Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help - Internet search engine results redirecting!!


  • This topic is locked This topic is locked
23 replies to this topic

#1 its-surrey

its-surrey

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 15 February 2012 - 09:08 AM

Hi

I have a Windows 7 Pro (64bit) laptop that has some kind of infection that is redirecting me to random websites when I click on any search results from a search I have run from any search engine (google, yahoo etc).

Nothing else seems to be at fault - normal web browing seems fine, I only get re-directed when clicking on search engine results.

I have scanned with McAfee, Trend, Trend Housecall, Spybot S&D and Malwarebytes. I have even pulled the HDD and scanned the drive from another PC but no software finds anything wrong!

Attached is the DDS log, any help would be appreciated!

Attached Files

  • Attached File  DDS.txt   20.91KB   4 downloads

Edited by its-surrey, 15 February 2012 - 10:18 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 17 February 2012 - 01:31 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 its-surrey

its-surrey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 17 February 2012 - 05:06 AM

I have totally uninstalled Malwarebytes, Spybot S&D, Trend Micro Worry Free Business Security Agent and run COMBOFIX. Log included below. The PC seems to be running fine and without issue, other than the Internet search result re-direct issue previosuly stated.



ComboFix 12-02-13.01 - Administrator 17/02/2012 9:07.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3895.2217 [GMT 0:00]
Running from: c:\users\Administrator.BSC259\Desktop\ComboFix.exe
AV: Trend Micro Security Agent *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Security Agent *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 09:41 . 2012-02-17 09:41 -------- d-----w- c:\users\robin.mar\AppData\Local\temp
2012-02-17 09:41 . 2012-02-17 09:41 -------- d-----w- c:\users\OLD.robin.mar\AppData\Local\temp
2012-02-17 09:41 . 2012-02-17 09:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-17 09:41 . 2012-02-17 09:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-17 09:41 . 2012-02-17 09:41 -------- d-----w- c:\users\administrator.BLUESKY\AppData\Local\temp
2012-02-17 09:41 . 2012-02-17 09:41 -------- d-----w- c:\users\Administrator.BLUE-SKY\AppData\Local\temp
2012-02-17 08:56 . 2010-09-30 23:01 232272 ----a-w- c:\windows\TmNSCIns.dll
2012-02-17 08:56 . 2006-11-02 06:22 525792 ----a-w- c:\windows\DIFxAPI.dll
2012-02-15 13:49 . 2012-02-15 13:49 -------- d-----w- c:\users\Administrator.BSC259\AppData\Roaming\Malwarebytes
2012-02-15 10:22 . 2012-02-15 10:22 -------- d-----w- c:\users\Administrator.BSC259\AppData\Local\Apple
2012-02-07 08:48 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A4524C2-8D47-4FB1-9DAE-79A34AD6111F}\mpengine.dll
2012-02-04 19:50 . 2012-02-04 19:51 -------- d-----w- c:\program files\iTunes
2012-02-04 19:50 . 2012-02-04 19:50 -------- d-----w- c:\program files\iPod
2012-01-30 13:30 . 2012-02-17 08:56 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-01-30 13:30 . 2012-02-17 08:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-27 16:31 . 2012-01-27 16:31 -------- d-----w- c:\windows\PCHEALTH
2012-01-27 16:01 . 2012-01-27 16:01 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-01-27 16:01 . 2012-01-27 16:01 -------- d-----w- c:\users\robin.mar\AppData\Local\Microsoft Help
2012-01-27 16:01 . 2012-01-27 16:38 -------- d-----w- c:\programdata\Microsoft Help
2012-01-27 15:59 . 2012-01-27 15:59 -------- d-----r- C:\MSOCache
2012-01-27 13:36 . 2012-02-15 10:22 -------- d-----w- c:\users\Administrator.BSC259\AppData\Local\Google
2012-01-27 10:38 . 2012-01-27 10:38 -------- d-----w- c:\program files (x86)\RealVNC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-07 18:53 . 2010-12-17 10:17 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-07 18:53 . 2010-12-17 10:17 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-07 18:53 . 2010-12-17 10:17 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-29 05:10 . 2010-12-17 10:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-19 23:23 . 2010-12-17 10:17 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-11-27 00:50 . 2011-11-27 00:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 17:37 . 2011-11-23 17:37 43520 ----a-w- c:\windows\system32\libusb0.dll
2011-11-23 17:37 . 2011-11-23 17:37 37376 ----a-w- c:\windows\SysWow64\libusb0.dll
2011-11-23 17:37 . 2011-11-23 17:37 29184 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-11-23 17:37 . 2011-11-23 17:37 21504 ----a-w- c:\windows\SysWow64\drivers\libusb0.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-15_11.38.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2012-02-15 11:38 37450 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-17 09:45 37450 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-12-17 09:52 . 2012-02-15 11:35 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-17 09:52 . 2012-02-17 09:43 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-17 09:52 . 2012-02-15 11:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-17 09:52 . 2012-02-17 09:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-15 11:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-17 09:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-14 13:35 . 2012-02-15 11:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-14 13:35 . 2012-02-17 09:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-14 13:35 . 2012-02-15 11:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-14 13:35 . 2012-02-17 09:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-14 13:35 . 2012-02-15 11:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-14 13:35 . 2012-02-17 09:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-17 13:01 . 2012-02-17 09:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-17 13:01 . 2012-02-15 10:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-17 13:01 . 2012-02-15 10:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-17 13:01 . 2012-02-17 09:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-03 19:30 . 2012-02-15 16:17 4354 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-426722805-229958640-2584534648-500_UserData.bin
- 2012-02-15 11:35 . 2012-02-15 11:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-17 09:43 . 2012-02-17 09:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-15 11:35 . 2012-02-15 11:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-17 09:43 . 2012-02-17 09:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-20 09:33 . 2012-02-17 08:52 353838 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-12-20 09:33 . 2012-02-07 10:00 353838 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:12 . 2012-02-17 09:43 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-02-15 11:35 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-02-17 09:42 320664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-15 10:41 320664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-12-31 398848]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-06-22 273544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Administrator.BSC259\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2443147354-1565356691-702844211-1193\Scripts\Logon\0\0]
"Script"=pushprinterconnections.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 136176]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs51.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 136176]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-11-23 29184]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-07 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-12-31 9216]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 16:50]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 16:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://toshiba.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.2 8.8.8.8 8.8.4.4
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20111117062234
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-426722805-229958640-2584534648-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,84,26,32,cd,f2,dc,4f,a0,a8,7c,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,84,26,32,cd,f2,dc,4f,a0,a8,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,84,26,32,cd,f2,dc,4f,a0,a8,7c,\
.
[HKEY_USERS\S-1-5-21-426722805-229958640-2584534648-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-426722805-229958640-2584534648-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-426722805-229958640-2584534648-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-426722805-229958640-2584534648-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-426722805-229958640-2584534648-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\RealVNC\VNC4\WinVNC4.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Completion time: 2012-02-17 10:04:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-17 10:04
ComboFix2.txt 2012-02-15 12:01
.
Pre-Run: 61,785,903,104 bytes free
Post-Run: 61,346,603,008 bytes free
.
- - End Of File - - 2CBFB6E97EB37BF7A6EFCE1EBBBCCCAE

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 17 February 2012 - 08:46 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 its-surrey

its-surrey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 18 February 2012 - 02:20 AM

Thanks, I will run those on Monday morning and will report back as I am not near the PC this weekend.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 18 February 2012 - 02:30 AM

thanks for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 its-surrey

its-surrey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 20 February 2012 - 03:58 AM

Running TDSKILLER seems to have cured the problem!!!! Log file below, I am running ASWMR.EXE anyway now...



08:49:18.0363 3120 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
08:49:18.0550 3120 ============================================================
08:49:18.0550 3120 Current date / time: 2012/02/20 08:49:18.0550
08:49:18.0550 3120 SystemInfo:
08:49:18.0550 3120
08:49:18.0550 3120 OS Version: 6.1.7601 ServicePack: 1.0
08:49:18.0550 3120 Product type: Workstation
08:49:18.0550 3120 ComputerName: BSC259
08:49:18.0550 3120 UserName: Administrator
08:49:18.0550 3120 Windows directory: C:\Windows
08:49:18.0550 3120 System windows directory: C:\Windows
08:49:18.0550 3120 Running under WOW64
08:49:18.0550 3120 Processor architecture: Intel x64
08:49:18.0550 3120 Number of processors: 4
08:49:18.0550 3120 Page size: 0x1000
08:49:18.0550 3120 Boot type: Normal boot
08:49:18.0550 3120 ============================================================
08:49:18.0955 3120 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:49:18.0971 3120 \Device\Harddisk0\DR0:
08:49:18.0971 3120 MBR used
08:49:18.0971 3120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D14D000
08:49:18.0971 3120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D215800, BlocksNum 0x1D170030
08:49:19.0018 3120 Initialize success
08:49:19.0018 3120 ============================================================
08:49:26.0974 1096 ============================================================
08:49:26.0974 1096 Scan started
08:49:26.0974 1096 Mode: Manual;
08:49:26.0974 1096 ============================================================
08:49:27.0535 1096 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:49:27.0551 1096 1394ohci - ok
08:49:27.0676 1096 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:49:27.0691 1096 ACPI - ok
08:49:27.0801 1096 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:49:27.0801 1096 AcpiPmi - ok
08:49:27.0925 1096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:49:27.0941 1096 adp94xx - ok
08:49:28.0050 1096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:49:28.0066 1096 adpahci - ok
08:49:28.0159 1096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:49:28.0159 1096 adpu320 - ok
08:49:28.0300 1096 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
08:49:28.0300 1096 AFD - ok
08:49:28.0425 1096 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
08:49:28.0440 1096 AgereSoftModem - ok
08:49:28.0549 1096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:49:28.0549 1096 agp440 - ok
08:49:28.0674 1096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:49:28.0674 1096 aliide - ok
08:49:28.0815 1096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:49:28.0815 1096 amdide - ok
08:49:28.0908 1096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:49:28.0924 1096 AmdK8 - ok
08:49:29.0205 1096 amdkmdag (f05b22ce901fc26ae55a1a27aa674d96) C:\Windows\system32\DRIVERS\atikmdag.sys
08:49:29.0361 1096 amdkmdag - ok
08:49:29.0470 1096 amdkmdap (ed25d58581b5a28593c277f482fccd62) C:\Windows\system32\DRIVERS\atikmpag.sys
08:49:29.0470 1096 amdkmdap - ok
08:49:29.0563 1096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:49:29.0563 1096 AmdPPM - ok
08:49:29.0673 1096 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
08:49:29.0688 1096 amdsata - ok
08:49:29.0797 1096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:49:29.0797 1096 amdsbs - ok
08:49:29.0907 1096 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
08:49:29.0907 1096 amdxata - ok
08:49:30.0031 1096 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:49:30.0031 1096 AppID - ok
08:49:30.0187 1096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:49:30.0187 1096 arc - ok
08:49:30.0281 1096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:49:30.0281 1096 arcsas - ok
08:49:30.0375 1096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:49:30.0375 1096 AsyncMac - ok
08:49:30.0468 1096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:49:30.0468 1096 atapi - ok
08:49:30.0640 1096 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
08:49:30.0655 1096 athr - ok
08:49:30.0952 1096 atikmdag (f05b22ce901fc26ae55a1a27aa674d96) C:\Windows\system32\DRIVERS\atikmdag.sys
08:49:30.0983 1096 atikmdag - ok
08:49:31.0108 1096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:49:31.0108 1096 b06bdrv - ok
08:49:31.0217 1096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:49:31.0217 1096 b57nd60a - ok
08:49:31.0404 1096 BCM43XX (5b5c36b2ec500462a715db6bcbaf5da7) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:49:31.0482 1096 BCM43XX - ok
08:49:31.0576 1096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:49:31.0576 1096 Beep - ok
08:49:31.0685 1096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:49:31.0685 1096 blbdrive - ok
08:49:31.0810 1096 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:49:31.0810 1096 bowser - ok
08:49:31.0888 1096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:49:31.0888 1096 BrFiltLo - ok
08:49:31.0981 1096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:49:31.0981 1096 BrFiltUp - ok
08:49:32.0091 1096 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:49:32.0091 1096 BridgeMP - ok
08:49:32.0184 1096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:49:32.0200 1096 Brserid - ok
08:49:32.0293 1096 BrSerIf (80e52ef092f3dad03e0ee15e64f97245) C:\Windows\system32\DRIVERS\BrSerIf.sys
08:49:32.0293 1096 BrSerIf - ok
08:49:32.0387 1096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:49:32.0387 1096 BrSerWdm - ok
08:49:32.0481 1096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:49:32.0481 1096 BrUsbMdm - ok
08:49:32.0574 1096 BrUsbSer (601cb966fffebc6806626dc8e7aa0ef2) C:\Windows\system32\DRIVERS\BrUsbSer.sys
08:49:32.0574 1096 BrUsbSer - ok
08:49:32.0668 1096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:49:32.0668 1096 BTHMODEM - ok
08:49:32.0839 1096 catchme - ok
08:49:32.0933 1096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:49:32.0933 1096 cdfs - ok
08:49:33.0027 1096 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:49:33.0042 1096 cdrom - ok
08:49:33.0167 1096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:49:33.0167 1096 circlass - ok
08:49:33.0245 1096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:49:33.0245 1096 CLFS - ok
08:49:33.0339 1096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:49:33.0339 1096 CmBatt - ok
08:49:33.0385 1096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:49:33.0385 1096 cmdide - ok
08:49:33.0479 1096 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
08:49:33.0495 1096 CNG - ok
08:49:33.0604 1096 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\Windows\system32\drivers\CHDRT64.sys
08:49:33.0619 1096 CnxtHdAudService - ok
08:49:33.0697 1096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:49:33.0697 1096 Compbatt - ok
08:49:33.0807 1096 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:49:33.0807 1096 CompositeBus - ok
08:49:33.0900 1096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:49:33.0900 1096 crcdisk - ok
08:49:34.0009 1096 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:49:34.0025 1096 CSC - ok
08:49:34.0165 1096 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:49:34.0165 1096 DfsC - ok
08:49:34.0259 1096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:49:34.0259 1096 discache - ok
08:49:34.0368 1096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:49:34.0368 1096 Disk - ok
08:49:34.0477 1096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:49:34.0477 1096 drmkaud - ok
08:49:34.0602 1096 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:49:34.0618 1096 DXGKrnl - ok
08:49:34.0789 1096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:49:34.0852 1096 ebdrv - ok
08:49:34.0961 1096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:49:34.0977 1096 elxstor - ok
08:49:35.0070 1096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:49:35.0070 1096 ErrDev - ok
08:49:35.0164 1096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:49:35.0164 1096 exfat - ok
08:49:35.0257 1096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:49:35.0273 1096 fastfat - ok
08:49:35.0351 1096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:49:35.0351 1096 fdc - ok
08:49:35.0429 1096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:49:35.0429 1096 FileInfo - ok
08:49:35.0507 1096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:49:35.0507 1096 Filetrace - ok
08:49:35.0632 1096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:49:35.0647 1096 flpydisk - ok
08:49:35.0741 1096 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:49:35.0741 1096 FltMgr - ok
08:49:35.0835 1096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:49:35.0850 1096 FsDepends - ok
08:49:35.0928 1096 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:49:35.0928 1096 Fs_Rec - ok
08:49:36.0037 1096 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:49:36.0037 1096 fvevol - ok
08:49:36.0147 1096 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys
08:49:36.0147 1096 FwLnk - ok
08:49:36.0225 1096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:49:36.0225 1096 gagp30kx - ok
08:49:36.0349 1096 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:49:36.0349 1096 GEARAspiWDM - ok
08:49:36.0443 1096 GTUHSBUS (2b68b2a2e7ec92e48ad0f9a3759cf63b) C:\Windows\system32\DRIVERS\gtuhsbus.sys
08:49:36.0443 1096 GTUHSBUS - ok
08:49:36.0537 1096 GTUHSNDISIPXP (deaef2506d03dc2d877ecdbf49c5b1c6) C:\Windows\system32\DRIVERS\gtuhs51.sys
08:49:36.0537 1096 GTUHSNDISIPXP - ok
08:49:36.0630 1096 GTUHSSER (9c475f5ed13416ef53eb92d4cca44502) C:\Windows\system32\DRIVERS\gtuhsser.sys
08:49:36.0646 1096 GTUHSSER - ok
08:49:36.0771 1096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:49:36.0771 1096 hcw85cir - ok
08:49:36.0911 1096 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:49:36.0927 1096 HdAudAddService - ok
08:49:37.0020 1096 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:49:37.0020 1096 HDAudBus - ok
08:49:37.0114 1096 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
08:49:37.0114 1096 HECIx64 - ok
08:49:37.0192 1096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:49:37.0192 1096 HidBatt - ok
08:49:37.0285 1096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:49:37.0285 1096 HidBth - ok
08:49:37.0363 1096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:49:37.0363 1096 HidIr - ok
08:49:37.0473 1096 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:49:37.0473 1096 HidUsb - ok
08:49:37.0582 1096 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:49:37.0582 1096 HpSAMD - ok
08:49:37.0675 1096 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:49:37.0691 1096 HTTP - ok
08:49:37.0800 1096 huawei_enumerator (2342e7fecca0d4e31bea5ff6a4e20885) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
08:49:37.0800 1096 huawei_enumerator - ok
08:49:37.0878 1096 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:49:37.0878 1096 hwpolicy - ok
08:49:38.0003 1096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:49:38.0003 1096 i8042prt - ok
08:49:38.0097 1096 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
08:49:38.0112 1096 iaStor - ok
08:49:38.0221 1096 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
08:49:38.0221 1096 iaStorV - ok
08:49:38.0533 1096 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:49:38.0752 1096 igfx - ok
08:49:38.0830 1096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:49:38.0845 1096 iirsp - ok
08:49:38.0955 1096 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
08:49:38.0955 1096 Impcd - ok
08:49:39.0048 1096 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
08:49:39.0064 1096 IntcDAud - ok
08:49:39.0189 1096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:49:39.0189 1096 intelide - ok
08:49:39.0282 1096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:49:39.0298 1096 intelppm - ok
08:49:39.0360 1096 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:49:39.0360 1096 IpFilterDriver - ok
08:49:39.0423 1096 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:49:39.0423 1096 IPMIDRV - ok
08:49:39.0516 1096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:49:39.0532 1096 IPNAT - ok
08:49:39.0657 1096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:49:39.0657 1096 IRENUM - ok
08:49:39.0735 1096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:49:39.0750 1096 isapnp - ok
08:49:39.0844 1096 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:49:39.0844 1096 iScsiPrt - ok
08:49:39.0953 1096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:49:39.0953 1096 kbdclass - ok
08:49:40.0047 1096 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:49:40.0047 1096 kbdhid - ok
08:49:40.0140 1096 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
08:49:40.0140 1096 KSecDD - ok
08:49:40.0249 1096 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
08:49:40.0249 1096 KSecPkg - ok
08:49:40.0343 1096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:49:40.0343 1096 ksthunk - ok
08:49:40.0452 1096 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\Windows\system32\DRIVERS\L1C62x64.sys
08:49:40.0452 1096 L1C - ok
08:49:40.0608 1096 libusb0 (acec35f181075b20a5ef4a71958b13df) C:\Windows\system32\drivers\libusb0.sys
08:49:40.0608 1096 libusb0 - ok
08:49:40.0702 1096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:49:40.0717 1096 lltdio - ok
08:49:40.0873 1096 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
08:49:40.0873 1096 LMIInfo - ok
08:49:40.0983 1096 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
08:49:40.0983 1096 lmimirr - ok
08:49:41.0092 1096 LMIRfsClientNP - ok
08:49:41.0185 1096 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
08:49:41.0185 1096 LMIRfsDriver - ok
08:49:41.0310 1096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:49:41.0326 1096 LSI_FC - ok
08:49:41.0419 1096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:49:41.0419 1096 LSI_SAS - ok
08:49:41.0529 1096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:49:41.0529 1096 LSI_SAS2 - ok
08:49:41.0622 1096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:49:41.0638 1096 LSI_SCSI - ok
08:49:41.0731 1096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:49:41.0731 1096 luafv - ok
08:49:41.0825 1096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:49:41.0825 1096 megasas - ok
08:49:41.0919 1096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:49:41.0919 1096 MegaSR - ok
08:49:42.0028 1096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:49:42.0028 1096 Modem - ok
08:49:42.0106 1096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:49:42.0106 1096 monitor - ok
08:49:42.0199 1096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:49:42.0199 1096 mouclass - ok
08:49:42.0293 1096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:49:42.0293 1096 mouhid - ok
08:49:42.0324 1096 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:49:42.0324 1096 mountmgr - ok
08:49:42.0418 1096 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:49:42.0433 1096 mpio - ok
08:49:42.0511 1096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:49:42.0511 1096 mpsdrv - ok
08:49:42.0621 1096 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:49:42.0636 1096 MRxDAV - ok
08:49:42.0714 1096 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:49:42.0730 1096 mrxsmb - ok
08:49:42.0761 1096 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:49:42.0761 1096 mrxsmb10 - ok
08:49:42.0855 1096 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:49:42.0855 1096 mrxsmb20 - ok
08:49:42.0948 1096 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:49:42.0948 1096 msahci - ok
08:49:43.0042 1096 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:49:43.0042 1096 msdsm - ok
08:49:43.0135 1096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:49:43.0135 1096 Msfs - ok
08:49:43.0229 1096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:49:43.0229 1096 mshidkmdf - ok
08:49:43.0307 1096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:49:43.0307 1096 msisadrv - ok
08:49:43.0416 1096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:49:43.0416 1096 MSKSSRV - ok
08:49:43.0494 1096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:49:43.0494 1096 MSPCLOCK - ok
08:49:43.0588 1096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:49:43.0588 1096 MSPQM - ok
08:49:43.0697 1096 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:49:43.0697 1096 MsRPC - ok
08:49:43.0806 1096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:49:43.0806 1096 mssmbios - ok
08:49:43.0884 1096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:49:43.0884 1096 MSTEE - ok
08:49:43.0978 1096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:49:43.0978 1096 MTConfig - ok
08:49:44.0071 1096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:49:44.0087 1096 Mup - ok
08:49:44.0196 1096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:49:44.0196 1096 NativeWifiP - ok
08:49:44.0321 1096 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:49:44.0337 1096 NDIS - ok
08:49:44.0430 1096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:49:44.0430 1096 NdisCap - ok
08:49:44.0508 1096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:49:44.0508 1096 NdisTapi - ok
08:49:44.0633 1096 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:49:44.0633 1096 Ndisuio - ok
08:49:44.0727 1096 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:49:44.0727 1096 NdisWan - ok
08:49:44.0820 1096 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:49:44.0820 1096 NDProxy - ok
08:49:44.0914 1096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:49:44.0914 1096 NetBIOS - ok
08:49:45.0023 1096 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:49:45.0023 1096 NetBT - ok
08:49:45.0132 1096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:49:45.0132 1096 nfrd960 - ok
08:49:45.0226 1096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:49:45.0241 1096 Npfs - ok
08:49:45.0319 1096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:49:45.0319 1096 nsiproxy - ok
08:49:45.0460 1096 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
08:49:45.0475 1096 Ntfs - ok
08:49:45.0569 1096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:49:45.0569 1096 Null - ok
08:49:45.0663 1096 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
08:49:45.0663 1096 nvraid - ok
08:49:45.0756 1096 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
08:49:45.0772 1096 nvstor - ok
08:49:45.0865 1096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:49:45.0865 1096 nv_agp - ok
08:49:45.0959 1096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:49:45.0959 1096 ohci1394 - ok
08:49:46.0084 1096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:49:46.0084 1096 Parport - ok
08:49:46.0162 1096 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:49:46.0162 1096 partmgr - ok
08:49:46.0224 1096 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:49:46.0224 1096 pci - ok
08:49:46.0318 1096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:49:46.0318 1096 pciide - ok
08:49:46.0396 1096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:49:46.0411 1096 pcmcia - ok
08:49:46.0489 1096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:49:46.0489 1096 pcw - ok
08:49:46.0567 1096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:49:46.0567 1096 PEAUTH - ok
08:49:46.0692 1096 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
08:49:46.0692 1096 PGEffect - ok
08:49:46.0833 1096 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:49:46.0833 1096 PptpMiniport - ok
08:49:46.0926 1096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:49:46.0926 1096 Processor - ok
08:49:47.0035 1096 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:49:47.0035 1096 Psched - ok
08:49:47.0160 1096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:49:47.0191 1096 ql2300 - ok
08:49:47.0285 1096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:49:47.0285 1096 ql40xx - ok
08:49:47.0379 1096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:49:47.0379 1096 QWAVEdrv - ok
08:49:47.0457 1096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:49:47.0457 1096 RasAcd - ok
08:49:47.0550 1096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:49:47.0550 1096 RasAgileVpn - ok
08:49:47.0644 1096 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:49:47.0659 1096 Rasl2tp - ok
08:49:47.0753 1096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:49:47.0753 1096 RasPppoe - ok
08:49:47.0862 1096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:49:47.0862 1096 RasSstp - ok
08:49:47.0956 1096 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:49:47.0971 1096 rdbss - ok
08:49:48.0049 1096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:49:48.0049 1096 rdpbus - ok
08:49:48.0065 1096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:49:48.0065 1096 RDPCDD - ok
08:49:48.0159 1096 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:49:48.0159 1096 RDPDR - ok
08:49:48.0237 1096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:49:48.0237 1096 RDPENCDD - ok
08:49:48.0315 1096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:49:48.0330 1096 RDPREFMP - ok
08:49:48.0424 1096 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:49:48.0424 1096 RDPWD - ok
08:49:48.0533 1096 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:49:48.0533 1096 rdyboost - ok
08:49:48.0658 1096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:49:48.0658 1096 rspndr - ok
08:49:48.0767 1096 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\System32\Drivers\RtsUStor.sys
08:49:48.0767 1096 RSUSBSTOR - ok
08:49:48.0876 1096 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:49:48.0876 1096 s3cap - ok
08:49:48.0970 1096 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:49:48.0985 1096 sbp2port - ok
08:49:49.0079 1096 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:49:49.0079 1096 scfilter - ok
08:49:49.0188 1096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:49:49.0188 1096 secdrv - ok
08:49:49.0282 1096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:49:49.0282 1096 Serenum - ok
08:49:49.0360 1096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:49:49.0360 1096 Serial - ok
08:49:49.0453 1096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:49:49.0453 1096 sermouse - ok
08:49:49.0563 1096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:49:49.0563 1096 sffdisk - ok
08:49:49.0656 1096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:49:49.0656 1096 sffp_mmc - ok
08:49:49.0765 1096 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:49:49.0765 1096 sffp_sd - ok
08:49:49.0843 1096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:49:49.0843 1096 sfloppy - ok
08:49:49.0953 1096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:49:49.0953 1096 SiSRaid2 - ok
08:49:49.0999 1096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:49:50.0015 1096 SiSRaid4 - ok
08:49:50.0062 1096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:49:50.0062 1096 Smb - ok
08:49:50.0155 1096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:49:50.0155 1096 spldr - ok
08:49:50.0218 1096 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:49:50.0218 1096 srv - ok
08:49:50.0311 1096 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:49:50.0327 1096 srv2 - ok
08:49:50.0421 1096 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:49:50.0421 1096 srvnet - ok
08:49:50.0530 1096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:49:50.0530 1096 stexstor - ok
08:49:50.0655 1096 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:49:50.0655 1096 storflt - ok
08:49:50.0748 1096 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:49:50.0748 1096 storvsc - ok
08:49:50.0842 1096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:49:50.0842 1096 swenum - ok
08:49:50.0951 1096 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
08:49:50.0951 1096 SynTP - ok
08:49:51.0123 1096 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
08:49:51.0154 1096 Tcpip - ok
08:49:51.0294 1096 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
08:49:51.0310 1096 TCPIP6 - ok
08:49:51.0403 1096 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:49:51.0403 1096 tcpipreg - ok
08:49:51.0497 1096 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
08:49:51.0513 1096 tdcmdpst - ok
08:49:51.0591 1096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:49:51.0591 1096 TDPIPE - ok
08:49:51.0653 1096 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:49:51.0653 1096 TDTCP - ok
08:49:51.0684 1096 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:49:51.0700 1096 tdx - ok
08:49:51.0793 1096 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:49:51.0793 1096 TermDD - ok
08:49:51.0903 1096 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\Windows\system32\DRIVERS\thpdrv.sys
08:49:51.0903 1096 Thpdrv - ok
08:49:51.0996 1096 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\Windows\system32\DRIVERS\Thpevm.SYS
08:49:51.0996 1096 Thpevm - ok
08:49:52.0090 1096 Tosrfcom - ok
08:49:52.0137 1096 tosrfec (11699d47b3491d86249c168496d55c92) C:\Windows\system32\DRIVERS\tosrfec.sys
08:49:52.0137 1096 tosrfec - ok
08:49:52.0246 1096 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:49:52.0246 1096 tssecsrv - ok
08:49:52.0339 1096 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:49:52.0339 1096 TsUsbFlt - ok
08:49:52.0449 1096 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:49:52.0449 1096 tunnel - ok
08:49:52.0542 1096 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
08:49:52.0542 1096 TVALZ - ok
08:49:52.0636 1096 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
08:49:52.0636 1096 TVALZFL - ok
08:49:52.0698 1096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:49:52.0698 1096 uagp35 - ok
08:49:52.0776 1096 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:49:52.0776 1096 udfs - ok
08:49:52.0885 1096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:49:52.0885 1096 uliagpkx - ok
08:49:52.0995 1096 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:49:52.0995 1096 umbus - ok
08:49:53.0073 1096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:49:53.0088 1096 UmPass - ok
08:49:53.0197 1096 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
08:49:53.0213 1096 USBAAPL64 - ok
08:49:53.0291 1096 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
08:49:53.0291 1096 usbccgp - ok
08:49:53.0385 1096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:49:53.0385 1096 usbcir - ok
08:49:53.0478 1096 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
08:49:53.0494 1096 usbehci - ok
08:49:53.0587 1096 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
08:49:53.0587 1096 usbhub - ok
08:49:53.0665 1096 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
08:49:53.0665 1096 usbohci - ok
08:49:53.0759 1096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:49:53.0759 1096 usbprint - ok
08:49:53.0868 1096 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:49:53.0868 1096 usbscan - ok
08:49:53.0962 1096 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:49:53.0962 1096 USBSTOR - ok
08:49:54.0055 1096 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
08:49:54.0055 1096 usbuhci - ok
08:49:54.0165 1096 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:49:54.0165 1096 usbvideo - ok
08:49:54.0289 1096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:49:54.0289 1096 vdrvroot - ok
08:49:54.0383 1096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:49:54.0383 1096 vga - ok
08:49:54.0477 1096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:49:54.0477 1096 VgaSave - ok
08:49:54.0570 1096 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:49:54.0570 1096 vhdmp - ok
08:49:54.0664 1096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:49:54.0664 1096 viaide - ok
08:49:54.0789 1096 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:49:54.0789 1096 vmbus - ok
08:49:54.0882 1096 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:49:54.0898 1096 VMBusHID - ok
08:49:54.0991 1096 vodafone_K3805-z_dc_enum (1e4d31fec921300c5f262c52f5fcc666) C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
08:49:54.0991 1096 vodafone_K3805-z_dc_enum - ok
08:49:55.0069 1096 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:49:55.0069 1096 volmgr - ok
08:49:55.0179 1096 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:49:55.0179 1096 volmgrx - ok
08:49:55.0272 1096 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:49:55.0272 1096 volsnap - ok
08:49:55.0381 1096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:49:55.0397 1096 vsmraid - ok
08:49:55.0475 1096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:49:55.0475 1096 vwifibus - ok
08:49:55.0569 1096 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:49:55.0569 1096 vwififlt - ok
08:49:55.0678 1096 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:49:55.0678 1096 vwifimp - ok
08:49:55.0771 1096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:49:55.0771 1096 WacomPen - ok
08:49:55.0896 1096 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:49:55.0896 1096 WANARP - ok
08:49:55.0912 1096 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:49:55.0912 1096 Wanarpv6 - ok
08:49:56.0021 1096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:49:56.0021 1096 Wd - ok
08:49:56.0052 1096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:49:56.0068 1096 Wdf01000 - ok
08:49:56.0193 1096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:49:56.0193 1096 WfpLwf - ok
08:49:56.0271 1096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:49:56.0286 1096 WIMMount - ok
08:49:56.0427 1096 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:49:56.0427 1096 WinUsb - ok
08:49:56.0536 1096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:49:56.0536 1096 WmiAcpi - ok
08:49:56.0661 1096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:49:56.0676 1096 ws2ifsl - ok
08:49:56.0770 1096 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:49:56.0785 1096 WudfPf - ok
08:49:56.0895 1096 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:49:56.0895 1096 WUDFRd - ok
08:49:56.0988 1096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:49:57.0019 1096 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
08:49:57.0019 1096 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
08:49:57.0051 1096 Boot (0x1200) (ebc32b4c0fa8a68f9860567a469733aa) \Device\Harddisk0\DR0\Partition0
08:49:57.0051 1096 \Device\Harddisk0\DR0\Partition0 - ok
08:49:57.0066 1096 Boot (0x1200) (5c446e6040e1af5854d8018d34d8b570) \Device\Harddisk0\DR0\Partition1
08:49:57.0066 1096 \Device\Harddisk0\DR0\Partition1 - ok
08:49:57.0066 1096 ============================================================
08:49:57.0066 1096 Scan finished
08:49:57.0066 1096 ============================================================
08:49:57.0082 3360 Detected object count: 1
08:49:57.0082 3360 Actual detected object count: 1
08:50:24.0553 3360 \Device\Harddisk0\DR0\# - copied to quarantine
08:50:24.0553 3360 \Device\Harddisk0\DR0 - copied to quarantine
08:50:25.0458 3360 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
08:50:25.0458 3360 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
08:50:25.0458 3360 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
08:50:25.0458 3360 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
08:50:25.0458 3360 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
08:50:25.0458 3360 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
08:50:25.0458 3360 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
08:50:25.0458 3360 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
08:50:25.0458 3360 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
08:50:25.0474 3360 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:50:25.0474 3360 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:50:25.0474 3360 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:50:25.0474 3360 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:50:25.0474 3360 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
08:50:25.0474 3360 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
08:50:25.0474 3360 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
08:50:25.0489 3360 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
08:50:25.0755 3360 \Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine
08:50:25.0755 3360 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
08:50:25.0755 3360 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
08:50:25.0770 3360 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
08:50:25.0770 3360 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
08:50:25.0770 3360 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
08:50:25.0786 3360 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
08:50:25.0786 3360 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
08:50:25.0864 3360 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
08:50:25.0942 3360 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
08:50:25.0973 3360 \Device\Harddisk0\DR0 - ok
08:50:26.0098 3360 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
08:50:29.0109 3392 Deinitialize success

#8 its-surrey

its-surrey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 20 February 2012 - 04:10 AM

Still seems fine. Thanks so much for your help!! Do I need to remove combofix or anything or is that it?




aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-20 08:56:08
-----------------------------
08:56:08.442 OS Version: Windows x64 6.1.7601 Service Pack 1
08:56:08.442 Number of processors: 4 586 0x2505
08:56:08.442 ComputerName: BSC259 UserName:
08:56:09.472 Initialize success
08:57:01.919 AVAST engine defs: 12022000
08:57:36.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:57:36.255 Disk 0 Vendor: TOSHIBA_ GH10 Size: 476940MB BusType: 3
08:57:36.270 Disk 0 MBR read successfully
08:57:36.270 Disk 0 MBR scan
08:57:36.286 Disk 0 Windows 7 default MBR code
08:57:36.301 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
08:57:36.301 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238234 MB offset 821248
08:57:36.333 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 238304 MB offset 488724480
08:57:36.348 Service scanning
08:58:19.265 Modules scanning
08:58:19.280 Disk 0 trace - called modules:
08:58:19.296 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ACPI.sys iaStor.sys hal.dll
08:58:19.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006983060]
08:58:19.312 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8006982060]
08:58:19.312 5 thpdrv.sys[fffff88001d2bcc0] -> nt!IofCallDriver -> [0xfffffa8004956d10]
08:58:19.312 7 ACPI.sys[fffff88000f777a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004955050]
08:58:20.263 AVAST engine scan C:\Windows
08:58:23.570 AVAST engine scan C:\Windows\system32
09:01:58.572 AVAST engine scan C:\Windows\system32\drivers
09:02:15.248 AVAST engine scan C:\Users\Administrator.BSC259
09:02:32.861 AVAST engine scan C:\ProgramData
09:04:00.611 Scan finished successfully
09:07:02.585 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
09:07:02.632 The log file has been saved successfully to "C:\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 20 February 2012 - 05:21 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 its-surrey

its-surrey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 20 February 2012 - 07:59 AM

Script results below. No issues running. PC seems OK still.


ComboFix 12-02-19.02 - Administrator 20/02/2012 12:33:25.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3895.2070 [GMT 0:00]
Running from: c:\users\Administrator.BSC259\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator.BSC259\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 12:40 . 2012-02-20 12:40 -------- d-----w- c:\users\robin.mar\AppData\Local\temp
2012-02-20 12:40 . 2012-02-20 12:40 -------- d-----w- c:\users\OLD.robin.mar\AppData\Local\temp
2012-02-20 12:40 . 2012-02-20 12:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-20 12:40 . 2012-02-20 12:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-20 12:40 . 2012-02-20 12:40 -------- d-----w- c:\users\administrator.BLUESKY\AppData\Local\temp
2012-02-20 12:40 . 2012-02-20 12:40 -------- d-----w- c:\users\Administrator.BLUE-SKY\AppData\Local\temp
2012-02-20 09:51 . 2012-02-20 09:50 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89622C7E-61AE-4646-8CBF-BE5AC05F8B0D}\gapaengine.dll
2012-02-20 09:51 . 2012-01-05 21:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BFB8346-291A-43CC-BBDB-9DC91737AF0F}\mpengine.dll
2012-02-20 09:48 . 2012-02-20 09:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-02-20 09:48 . 2012-02-20 09:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-20 08:50 . 2012-02-20 08:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-20 08:48 . 2012-02-20 08:48 -------- d-----w- c:\users\Administrator.BSC259\AppData\Local\ElevatedDiagnostics
2012-02-15 13:49 . 2012-02-15 13:49 -------- d-----w- c:\users\Administrator.BSC259\AppData\Roaming\Malwarebytes
2012-02-15 10:22 . 2012-02-15 10:22 -------- d-----w- c:\users\Administrator.BSC259\AppData\Local\Apple
2012-02-07 08:48 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A4524C2-8D47-4FB1-9DAE-79A34AD6111F}\mpengine.dll
2012-02-04 19:50 . 2012-02-04 19:51 -------- d-----w- c:\program files\iTunes
2012-02-04 19:50 . 2012-02-04 19:50 -------- d-----w- c:\program files\iPod
2012-01-30 13:30 . 2012-02-17 08:56 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-01-30 13:30 . 2012-02-17 08:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-27 16:31 . 2012-01-27 16:31 -------- d-----w- c:\windows\PCHEALTH
2012-01-27 16:01 . 2012-01-27 16:01 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-01-27 16:01 . 2012-01-27 16:01 -------- d-----w- c:\users\robin.mar\AppData\Local\Microsoft Help
2012-01-27 16:01 . 2012-01-27 16:38 -------- d-----w- c:\programdata\Microsoft Help
2012-01-27 15:59 . 2012-01-27 15:59 -------- d-----r- C:\MSOCache
2012-01-27 13:36 . 2012-02-15 10:22 -------- d-----w- c:\users\Administrator.BSC259\AppData\Local\Google
2012-01-27 10:38 . 2012-01-27 10:38 -------- d-----w- c:\program files (x86)\RealVNC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-07 18:53 . 2010-12-17 10:17 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-07 18:53 . 2010-12-17 10:17 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-07 18:53 . 2010-12-17 10:17 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-29 05:10 . 2010-12-17 10:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-19 23:23 . 2010-12-17 10:17 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-11-27 00:50 . 2011-11-27 00:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 17:37 . 2011-11-23 17:37 43520 ----a-w- c:\windows\system32\libusb0.dll
2011-11-23 17:37 . 2011-11-23 17:37 37376 ----a-w- c:\windows\SysWow64\libusb0.dll
2011-11-23 17:37 . 2011-11-23 17:37 29184 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-11-23 17:37 . 2011-11-23 17:37 21504 ----a-w- c:\windows\SysWow64\drivers\libusb0.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-12-31 398848]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-06-22 273544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Administrator.BSC259\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2443147354-1565356691-702844211-1193\Scripts\Logon\0\0]
"Script"=pushprinterconnections.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 136176]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs51.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 136176]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-11-23 29184]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-07 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-12-31 9216]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 16:50]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 16:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://toshiba.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.2 8.8.8.8 8.8.4.4
TCP: Interfaces\{82AF04A5-C311-451D-9BD2-3368BE686EE1}: NameServer = 10.0.2.4 8.8.8.8
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20111117062234
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-426722805-229958640-2584534648-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,84,26,32,cd,f2,dc,4f,a0,a8,7c,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,84,26,32,cd,f2,dc,4f,a0,a8,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,84,26,32,cd,f2,dc,4f,a0,a8,7c,\
.
[HKEY_USERS\S-1-5-21-426722805-229958640-2584534648-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-426722805-229958640-2584534648-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-426722805-229958640-2584534648-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-426722805-229958640-2584534648-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-426722805-229958640-2584534648-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\RealVNC\VNC4\WinVNC4.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-02-20 12:57:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-20 12:57
ComboFix2.txt 2012-02-17 10:05
.
Pre-Run: 61,711,777,792 bytes free
Post-Run: 61,561,331,712 bytes free
.
- - End Of File - - 9786E08065E6D528ABE22F0A2F70FD4E

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 20 February 2012 - 03:37 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 its-surrey

its-surrey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 21 February 2012 - 03:56 AM

Adobe AIR
Adobe Reader 9.4.6
Advertising Center
Apple Application Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 2 Deluxe
CDisplay 1.8
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
Diner Dash 2 Restaurant Rescue
ePub DRM Removal
FATE
FlipShare
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
ImagXpress
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java™ 6 Update 17
Jewel Quest II
LogMeIn
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BackItUp
Nero BackItUp and Burn
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero RescueAgent
Nero StartSmart
Nero StartSmart Help
NeroExpress
neroxml
Penguins!
Plants vs. Zombies
Polar Bowler
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Skype Toolbars
Skype™ 5.2
Toshiba Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VLC media player 1.1.6
VNC Free Edition 4.1.3
Vodafone Mobile Broadband
WildTangent Games
WildTangent ORB Game Console
Zuma Deluxe

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 21 February 2012 - 07:30 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.4.6
Advertising Center
Java™ 6 Update 17
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 its-surrey

its-surrey
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 21 February 2012 - 08:13 AM

OK, running through that now. FYI Revo is not seeing a program called "Advertising Center"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 21 February 2012 - 08:18 AM

Hello

FYI Revo is not seeing a program called "Advertising Center"
- most likely removed during our cleaNING



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users