403
08:23:22.149 ComputerName: PCNS UserName:
08:23:22.834 Initialize success
08:23:29.641 AVAST engine defs: 12013000
08:23:36.309 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
08:23:36.314 Disk 0 Vendor: WDC_WD2500BB-00GUA0 08.02D08 Size: 238475MB BusType: 3
08:23:36.339 Disk 0 MBR read successfully
08:23:36.344 Disk 0 MBR scan
08:23:36.351 Disk 0 Windows 7 default MBR code
08:23:36.361 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
08:23:36.371 Service scanning
08:23:38.724 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
08:23:39.406 Modules scanning
08:23:39.414 Disk 0 trace - called modules:
08:23:39.436 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800195a2c0]<<spjn.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
08:23:39.446 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002863790]
08:23:39.454 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8002817e40]
08:23:39.786 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8002814060]
08:23:39.799 \Driver\atapi[0xfffffa80019c0af0] -> IRP_MJ_CREATE -> 0xfffffa800195a2c0
08:23:40.782 AVAST engine scan C:\Windows
08:23:42.842 AVAST engine scan C:\Windows\system32
08:26:28.476 AVAST engine scan C:\Windows\system32\drivers
08:26:39.436 AVAST engine scan C:\Users\NickStadmiller
08:38:18.310 AVAST engine scan C:\ProgramData
08:41:58.709 Disk 0 MBR has been saved successfully to "C:\Users\NickStadmiller\Desktop\MBR.dat"
08:41:58.744 The log file has been saved successfully to "C:\Users\NickStadmiller\Desktop\aswMBR.txt"


Problems seem to be gone.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:08 PM

Posted 31 January 2012 - 12:51 PM

08:22:46.0709 1640 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

I want you to run TDSSkiller again-Select-Delete for TDSS file system

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#7 Ugoff

Ugoff
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 01 February 2012 - 10:57 PM

C:\Program Files (x86)\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.02.2012_11.12.13\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.02.2012_11.12.13\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.02.2012_11.12.13\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.02.2012_11.12.13\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.02.2012_11.12.13\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.01.2012_22.36.46\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.01.2012_22.36.46\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.01.2012_22.36.46\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.01.2012_22.36.46\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.01.2012_22.36.46\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined

MiniToolBox by Farbar Version: 18-01-2012
Ran by NickStadmiller (administrator) on 01-02-2012 at 22:55:29
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



94.63.147.17 www.bing.com


========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : PCNS
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 48-5B-39-AC-06-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b981:da09:f461:684d%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.30(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, February 01, 2012 10:51:28 PM
Lease Expires . . . . . . . . . . : Thursday, February 02, 2012 10:51:27 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 239622969
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-83-F2-5B-48-5B-39-AC-06-C5
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{E374F6B3-A79F-4303-A4EF-B99AB08344D8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c67:2382:bbc1:a70d(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c67:2382:bbc1:a70d%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.145
74.125.225.144
74.125.225.146
74.125.225.147
74.125.225.148


Pinging google.com [74.125.225.112] with 32 bytes of data:
Reply from 74.125.225.112: bytes=32 time=29ms TTL=54
Reply from 74.125.225.112: bytes=32 time=30ms TTL=54

Ping statistics for 74.125.225.112:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 30ms, Average = 29ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=61ms TTL=50
Reply from 209.191.122.70: bytes=32 time=62ms TTL=50

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 61ms, Maximum = 62ms, Average = 61ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 3ms, Average = 3ms
===========================================================================
Interface List
11...48 5b 39 ac 06 c5 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.30 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.30 276
192.168.1.30 255.255.255.255 On-link 192.168.1.30 276
192.168.1.255 255.255.255.255 On-link 192.168.1.30 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.30 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.30 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:1c67:2382:bbc1:a70d/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::1c67:2382:bbc1:a70d/128
On-link
11 276 fe80::b981:da09:f461:684d/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/01/2012 04:28:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9656

Error: (02/01/2012 04:28:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9656

Error: (02/01/2012 04:28:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2012 04:28:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8642

Error: (02/01/2012 04:28:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8642

Error: (02/01/2012 04:28:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2012 04:27:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7644

Error: (02/01/2012 04:27:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7644

Error: (02/01/2012 04:27:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2012 04:27:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6646


System errors:
=============
Error: (01/30/2012 11:35:56 PM) (Source: Service Control Manager) (User: )
Description: The TBPanel service failed to start due to the following error:
%%2

Error: (01/30/2012 11:34:52 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service has reported an invalid current state 0.

Error: (01/30/2012 09:26:06 PM) (Source: Service Control Manager) (User: )
Description: The TBPanel service failed to start due to the following error:
%%2

Error: (01/30/2012 09:25:07 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service has reported an invalid current state 0.

Error: (01/30/2012 04:51:46 PM) (Source: Service Control Manager) (User: )
Description: The TBPanel service failed to start due to the following error:
%%2

Error: (01/30/2012 04:51:42 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0xffffffffc0000005, 0xfffff80002ca3047, 0x0000000000000000, 0x000000007efa0000)C:\Windows\MEMORY.DMP013012-25755-01

Error: (01/30/2012 04:51:37 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:48:27 PM on ?1/?30/?2012 was unexpected.

Error: (01/30/2012 04:45:45 PM) (Source: Service Control Manager) (User: )
Description: The TBPanel service failed to start due to the following error:
%%2

Error: (01/30/2012 04:44:48 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service has reported an invalid current state 0.

Error: (01/30/2012 04:43:23 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (02/01/2012 04:28:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9656

Error: (02/01/2012 04:28:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9656

Error: (02/01/2012 04:28:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2012 04:28:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8642

Error: (02/01/2012 04:28:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8642

Error: (02/01/2012 04:28:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2012 04:27:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7644

Error: (02/01/2012 04:27:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7644

Error: (02/01/2012 04:27:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2012 04:27:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6646


=========================== Installed Programs ============================

7-Zip 9.20
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader 9.4.2 (Version: 9.4.2)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.745.0)
Bonjour (Version: 3.0.0.10)
Camtasia Studio 7 (Version: 7.0.0)
CCleaner (Version: 3.13)
DAEMON Tools Pro (Version: 4.41.0314.0232)
DAEMON Tools Toolbar (Version: 1.1.4.0024)
DivX Web Player (Version: 1.5.0)
EPU-4 Engine (Version: 1.00.33)
ESET Online Scanner v3
FoxTab Media Player
Google Chrome (Version: 16.0.912.77)
HijackThis 2.0.2 (Version: 2.0.2)
iCloud (Version: 1.0.2.17)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Last.fm 1.5.4.27091
Logitech GamePanel Software 3.06.109 (Version: 3.06.109)
Magic Online (Version: 3.00.0000)
Magic Workstation 0.94f
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Mikogo 4 (Version: 4.3)
MiPony 1.5.3 (Version: 1.5.3)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MTG GamePack for Magic Workstation
Mumble 1.2.3 (Version: 1.2.3)
Nexon Game Manager
NVIDIA Display Control Panel (Version: 6.14.11.9745)
NVIDIA Drivers (Version: 1.10.59.37)
NVIDIA PhysX (Version: 9.10.0129)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.11.9745)
Pando Media Booster (Version: 2.3.6.0)
Pandora (Version: 1.3.1)
Platform (Version: 1.34)
Portal 2
QuickTime (Version: 7.68.75.0)
Razer Lachesis (Version: 1.10.0000)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
Remote Mouse version 1.09 (Version: 1.09)
Rosetta Stone Version 3 (Version: 3.4.7.0)
Seagate Dashboard (Version: 1.0.0.809)
Skype™ 5.5 (Version: 5.5.124)
Spotify (Version: 0.8.1.76.g4773b858)
Steam (Version: 1.0.0.0)
System Requirements Lab CYRI (Version: 4.4.26.0)
Team Fortress 2
Titan Quest
Titan Quest: Immortal Throne
Trillian
Unlocker 1.9.1 (Version: 1.9.1)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Ventrilo Client for Windows x64 (Version: 3.0.5.0)
VIA Platform Device Manager (Version: 1.34)
Virtual Audio Cable 4.10
VLC media player 1.0.5 (Version: 1.0.5)
Vtune 7.6
Winamp (Version: 5.572 )
Winamp Detector Plug-in (Version: 1.0.0.1)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 2047.18 MB
Available physical RAM: 918.81 MB
Total Pagefile: 4094.35 MB
Available Pagefile: 2070.17 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.77 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:103.19 GB) NTFS

========================= Users: ========================================

User accounts for \\PCNS

Administrator Guest NickStadmiller


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:08 PM

Posted 02 February 2012 - 12:07 AM

That looks good except for hosts file

Download

http://go.microsoft.com/?linkid=9668866

Run the fixit

Remove tdsskiller,gmer and aswmbr tools.Uninstall eset online scanner from add or remove programs

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Uninstall your java update from add or remove programs and download latest from here

http://www.java.com/en/

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 Ugoff

Ugoff
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 02 February 2012 - 08:43 AM

Thanks for all your help.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:08 PM

Posted 02 February 2012 - 11:19 AM

You're welcome :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users