Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/redirect virus HELP!!!!


  • This topic is locked This topic is locked
20 replies to this topic

#1 muchofrustration

muchofrustration

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 19 February 2012 - 08:57 PM

Hi everyone! I've been having computer problems and would like if you could help me fix what's going on. I'm pretty sure I have the redirect virus. I ran DDS and GMER in safemode because while running GMER, the system crashed. I appreciate it if you could help me. Thanks in advance!Attached File  attach.txt   12.75KB   0 downloads

Attached Files

  • Attached File  ark.txt   2.95KB   0 downloads
  • Attached File  dds.txt   10.03KB   2 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 20 February 2012 - 01:30 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 muchofrustration

muchofrustration
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 20 February 2012 - 12:42 PM

Hi Gringo! I've been trying to run combofix in safemode and it keeps telling me that I need an administrator command prompt. What should I do?

Thanks

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 20 February 2012 - 02:07 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 muchofrustration

muchofrustration
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 20 February 2012 - 03:52 PM

TDSS:

15:34:49.0376 0460 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
15:34:49.0703 0460 ============================================================
15:34:49.0703 0460 Current date / time: 2012/02/20 15:34:49.0703
15:34:49.0703 0460 SystemInfo:
15:34:49.0703 0460
15:34:49.0703 0460 OS Version: 6.0.6000 ServicePack: 0.0
15:34:49.0703 0460 Product type: Workstation
15:34:49.0703 0460 ComputerName: SENIOR
15:34:49.0704 0460 UserName: Administrator
15:34:49.0704 0460 Windows directory: C:\Windows
15:34:49.0704 0460 System windows directory: C:\Windows
15:34:49.0704 0460 Processor architecture: Intel x86
15:34:49.0704 0460 Number of processors: 2
15:34:49.0704 0460 Page size: 0x1000
15:34:49.0704 0460 Boot type: Safe boot with network
15:34:49.0704 0460 ============================================================
15:34:51.0273 0460 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:34:51.0276 0460 \Device\Harddisk0\DR0:
15:34:51.0276 0460 MBR used
15:34:51.0276 0460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xD96800, BlocksNum 0xD1FD800
15:34:51.0312 0460 Initialize success
15:34:51.0312 0460 ============================================================
15:34:58.0496 3792 ============================================================
15:34:58.0496 3792 Scan started
15:34:58.0496 3792 Mode: Manual;
15:34:58.0496 3792 ============================================================
15:35:01.0191 3792 .dfsc - ok
15:35:01.0411 3792 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
15:35:01.0416 3792 ACPI - ok
15:35:01.0610 3792 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:35:01.0617 3792 adp94xx - ok
15:35:01.0689 3792 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:35:01.0694 3792 adpahci - ok
15:35:01.0714 3792 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:35:01.0717 3792 adpu160m - ok
15:35:01.0846 3792 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:35:01.0850 3792 adpu320 - ok
15:35:01.0969 3792 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
15:35:01.0974 3792 AFD - ok
15:35:02.0228 3792 AgereSoftModem (2e3abaacbf547abbb5e73a504a56d05a) C:\Windows\system32\DRIVERS\AGRSM.sys
15:35:02.0249 3792 AgereSoftModem - ok
15:35:02.0480 3792 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
15:35:02.0481 3792 agp440 - ok
15:35:02.0540 3792 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:35:02.0542 3792 aic78xx - ok
15:35:02.0579 3792 aliide (63fe281d76c5703f97bc37483db78b51) C:\Windows\system32\drivers\aliide.sys
15:35:02.0580 3792 aliide - ok
15:35:02.0635 3792 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:35:02.0637 3792 amdagp - ok
15:35:02.0790 3792 amdide (654044212c625a4582797b42d4b1bd89) C:\Windows\system32\drivers\amdide.sys
15:35:02.0792 3792 amdide - ok
15:35:02.0858 3792 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:35:02.0859 3792 AmdK7 - ok
15:35:02.0886 3792 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
15:35:02.0887 3792 AmdK8 - ok
15:35:03.0257 3792 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:35:03.0259 3792 arc - ok
15:35:03.0322 3792 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:35:03.0334 3792 arcsas - ok
15:35:03.0387 3792 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
15:35:03.0388 3792 AsyncMac - ok
15:35:03.0556 3792 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
15:35:03.0557 3792 atapi - ok
15:35:03.0724 3792 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:35:03.0728 3792 b57nd60x - ok
15:35:03.0942 3792 BCM43XV (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:35:03.0951 3792 BCM43XV - ok
15:35:03.0972 3792 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:35:03.0982 3792 BCM43XX - ok
15:35:04.0265 3792 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
15:35:04.0266 3792 Beep - ok
15:35:04.0305 3792 blbdrive - ok
15:35:04.0403 3792 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
15:35:04.0405 3792 bowser - ok
15:35:04.0496 3792 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:35:04.0497 3792 BrFiltLo - ok
15:35:04.0613 3792 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:35:04.0614 3792 BrFiltUp - ok
15:35:04.0696 3792 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:35:04.0697 3792 Brserid - ok
15:35:04.0742 3792 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:35:04.0744 3792 BrSerWdm - ok
15:35:04.0780 3792 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:35:04.0781 3792 BrUsbMdm - ok
15:35:04.0901 3792 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:35:04.0902 3792 BrUsbSer - ok
15:35:04.0986 3792 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:35:04.0988 3792 BTHMODEM - ok
15:35:05.0251 3792 catchme - ok
15:35:05.0472 3792 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
15:35:05.0473 3792 cdfs - ok
15:35:05.0544 3792 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
15:35:05.0546 3792 cdrom - ok
15:35:05.0575 3792 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:35:05.0577 3792 circlass - ok
15:35:05.0732 3792 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
15:35:05.0739 3792 CLFS - ok
15:35:05.0840 3792 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
15:35:05.0841 3792 CmBatt - ok
15:35:05.0893 3792 cmdide (ed46b460be318f2411c609dd6f318991) C:\Windows\system32\drivers\cmdide.sys
15:35:05.0894 3792 cmdide - ok
15:35:06.0030 3792 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\Windows\system32\Drivers\COH_Mon.sys
15:35:06.0032 3792 COH_Mon - ok
15:35:06.0079 3792 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
15:35:06.0080 3792 Compbatt - ok
15:35:06.0122 3792 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:35:06.0123 3792 crcdisk - ok
15:35:06.0148 3792 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:35:06.0150 3792 Crusoe - ok
15:35:06.0351 3792 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
15:35:06.0352 3792 CVirtA - ok
15:35:06.0452 3792 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
15:35:06.0454 3792 DfsC - ok
15:35:06.0671 3792 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
15:35:06.0673 3792 disk - ok
15:35:06.0757 3792 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
15:35:06.0758 3792 drmkaud - ok
15:35:06.0829 3792 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
15:35:06.0840 3792 DXGKrnl - ok
15:35:07.0022 3792 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:35:07.0025 3792 E1G60 - ok
15:35:07.0131 3792 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
15:35:07.0134 3792 Ecache - ok
15:35:07.0279 3792 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:35:07.0291 3792 eeCtrl - ok
15:35:07.0508 3792 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:35:07.0513 3792 elxstor - ok
15:35:07.0675 3792 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
15:35:07.0677 3792 EraserUtilDrv11122 - ok
15:35:07.0721 3792 EraserUtilRebootDrv - ok
15:35:07.0897 3792 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
15:35:07.0900 3792 fastfat - ok
15:35:07.0976 3792 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:35:07.0978 3792 fdc - ok
15:35:08.0076 3792 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
15:35:08.0078 3792 FileInfo - ok
15:35:08.0197 3792 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
15:35:08.0199 3792 Filetrace - ok
15:35:08.0245 3792 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:35:08.0246 3792 flpydisk - ok
15:35:08.0263 3792 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
15:35:08.0268 3792 FltMgr - ok
15:35:08.0346 3792 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
15:35:08.0347 3792 Fs_Rec - ok
15:35:08.0476 3792 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:35:08.0478 3792 gagp30kx - ok
15:35:08.0559 3792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:35:08.0561 3792 GEARAspiWDM - ok
15:35:08.0631 3792 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:35:08.0635 3792 HdAudAddService - ok
15:35:08.0760 3792 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:35:08.0761 3792 HDAudBus - ok
15:35:08.0804 3792 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:35:08.0806 3792 HidBth - ok
15:35:08.0873 3792 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:35:08.0875 3792 HidIr - ok
15:35:08.0911 3792 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
15:35:08.0912 3792 HidUsb - ok
15:35:09.0052 3792 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:35:09.0054 3792 HpCISSs - ok
15:35:09.0142 3792 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
15:35:09.0150 3792 HTTP - ok
15:35:09.0191 3792 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:35:09.0192 3792 i2omp - ok
15:35:09.0534 3792 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
15:35:09.0535 3792 i8042prt - ok
15:35:09.0728 3792 ialm (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:35:09.0760 3792 ialm - ok
15:35:09.0917 3792 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:35:09.0922 3792 iaStorV - ok
15:35:10.0094 3792 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:35:10.0126 3792 igfx - ok
15:35:10.0269 3792 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:35:10.0270 3792 iirsp - ok
15:35:10.0537 3792 INSTB32 (6859651f3850196dec2e5ca91774ba24) C:\WINDOWS\TEMP\INSTB32.SYS
15:35:10.0556 3792 INSTB32 - ok
15:35:10.0814 3792 IntcAzAudAddService (0789485ffae865458e0f079dcbf4fcd2) C:\Windows\system32\drivers\RTKVHDA.sys
15:35:10.0840 3792 IntcAzAudAddService - ok
15:35:11.0001 3792 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
15:35:11.0003 3792 intelide - ok
15:35:11.0074 3792 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
15:35:11.0076 3792 intelppm - ok
15:35:11.0155 3792 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:35:11.0157 3792 IpFilterDriver - ok
15:35:11.0279 3792 IpInIp - ok
15:35:11.0327 3792 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:35:11.0329 3792 IPMIDRV - ok
15:35:11.0369 3792 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
15:35:11.0371 3792 IPNAT - ok
15:35:11.0478 3792 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
15:35:11.0479 3792 IRENUM - ok
15:35:11.0616 3792 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:35:11.0617 3792 isapnp - ok
15:35:11.0671 3792 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
15:35:11.0674 3792 iScsiPrt - ok
15:35:11.0699 3792 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:35:11.0701 3792 iteatapi - ok
15:35:11.0764 3792 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:35:11.0766 3792 iteraid - ok
15:35:11.0907 3792 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
15:35:11.0909 3792 kbdclass - ok
15:35:11.0952 3792 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
15:35:11.0953 3792 kbdhid - ok
15:35:12.0025 3792 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
15:35:12.0032 3792 KSecDD - ok
15:35:12.0218 3792 lenovo.smi (63de2c8974f5d528fbc3d6978fd8ad6a) C:\Windows\system32\DRIVERS\smiif32.sys
15:35:12.0219 3792 lenovo.smi - ok
15:35:12.0310 3792 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
15:35:12.0312 3792 lltdio - ok
15:35:12.0370 3792 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
15:35:12.0371 3792 LPCFilter - ok
15:35:12.0495 3792 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:35:12.0497 3792 LSI_FC - ok
15:35:12.0539 3792 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:35:12.0541 3792 LSI_SAS - ok
15:35:12.0569 3792 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:35:12.0572 3792 LSI_SCSI - ok
15:35:12.0611 3792 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
15:35:12.0614 3792 luafv - ok
15:35:12.0743 3792 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
15:35:12.0744 3792 MBAMProtector - ok
15:35:12.0832 3792 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:35:12.0834 3792 megasas - ok
15:35:12.0924 3792 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
15:35:12.0925 3792 Modem - ok
15:35:13.0046 3792 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
15:35:13.0048 3792 monitor - ok
15:35:13.0102 3792 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
15:35:13.0104 3792 mouclass - ok
15:35:13.0169 3792 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
15:35:13.0170 3792 mouhid - ok
15:35:13.0292 3792 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
15:35:13.0294 3792 MountMgr - ok
15:35:13.0337 3792 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:35:13.0340 3792 mpio - ok
15:35:13.0393 3792 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
15:35:13.0395 3792 mpsdrv - ok
15:35:13.0427 3792 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:35:13.0429 3792 Mraid35x - ok
15:35:13.0578 3792 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
15:35:13.0580 3792 MRxDAV - ok
15:35:13.0675 3792 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:35:13.0677 3792 mrxsmb - ok
15:35:13.0717 3792 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:35:13.0721 3792 mrxsmb10 - ok
15:35:13.0874 3792 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:35:13.0876 3792 mrxsmb20 - ok
15:35:13.0912 3792 msahci (0a37a1ba8afe084899bf82eef923daea) C:\Windows\system32\drivers\msahci.sys
15:35:13.0914 3792 msahci - ok
15:35:13.0943 3792 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:35:13.0945 3792 msdsm - ok
15:35:13.0993 3792 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
15:35:13.0995 3792 Msfs - ok
15:35:14.0054 3792 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
15:35:14.0055 3792 msisadrv - ok
15:35:14.0215 3792 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
15:35:14.0216 3792 MSKSSRV - ok
15:35:14.0301 3792 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
15:35:14.0302 3792 MSPCLOCK - ok
15:35:14.0339 3792 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
15:35:14.0340 3792 MSPQM - ok
15:35:14.0377 3792 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
15:35:14.0381 3792 MsRPC - ok
15:35:14.0519 3792 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
15:35:14.0521 3792 mssmbios - ok
15:35:14.0648 3792 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
15:35:14.0649 3792 MSTEE - ok
15:35:14.0676 3792 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
15:35:14.0678 3792 Mup - ok
15:35:14.0844 3792 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
15:35:14.0848 3792 NativeWifiP - ok
15:35:15.0008 3792 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120218.008\NAVENG.SYS
15:35:15.0010 3792 NAVENG - ok
15:35:15.0118 3792 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120218.008\NAVEX15.SYS
15:35:15.0143 3792 NAVEX15 - ok
15:35:15.0309 3792 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
15:35:15.0318 3792 NDIS - ok
15:35:15.0480 3792 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
15:35:15.0481 3792 NdisTapi - ok
15:35:15.0533 3792 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
15:35:15.0534 3792 Ndisuio - ok
15:35:15.0591 3792 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
15:35:15.0594 3792 NdisWan - ok
15:35:15.0616 3792 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
15:35:15.0618 3792 NDProxy - ok
15:35:15.0767 3792 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
15:35:15.0769 3792 NetBIOS - ok
15:35:15.0794 3792 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
15:35:15.0798 3792 netbt - ok
15:35:15.0856 3792 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:35:15.0858 3792 nfrd960 - ok
15:35:15.0883 3792 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
15:35:15.0884 3792 Npfs - ok
15:35:15.0925 3792 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
15:35:15.0926 3792 nsiproxy - ok
15:35:16.0133 3792 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
15:35:16.0151 3792 Ntfs - ok
15:35:16.0293 3792 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:35:16.0294 3792 ntrigdigi - ok
15:35:16.0327 3792 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
15:35:16.0328 3792 Null - ok
15:35:16.0369 3792 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:35:16.0372 3792 nvraid - ok
15:35:16.0403 3792 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:35:16.0405 3792 nvstor - ok
15:35:16.0438 3792 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:35:16.0440 3792 nv_agp - ok
15:35:16.0557 3792 NwlnkFlt - ok
15:35:16.0585 3792 NwlnkFwd - ok
15:35:16.0680 3792 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
15:35:16.0682 3792 ohci1394 - ok
15:35:16.0709 3792 oifuist - ok
15:35:16.0971 3792 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
15:35:16.0973 3792 Parport - ok
15:35:17.0002 3792 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
15:35:17.0004 3792 partmgr - ok
15:35:17.0036 3792 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
15:35:17.0037 3792 Parvdm - ok
15:35:17.0095 3792 PcdrNdisuio - ok
15:35:17.0131 3792 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
15:35:17.0134 3792 pci - ok
15:35:17.0272 3792 pciide (0d852988a68985fa197b7cc9f130f719) C:\Windows\system32\drivers\pciide.sys
15:35:17.0274 3792 pciide - ok
15:35:17.0300 3792 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
15:35:17.0304 3792 pcmcia - ok
15:35:17.0398 3792 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:35:17.0413 3792 PEAUTH - ok
15:35:17.0623 3792 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
15:35:17.0625 3792 PptpMiniport - ok
15:35:17.0678 3792 PROCDD (c9ca089787aa4ca892f2173a8e15c1b0) C:\Windows\system32\DRIVERS\PROCDD.SYS
15:35:17.0680 3792 PROCDD - ok
15:35:17.0718 3792 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:35:17.0719 3792 Processor - ok
15:35:17.0907 3792 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys
15:35:17.0909 3792 psadd - ok
15:35:18.0070 3792 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
15:35:18.0072 3792 PSched - ok
15:35:18.0571 3792 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:35:18.0585 3792 ql2300 - ok
15:35:18.0914 3792 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:35:18.0924 3792 ql40xx - ok
15:35:19.0075 3792 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
15:35:19.0077 3792 QWAVEdrv - ok
15:35:19.0162 3792 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
15:35:19.0163 3792 RasAcd - ok
15:35:19.0197 3792 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:35:19.0199 3792 Rasl2tp - ok
15:35:19.0230 3792 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
15:35:19.0231 3792 RasPppoe - ok
15:35:19.0391 3792 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
15:35:19.0395 3792 rdbss - ok
15:35:19.0422 3792 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:35:19.0423 3792 RDPCDD - ok
15:35:19.0491 3792 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
15:35:19.0495 3792 rdpdr - ok
15:35:19.0520 3792 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
15:35:19.0522 3792 RDPENCDD - ok
15:35:19.0569 3792 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
15:35:19.0573 3792 RDPWD - ok
15:35:19.0855 3792 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
15:35:19.0857 3792 rimmptsk - ok
15:35:19.0899 3792 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
15:35:19.0901 3792 rimsptsk - ok
15:35:19.0956 3792 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
15:35:19.0958 3792 rismxdp - ok
15:35:20.0125 3792 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
15:35:20.0127 3792 rspndr - ok
15:35:20.0221 3792 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
15:35:20.0223 3792 RTL8023xp - ok
15:35:20.0255 3792 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:35:20.0258 3792 sbp2port - ok
15:35:20.0464 3792 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
15:35:20.0466 3792 sdbus - ok
15:35:20.0510 3792 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:35:20.0511 3792 secdrv - ok
15:35:20.0544 3792 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
15:35:20.0546 3792 Serenum - ok
15:35:20.0694 3792 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
15:35:20.0696 3792 Serial - ok
15:35:20.0759 3792 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
15:35:20.0761 3792 sermouse - ok
15:35:20.0808 3792 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
15:35:20.0810 3792 sffdisk - ok
15:35:20.0847 3792 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
15:35:20.0849 3792 sffp_mmc - ok
15:35:21.0009 3792 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
15:35:21.0010 3792 sffp_sd - ok
15:35:21.0034 3792 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
15:35:21.0035 3792 sfloppy - ok
15:35:21.0089 3792 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:35:21.0091 3792 sisagp - ok
15:35:21.0115 3792 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:35:21.0117 3792 SiSRaid2 - ok
15:35:21.0263 3792 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:35:21.0265 3792 SiSRaid4 - ok
15:35:21.0306 3792 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
15:35:21.0308 3792 Smb - ok
15:35:21.0570 3792 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
15:35:21.0582 3792 SPBBCDrv - ok
15:35:21.0738 3792 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
15:35:21.0740 3792 spldr - ok
15:35:21.0855 3792 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS
15:35:21.0860 3792 SRTSP - ok
15:35:22.0059 3792 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS
15:35:22.0064 3792 SRTSPL - ok
15:35:22.0133 3792 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS
15:35:22.0135 3792 SRTSPX - ok
15:35:22.0295 3792 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
15:35:22.0301 3792 srv - ok
15:35:22.0365 3792 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
15:35:22.0368 3792 srv2 - ok
15:35:22.0507 3792 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
15:35:22.0509 3792 srvnet - ok
15:35:22.0589 3792 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
15:35:22.0590 3792 swenum - ok
15:35:22.0635 3792 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:35:22.0637 3792 Symc8xx - ok
15:35:22.0810 3792 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
15:35:22.0813 3792 SymEvent - ok
15:35:22.0898 3792 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
15:35:22.0900 3792 SYMREDRV - ok
15:35:22.0965 3792 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
15:35:22.0969 3792 SYMTDI - ok
15:35:23.0098 3792 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:35:23.0100 3792 Sym_hi - ok
15:35:23.0161 3792 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:35:23.0163 3792 Sym_u3 - ok
15:35:23.0215 3792 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
15:35:23.0219 3792 SynTP - ok
15:35:23.0356 3792 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
15:35:23.0359 3792 SysPlant - ok
15:35:23.0493 3792 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
15:35:23.0508 3792 Tcpip - ok
15:35:23.0682 3792 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
15:35:23.0695 3792 Tcpip6 - ok
15:35:23.0902 3792 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
15:35:23.0903 3792 tcpipreg - ok
15:35:23.0928 3792 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
15:35:23.0930 3792 TDPIPE - ok
15:35:23.0968 3792 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
15:35:23.0969 3792 TDTCP - ok
15:35:23.0992 3792 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
15:35:23.0995 3792 tdx - ok
15:35:24.0200 3792 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows\system32\DRIVERS\teefer2.sys
15:35:24.0202 3792 Teefer2 - ok
15:35:24.0247 3792 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
15:35:24.0249 3792 TermDD - ok
15:35:24.0373 3792 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:35:24.0374 3792 tssecsrv - ok
15:35:24.0569 3792 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
15:35:24.0570 3792 tunmp - ok
15:35:24.0650 3792 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
15:35:24.0651 3792 tunnel - ok
15:35:24.0895 3792 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
15:35:24.0897 3792 tvtfilter - ok
15:35:24.0941 3792 TVTI2C (c254bff0a928ea7d5ccdc2522d56fd01) C:\Windows\system32\DRIVERS\Tvti2c.sys
15:35:24.0943 3792 TVTI2C - ok
15:35:24.0994 3792 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:35:24.0996 3792 uagp35 - ok
15:35:25.0164 3792 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
15:35:25.0169 3792 udfs - ok
15:35:25.0230 3792 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:35:25.0233 3792 uliagpkx - ok
15:35:25.0274 3792 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:35:25.0279 3792 uliahci - ok
15:35:25.0301 3792 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:35:25.0304 3792 UlSata - ok
15:35:25.0458 3792 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:35:25.0461 3792 ulsata2 - ok
15:35:25.0490 3792 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
15:35:25.0492 3792 umbus - ok
15:35:25.0587 3792 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:35:25.0589 3792 USBAAPL - ok
15:35:25.0774 3792 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
15:35:25.0777 3792 usbccgp - ok
15:35:25.0841 3792 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:35:25.0843 3792 usbcir - ok
15:35:25.0894 3792 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
15:35:25.0896 3792 usbehci - ok
15:35:26.0041 3792 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
15:35:26.0045 3792 usbhub - ok
15:35:26.0082 3792 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:35:26.0083 3792 usbohci - ok
15:35:26.0112 3792 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
15:35:26.0115 3792 usbprint - ok
15:35:26.0176 3792 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:35:26.0179 3792 USBSTOR - ok
15:35:26.0333 3792 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:35:26.0334 3792 usbuhci - ok
15:35:26.0388 3792 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:35:26.0390 3792 vga - ok
15:35:26.0416 3792 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
15:35:26.0417 3792 VgaSave - ok
15:35:26.0459 3792 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:35:26.0461 3792 viaagp - ok
15:35:26.0601 3792 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:35:26.0603 3792 ViaC7 - ok
15:35:26.0635 3792 viaide (9fa7c28d7088058cc9796008812f40e5) C:\Windows\system32\drivers\viaide.sys
15:35:26.0637 3792 viaide - ok
15:35:26.0660 3792 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
15:35:26.0662 3792 volmgr - ok
15:35:26.0709 3792 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
15:35:26.0714 3792 volmgrx - ok
15:35:26.0879 3792 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
15:35:26.0885 3792 volsnap - ok
15:35:26.0920 3792 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:35:26.0922 3792 vsmraid - ok
15:35:27.0032 3792 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:35:27.0034 3792 WacomPen - ok
15:35:27.0187 3792 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
15:35:27.0189 3792 Wanarp - ok
15:35:27.0216 3792 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
15:35:27.0218 3792 Wanarpv6 - ok
15:35:27.0281 3792 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:35:27.0282 3792 Wd - ok
15:35:27.0347 3792 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
15:35:27.0356 3792 Wdf01000 - ok
15:35:27.0608 3792 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
15:35:27.0609 3792 WmiAcpi - ok
15:35:27.0721 3792 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
15:35:27.0723 3792 WpdUsb - ok
15:35:27.0777 3792 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\Windows\system32\drivers\wpsdrvnt.sys
15:35:27.0779 3792 WPS - ok
15:35:27.0966 3792 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
15:35:27.0970 3792 WpsHelper - ok
15:35:28.0017 3792 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
15:35:28.0019 3792 ws2ifsl - ok
15:35:28.0083 3792 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:35:28.0086 3792 WUDFRd - ok
15:35:28.0130 3792 MBR (0x1B8) (0a008861322bfac2fe25042550144381) \Device\Harddisk0\DR0
15:35:28.0157 3792 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:35:28.0157 3792 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:35:28.0186 3792 Boot (0x1200) (ec40f309e5cda19de5bbe12e136a2e16) \Device\Harddisk0\DR0\Partition0
15:35:28.0188 3792 \Device\Harddisk0\DR0\Partition0 - ok
15:35:28.0190 3792 ============================================================
15:35:28.0190 3792 Scan finished
15:35:28.0190 3792 ============================================================
15:35:28.0216 3908 Detected object count: 1
15:35:28.0216 3908 Actual detected object count: 1
15:36:08.0956 3908 \Device\Harddisk0\DR0\# - copied to quarantine
15:36:08.0957 3908 \Device\Harddisk0\DR0 - copied to quarantine
15:36:08.0991 3908 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:36:08.0993 3908 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:36:09.0004 3908 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:36:09.0007 3908 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:36:09.0010 3908 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:36:09.0013 3908 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:36:09.0026 3908 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:36:09.0030 3908 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:36:09.0058 3908 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:36:09.0069 3908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:36:09.0070 3908 \Device\Harddisk0\DR0 - ok
15:36:09.0523 3908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:36:16.0857 3816 Deinitialize success


ASWMBR

15:34:49.0376 0460 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
15:34:49.0703 0460 ============================================================
15:34:49.0703 0460 Current date / time: 2012/02/20 15:34:49.0703
15:34:49.0703 0460 SystemInfo:
15:34:49.0703 0460
15:34:49.0703 0460 OS Version: 6.0.6000 ServicePack: 0.0
15:34:49.0703 0460 Product type: Workstation
15:34:49.0703 0460 ComputerName: SENIOR
15:34:49.0704 0460 UserName: Administrator
15:34:49.0704 0460 Windows directory: C:\Windows
15:34:49.0704 0460 System windows directory: C:\Windows
15:34:49.0704 0460 Processor architecture: Intel x86
15:34:49.0704 0460 Number of processors: 2
15:34:49.0704 0460 Page size: 0x1000
15:34:49.0704 0460 Boot type: Safe boot with network
15:34:49.0704 0460 ============================================================
15:34:51.0273 0460 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:34:51.0276 0460 \Device\Harddisk0\DR0:
15:34:51.0276 0460 MBR used
15:34:51.0276 0460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xD96800, BlocksNum 0xD1FD800
15:34:51.0312 0460 Initialize success
15:34:51.0312 0460 ============================================================
15:34:58.0496 3792 ============================================================
15:34:58.0496 3792 Scan started
15:34:58.0496 3792 Mode: Manual;
15:34:58.0496 3792 ============================================================
15:35:01.0191 3792 .dfsc - ok
15:35:01.0411 3792 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
15:35:01.0416 3792 ACPI - ok
15:35:01.0610 3792 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:35:01.0617 3792 adp94xx - ok
15:35:01.0689 3792 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:35:01.0694 3792 adpahci - ok
15:35:01.0714 3792 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:35:01.0717 3792 adpu160m - ok
15:35:01.0846 3792 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:35:01.0850 3792 adpu320 - ok
15:35:01.0969 3792 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
15:35:01.0974 3792 AFD - ok
15:35:02.0228 3792 AgereSoftModem (2e3abaacbf547abbb5e73a504a56d05a) C:\Windows\system32\DRIVERS\AGRSM.sys
15:35:02.0249 3792 AgereSoftModem - ok
15:35:02.0480 3792 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
15:35:02.0481 3792 agp440 - ok
15:35:02.0540 3792 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:35:02.0542 3792 aic78xx - ok
15:35:02.0579 3792 aliide (63fe281d76c5703f97bc37483db78b51) C:\Windows\system32\drivers\aliide.sys
15:35:02.0580 3792 aliide - ok
15:35:02.0635 3792 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:35:02.0637 3792 amdagp - ok
15:35:02.0790 3792 amdide (654044212c625a4582797b42d4b1bd89) C:\Windows\system32\drivers\amdide.sys
15:35:02.0792 3792 amdide - ok
15:35:02.0858 3792 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:35:02.0859 3792 AmdK7 - ok
15:35:02.0886 3792 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
15:35:02.0887 3792 AmdK8 - ok
15:35:03.0257 3792 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:35:03.0259 3792 arc - ok
15:35:03.0322 3792 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:35:03.0334 3792 arcsas - ok
15:35:03.0387 3792 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
15:35:03.0388 3792 AsyncMac - ok
15:35:03.0556 3792 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
15:35:03.0557 3792 atapi - ok
15:35:03.0724 3792 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:35:03.0728 3792 b57nd60x - ok
15:35:03.0942 3792 BCM43XV (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:35:03.0951 3792 BCM43XV - ok
15:35:03.0972 3792 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:35:03.0982 3792 BCM43XX - ok
15:35:04.0265 3792 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
15:35:04.0266 3792 Beep - ok
15:35:04.0305 3792 blbdrive - ok
15:35:04.0403 3792 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
15:35:04.0405 3792 bowser - ok
15:35:04.0496 3792 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:35:04.0497 3792 BrFiltLo - ok
15:35:04.0613 3792 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:35:04.0614 3792 BrFiltUp - ok
15:35:04.0696 3792 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:35:04.0697 3792 Brserid - ok
15:35:04.0742 3792 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:35:04.0744 3792 BrSerWdm - ok
15:35:04.0780 3792 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:35:04.0781 3792 BrUsbMdm - ok
15:35:04.0901 3792 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:35:04.0902 3792 BrUsbSer - ok
15:35:04.0986 3792 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:35:04.0988 3792 BTHMODEM - ok
15:35:05.0251 3792 catchme - ok
15:35:05.0472 3792 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
15:35:05.0473 3792 cdfs - ok
15:35:05.0544 3792 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
15:35:05.0546 3792 cdrom - ok
15:35:05.0575 3792 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:35:05.0577 3792 circlass - ok
15:35:05.0732 3792 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
15:35:05.0739 3792 CLFS - ok
15:35:05.0840 3792 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
15:35:05.0841 3792 CmBatt - ok
15:35:05.0893 3792 cmdide (ed46b460be318f2411c609dd6f318991) C:\Windows\system32\drivers\cmdide.sys
15:35:05.0894 3792 cmdide - ok
15:35:06.0030 3792 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\Windows\system32\Drivers\COH_Mon.sys
15:35:06.0032 3792 COH_Mon - ok
15:35:06.0079 3792 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
15:35:06.0080 3792 Compbatt - ok
15:35:06.0122 3792 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:35:06.0123 3792 crcdisk - ok
15:35:06.0148 3792 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:35:06.0150 3792 Crusoe - ok
15:35:06.0351 3792 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
15:35:06.0352 3792 CVirtA - ok
15:35:06.0452 3792 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
15:35:06.0454 3792 DfsC - ok
15:35:06.0671 3792 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
15:35:06.0673 3792 disk - ok
15:35:06.0757 3792 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
15:35:06.0758 3792 drmkaud - ok
15:35:06.0829 3792 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
15:35:06.0840 3792 DXGKrnl - ok
15:35:07.0022 3792 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:35:07.0025 3792 E1G60 - ok
15:35:07.0131 3792 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
15:35:07.0134 3792 Ecache - ok
15:35:07.0279 3792 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:35:07.0291 3792 eeCtrl - ok
15:35:07.0508 3792 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:35:07.0513 3792 elxstor - ok
15:35:07.0675 3792 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
15:35:07.0677 3792 EraserUtilDrv11122 - ok
15:35:07.0721 3792 EraserUtilRebootDrv - ok
15:35:07.0897 3792 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
15:35:07.0900 3792 fastfat - ok
15:35:07.0976 3792 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:35:07.0978 3792 fdc - ok
15:35:08.0076 3792 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
15:35:08.0078 3792 FileInfo - ok
15:35:08.0197 3792 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
15:35:08.0199 3792 Filetrace - ok
15:35:08.0245 3792 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:35:08.0246 3792 flpydisk - ok
15:35:08.0263 3792 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
15:35:08.0268 3792 FltMgr - ok
15:35:08.0346 3792 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
15:35:08.0347 3792 Fs_Rec - ok
15:35:08.0476 3792 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:35:08.0478 3792 gagp30kx - ok
15:35:08.0559 3792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:35:08.0561 3792 GEARAspiWDM - ok
15:35:08.0631 3792 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:35:08.0635 3792 HdAudAddService - ok
15:35:08.0760 3792 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:35:08.0761 3792 HDAudBus - ok
15:35:08.0804 3792 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:35:08.0806 3792 HidBth - ok
15:35:08.0873 3792 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:35:08.0875 3792 HidIr - ok
15:35:08.0911 3792 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
15:35:08.0912 3792 HidUsb - ok
15:35:09.0052 3792 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:35:09.0054 3792 HpCISSs - ok
15:35:09.0142 3792 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
15:35:09.0150 3792 HTTP - ok
15:35:09.0191 3792 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:35:09.0192 3792 i2omp - ok
15:35:09.0534 3792 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
15:35:09.0535 3792 i8042prt - ok
15:35:09.0728 3792 ialm (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:35:09.0760 3792 ialm - ok
15:35:09.0917 3792 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:35:09.0922 3792 iaStorV - ok
15:35:10.0094 3792 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:35:10.0126 3792 igfx - ok
15:35:10.0269 3792 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:35:10.0270 3792 iirsp - ok
15:35:10.0537 3792 INSTB32 (6859651f3850196dec2e5ca91774ba24) C:\WINDOWS\TEMP\INSTB32.SYS
15:35:10.0556 3792 INSTB32 - ok
15:35:10.0814 3792 IntcAzAudAddService (0789485ffae865458e0f079dcbf4fcd2) C:\Windows\system32\drivers\RTKVHDA.sys
15:35:10.0840 3792 IntcAzAudAddService - ok
15:35:11.0001 3792 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
15:35:11.0003 3792 intelide - ok
15:35:11.0074 3792 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
15:35:11.0076 3792 intelppm - ok
15:35:11.0155 3792 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:35:11.0157 3792 IpFilterDriver - ok
15:35:11.0279 3792 IpInIp - ok
15:35:11.0327 3792 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:35:11.0329 3792 IPMIDRV - ok
15:35:11.0369 3792 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
15:35:11.0371 3792 IPNAT - ok
15:35:11.0478 3792 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
15:35:11.0479 3792 IRENUM - ok
15:35:11.0616 3792 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:35:11.0617 3792 isapnp - ok
15:35:11.0671 3792 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
15:35:11.0674 3792 iScsiPrt - ok
15:35:11.0699 3792 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:35:11.0701 3792 iteatapi - ok
15:35:11.0764 3792 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:35:11.0766 3792 iteraid - ok
15:35:11.0907 3792 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
15:35:11.0909 3792 kbdclass - ok
15:35:11.0952 3792 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
15:35:11.0953 3792 kbdhid - ok
15:35:12.0025 3792 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
15:35:12.0032 3792 KSecDD - ok
15:35:12.0218 3792 lenovo.smi (63de2c8974f5d528fbc3d6978fd8ad6a) C:\Windows\system32\DRIVERS\smiif32.sys
15:35:12.0219 3792 lenovo.smi - ok
15:35:12.0310 3792 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
15:35:12.0312 3792 lltdio - ok
15:35:12.0370 3792 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
15:35:12.0371 3792 LPCFilter - ok
15:35:12.0495 3792 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:35:12.0497 3792 LSI_FC - ok
15:35:12.0539 3792 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:35:12.0541 3792 LSI_SAS - ok
15:35:12.0569 3792 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:35:12.0572 3792 LSI_SCSI - ok
15:35:12.0611 3792 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
15:35:12.0614 3792 luafv - ok
15:35:12.0743 3792 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
15:35:12.0744 3792 MBAMProtector - ok
15:35:12.0832 3792 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:35:12.0834 3792 megasas - ok
15:35:12.0924 3792 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
15:35:12.0925 3792 Modem - ok
15:35:13.0046 3792 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
15:35:13.0048 3792 monitor - ok
15:35:13.0102 3792 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
15:35:13.0104 3792 mouclass - ok
15:35:13.0169 3792 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
15:35:13.0170 3792 mouhid - ok
15:35:13.0292 3792 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
15:35:13.0294 3792 MountMgr - ok
15:35:13.0337 3792 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:35:13.0340 3792 mpio - ok
15:35:13.0393 3792 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
15:35:13.0395 3792 mpsdrv - ok
15:35:13.0427 3792 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:35:13.0429 3792 Mraid35x - ok
15:35:13.0578 3792 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
15:35:13.0580 3792 MRxDAV - ok
15:35:13.0675 3792 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:35:13.0677 3792 mrxsmb - ok
15:35:13.0717 3792 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:35:13.0721 3792 mrxsmb10 - ok
15:35:13.0874 3792 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:35:13.0876 3792 mrxsmb20 - ok
15:35:13.0912 3792 msahci (0a37a1ba8afe084899bf82eef923daea) C:\Windows\system32\drivers\msahci.sys
15:35:13.0914 3792 msahci - ok
15:35:13.0943 3792 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:35:13.0945 3792 msdsm - ok
15:35:13.0993 3792 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
15:35:13.0995 3792 Msfs - ok
15:35:14.0054 3792 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
15:35:14.0055 3792 msisadrv - ok
15:35:14.0215 3792 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
15:35:14.0216 3792 MSKSSRV - ok
15:35:14.0301 3792 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
15:35:14.0302 3792 MSPCLOCK - ok
15:35:14.0339 3792 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
15:35:14.0340 3792 MSPQM - ok
15:35:14.0377 3792 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
15:35:14.0381 3792 MsRPC - ok
15:35:14.0519 3792 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
15:35:14.0521 3792 mssmbios - ok
15:35:14.0648 3792 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
15:35:14.0649 3792 MSTEE - ok
15:35:14.0676 3792 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
15:35:14.0678 3792 Mup - ok
15:35:14.0844 3792 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
15:35:14.0848 3792 NativeWifiP - ok
15:35:15.0008 3792 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120218.008\NAVENG.SYS
15:35:15.0010 3792 NAVENG - ok
15:35:15.0118 3792 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120218.008\NAVEX15.SYS
15:35:15.0143 3792 NAVEX15 - ok
15:35:15.0309 3792 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
15:35:15.0318 3792 NDIS - ok
15:35:15.0480 3792 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
15:35:15.0481 3792 NdisTapi - ok
15:35:15.0533 3792 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
15:35:15.0534 3792 Ndisuio - ok
15:35:15.0591 3792 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
15:35:15.0594 3792 NdisWan - ok
15:35:15.0616 3792 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
15:35:15.0618 3792 NDProxy - ok
15:35:15.0767 3792 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
15:35:15.0769 3792 NetBIOS - ok
15:35:15.0794 3792 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
15:35:15.0798 3792 netbt - ok
15:35:15.0856 3792 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:35:15.0858 3792 nfrd960 - ok
15:35:15.0883 3792 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
15:35:15.0884 3792 Npfs - ok
15:35:15.0925 3792 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
15:35:15.0926 3792 nsiproxy - ok
15:35:16.0133 3792 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
15:35:16.0151 3792 Ntfs - ok
15:35:16.0293 3792 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:35:16.0294 3792 ntrigdigi - ok
15:35:16.0327 3792 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
15:35:16.0328 3792 Null - ok
15:35:16.0369 3792 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:35:16.0372 3792 nvraid - ok
15:35:16.0403 3792 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:35:16.0405 3792 nvstor - ok
15:35:16.0438 3792 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:35:16.0440 3792 nv_agp - ok
15:35:16.0557 3792 NwlnkFlt - ok
15:35:16.0585 3792 NwlnkFwd - ok
15:35:16.0680 3792 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
15:35:16.0682 3792 ohci1394 - ok
15:35:16.0709 3792 oifuist - ok
15:35:16.0971 3792 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
15:35:16.0973 3792 Parport - ok
15:35:17.0002 3792 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
15:35:17.0004 3792 partmgr - ok
15:35:17.0036 3792 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
15:35:17.0037 3792 Parvdm - ok
15:35:17.0095 3792 PcdrNdisuio - ok
15:35:17.0131 3792 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
15:35:17.0134 3792 pci - ok
15:35:17.0272 3792 pciide (0d852988a68985fa197b7cc9f130f719) C:\Windows\system32\drivers\pciide.sys
15:35:17.0274 3792 pciide - ok
15:35:17.0300 3792 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
15:35:17.0304 3792 pcmcia - ok
15:35:17.0398 3792 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:35:17.0413 3792 PEAUTH - ok
15:35:17.0623 3792 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
15:35:17.0625 3792 PptpMiniport - ok
15:35:17.0678 3792 PROCDD (c9ca089787aa4ca892f2173a8e15c1b0) C:\Windows\system32\DRIVERS\PROCDD.SYS
15:35:17.0680 3792 PROCDD - ok
15:35:17.0718 3792 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:35:17.0719 3792 Processor - ok
15:35:17.0907 3792 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys
15:35:17.0909 3792 psadd - ok
15:35:18.0070 3792 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
15:35:18.0072 3792 PSched - ok
15:35:18.0571 3792 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:35:18.0585 3792 ql2300 - ok
15:35:18.0914 3792 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:35:18.0924 3792 ql40xx - ok
15:35:19.0075 3792 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
15:35:19.0077 3792 QWAVEdrv - ok
15:35:19.0162 3792 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
15:35:19.0163 3792 RasAcd - ok
15:35:19.0197 3792 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:35:19.0199 3792 Rasl2tp - ok
15:35:19.0230 3792 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
15:35:19.0231 3792 RasPppoe - ok
15:35:19.0391 3792 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
15:35:19.0395 3792 rdbss - ok
15:35:19.0422 3792 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:35:19.0423 3792 RDPCDD - ok
15:35:19.0491 3792 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
15:35:19.0495 3792 rdpdr - ok
15:35:19.0520 3792 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
15:35:19.0522 3792 RDPENCDD - ok
15:35:19.0569 3792 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
15:35:19.0573 3792 RDPWD - ok
15:35:19.0855 3792 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
15:35:19.0857 3792 rimmptsk - ok
15:35:19.0899 3792 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
15:35:19.0901 3792 rimsptsk - ok
15:35:19.0956 3792 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
15:35:19.0958 3792 rismxdp - ok
15:35:20.0125 3792 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
15:35:20.0127 3792 rspndr - ok
15:35:20.0221 3792 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
15:35:20.0223 3792 RTL8023xp - ok
15:35:20.0255 3792 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:35:20.0258 3792 sbp2port - ok
15:35:20.0464 3792 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
15:35:20.0466 3792 sdbus - ok
15:35:20.0510 3792 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:35:20.0511 3792 secdrv - ok
15:35:20.0544 3792 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
15:35:20.0546 3792 Serenum - ok
15:35:20.0694 3792 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
15:35:20.0696 3792 Serial - ok
15:35:20.0759 3792 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
15:35:20.0761 3792 sermouse - ok
15:35:20.0808 3792 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
15:35:20.0810 3792 sffdisk - ok
15:35:20.0847 3792 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
15:35:20.0849 3792 sffp_mmc - ok
15:35:21.0009 3792 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
15:35:21.0010 3792 sffp_sd - ok
15:35:21.0034 3792 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
15:35:21.0035 3792 sfloppy - ok
15:35:21.0089 3792 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:35:21.0091 3792 sisagp - ok
15:35:21.0115 3792 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:35:21.0117 3792 SiSRaid2 - ok
15:35:21.0263 3792 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:35:21.0265 3792 SiSRaid4 - ok
15:35:21.0306 3792 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
15:35:21.0308 3792 Smb - ok
15:35:21.0570 3792 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
15:35:21.0582 3792 SPBBCDrv - ok
15:35:21.0738 3792 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
15:35:21.0740 3792 spldr - ok
15:35:21.0855 3792 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS
15:35:21.0860 3792 SRTSP - ok
15:35:22.0059 3792 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS
15:35:22.0064 3792 SRTSPL - ok
15:35:22.0133 3792 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS
15:35:22.0135 3792 SRTSPX - ok
15:35:22.0295 3792 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
15:35:22.0301 3792 srv - ok
15:35:22.0365 3792 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
15:35:22.0368 3792 srv2 - ok
15:35:22.0507 3792 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
15:35:22.0509 3792 srvnet - ok
15:35:22.0589 3792 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
15:35:22.0590 3792 swenum - ok
15:35:22.0635 3792 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:35:22.0637 3792 Symc8xx - ok
15:35:22.0810 3792 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
15:35:22.0813 3792 SymEvent - ok
15:35:22.0898 3792 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
15:35:22.0900 3792 SYMREDRV - ok
15:35:22.0965 3792 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
15:35:22.0969 3792 SYMTDI - ok
15:35:23.0098 3792 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:35:23.0100 3792 Sym_hi - ok
15:35:23.0161 3792 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:35:23.0163 3792 Sym_u3 - ok
15:35:23.0215 3792 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
15:35:23.0219 3792 SynTP - ok
15:35:23.0356 3792 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
15:35:23.0359 3792 SysPlant - ok
15:35:23.0493 3792 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
15:35:23.0508 3792 Tcpip - ok
15:35:23.0682 3792 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
15:35:23.0695 3792 Tcpip6 - ok
15:35:23.0902 3792 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
15:35:23.0903 3792 tcpipreg - ok
15:35:23.0928 3792 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
15:35:23.0930 3792 TDPIPE - ok
15:35:23.0968 3792 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
15:35:23.0969 3792 TDTCP - ok
15:35:23.0992 3792 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
15:35:23.0995 3792 tdx - ok
15:35:24.0200 3792 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows\system32\DRIVERS\teefer2.sys
15:35:24.0202 3792 Teefer2 - ok
15:35:24.0247 3792 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
15:35:24.0249 3792 TermDD - ok
15:35:24.0373 3792 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:35:24.0374 3792 tssecsrv - ok
15:35:24.0569 3792 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
15:35:24.0570 3792 tunmp - ok
15:35:24.0650 3792 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
15:35:24.0651 3792 tunnel - ok
15:35:24.0895 3792 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
15:35:24.0897 3792 tvtfilter - ok
15:35:24.0941 3792 TVTI2C (c254bff0a928ea7d5ccdc2522d56fd01) C:\Windows\system32\DRIVERS\Tvti2c.sys
15:35:24.0943 3792 TVTI2C - ok
15:35:24.0994 3792 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:35:24.0996 3792 uagp35 - ok
15:35:25.0164 3792 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
15:35:25.0169 3792 udfs - ok
15:35:25.0230 3792 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:35:25.0233 3792 uliagpkx - ok
15:35:25.0274 3792 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:35:25.0279 3792 uliahci - ok
15:35:25.0301 3792 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:35:25.0304 3792 UlSata - ok
15:35:25.0458 3792 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:35:25.0461 3792 ulsata2 - ok
15:35:25.0490 3792 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
15:35:25.0492 3792 umbus - ok
15:35:25.0587 3792 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:35:25.0589 3792 USBAAPL - ok
15:35:25.0774 3792 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
15:35:25.0777 3792 usbccgp - ok
15:35:25.0841 3792 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:35:25.0843 3792 usbcir - ok
15:35:25.0894 3792 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
15:35:25.0896 3792 usbehci - ok
15:35:26.0041 3792 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
15:35:26.0045 3792 usbhub - ok
15:35:26.0082 3792 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:35:26.0083 3792 usbohci - ok
15:35:26.0112 3792 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
15:35:26.0115 3792 usbprint - ok
15:35:26.0176 3792 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:35:26.0179 3792 USBSTOR - ok
15:35:26.0333 3792 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:35:26.0334 3792 usbuhci - ok
15:35:26.0388 3792 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:35:26.0390 3792 vga - ok
15:35:26.0416 3792 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
15:35:26.0417 3792 VgaSave - ok
15:35:26.0459 3792 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:35:26.0461 3792 viaagp - ok
15:35:26.0601 3792 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:35:26.0603 3792 ViaC7 - ok
15:35:26.0635 3792 viaide (9fa7c28d7088058cc9796008812f40e5) C:\Windows\system32\drivers\viaide.sys
15:35:26.0637 3792 viaide - ok
15:35:26.0660 3792 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
15:35:26.0662 3792 volmgr - ok
15:35:26.0709 3792 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
15:35:26.0714 3792 volmgrx - ok
15:35:26.0879 3792 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
15:35:26.0885 3792 volsnap - ok
15:35:26.0920 3792 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:35:26.0922 3792 vsmraid - ok
15:35:27.0032 3792 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:35:27.0034 3792 WacomPen - ok
15:35:27.0187 3792 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
15:35:27.0189 3792 Wanarp - ok
15:35:27.0216 3792 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
15:35:27.0218 3792 Wanarpv6 - ok
15:35:27.0281 3792 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:35:27.0282 3792 Wd - ok
15:35:27.0347 3792 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
15:35:27.0356 3792 Wdf01000 - ok
15:35:27.0608 3792 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
15:35:27.0609 3792 WmiAcpi - ok
15:35:27.0721 3792 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
15:35:27.0723 3792 WpdUsb - ok
15:35:27.0777 3792 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\Windows\system32\drivers\wpsdrvnt.sys
15:35:27.0779 3792 WPS - ok
15:35:27.0966 3792 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
15:35:27.0970 3792 WpsHelper - ok
15:35:28.0017 3792 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
15:35:28.0019 3792 ws2ifsl - ok
15:35:28.0083 3792 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:35:28.0086 3792 WUDFRd - ok
15:35:28.0130 3792 MBR (0x1B8) (0a008861322bfac2fe25042550144381) \Device\Harddisk0\DR0
15:35:28.0157 3792 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:35:28.0157 3792 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:35:28.0186 3792 Boot (0x1200) (ec40f309e5cda19de5bbe12e136a2e16) \Device\Harddisk0\DR0\Partition0
15:35:28.0188 3792 \Device\Harddisk0\DR0\Partition0 - ok
15:35:28.0190 3792 ============================================================
15:35:28.0190 3792 Scan finished
15:35:28.0190 3792 ============================================================
15:35:28.0216 3908 Detected object count: 1
15:35:28.0216 3908 Actual detected object count: 1
15:36:08.0956 3908 \Device\Harddisk0\DR0\# - copied to quarantine
15:36:08.0957 3908 \Device\Harddisk0\DR0 - copied to quarantine
15:36:08.0991 3908 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:36:08.0993 3908 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:36:09.0004 3908 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:36:09.0007 3908 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:36:09.0010 3908 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:36:09.0013 3908 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:36:09.0026 3908 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:36:09.0030 3908 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:36:09.0058 3908 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:36:09.0069 3908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:36:09.0070 3908 \Device\Harddisk0\DR0 - ok
15:36:09.0523 3908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:36:16.0857 3816 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 20 February 2012 - 05:02 PM

Hello


You sent me the TDSSKiller twice - can you send me the aswMBR report please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 muchofrustration

muchofrustration
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 20 February 2012 - 05:35 PM

ooops, sorry

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-20 15:44:56
-----------------------------
15:44:56.689 OS Version: Windows 6.0.6000
15:44:56.689 Number of processors: 2 586 0xE0C
15:44:56.711 ComputerName: SENIOR UserName:
15:45:26.135 Initialize success
15:47:07.867 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:47:07.873 Disk 0 Vendor: HITACHI_HTS541612J9SA00 SBDIC7EP Size: 114473MB BusType: 3
15:47:07.886 Disk 0 MBR read successfully
15:47:07.890 Disk 0 MBR scan
15:47:07.893 Disk 0 unknown MBR code
15:47:07.923 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6956 MB offset 2048
15:47:07.939 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 107515 MB offset 14247936
15:47:07.946 Disk 0 scanning sectors +234438656
15:47:08.024 Disk 0 scanning C:\Windows\system32\drivers
15:47:15.159 Service scanning
15:47:16.692 Service .dfsc \? **LOCKED** 123
15:47:42.664 Modules scanning
15:47:49.932 Disk 0 trace - called modules:
15:47:49.964 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
15:47:49.989 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84886030]
15:47:49.997 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> [0x83e548a8]
15:47:50.004 5 acpi.sys[8046932a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83e56bb0]
15:47:50.012 Scan finished successfully
15:48:13.532 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
15:48:13.561 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 20 February 2012 - 05:47 PM

Hello


very good and thank you.


I want you to try and run combofix once more for me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 muchofrustration

muchofrustration
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 20 February 2012 - 10:12 PM

ComboFix 12-02-19.02 - Administrator 02/20/2012 21:54:11.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1520 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 03:05 . 2012-02-21 03:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-21 03:05 . 2012-02-21 03:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-21 03:05 . 2012-02-21 03:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-21 03:05 . 2012-02-21 03:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-20 20:36 . 2012-02-20 20:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-20 17:28 . 2012-02-20 17:28 -------- d--h--we C:\E
2012-02-20 17:26 . 2012-02-20 17:26 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-02-20 00:19 . 2012-02-20 00:19 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-02-13 02:45 . 2012-02-19 03:12 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-02-13 02:45 . 2012-02-13 02:45 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-13 02:45 . 2012-02-19 03:12 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-13 02:45 . 2012-02-19 03:12 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-02-13 02:45 . 2012-02-13 02:45 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-10 00:29 . 2012-02-10 00:29 -------- d-----w- C:\D
2012-01-24 22:31 . 2012-02-13 02:45 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-24 22:31 . 2012-02-13 02:45 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-24 22:31 . 2012-02-13 02:45 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-24 22:31 . 2012-02-19 03:12 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-01-24 22:31 . 2012-02-19 03:12 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-24 22:31 . 2012-02-19 03:12 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-01-24 22:31 . 2012-02-19 03:12 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-01-24 22:31 . 2012-02-19 03:12 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-01-24 22:31 . 2012-02-19 03:12 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-07 14:40 . 2008-09-19 20:54 44544 ----a-w- c:\windows\system32\agremove.exe
2012-01-11 15:00 . 2006-11-02 08:31 74752 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-01-09 14:16 . 2012-01-09 14:16 709968 ----a-w- c:\windows\is-9GKUF.exe
2011-12-15 23:49 . 2011-12-15 23:49 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 20:24 . 2010-08-03 19:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 03:12 . 2012-02-13 02:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="c:\users\Administrator\Desktop\sdsetup_revwire207.exe" [2011-07-11 512992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-11-22 31840]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 28672]
"LenovoRegistration"="c:\swtools\LenovoWelcome\LenovoRegistration.exe" [2007-02-15 36864]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-12-13 2614848]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-15 115560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3429713525-3614850820-3940112351-1003Core1cce1231efa0af0.job
- c:\users\Shelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-15 02:44]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3429713525-3614850820-3940112351-1003UA.job
- c:\users\Shelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-15 02:44]
.
2012-02-20 c:\windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\7uy0p2rm.default\
FF - prefs.js: browser.startup.homepage - hxxp://msn.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-20 22:07
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.dfsc]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\S-1-5-21-3429713525-3614850820-3940112351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3429713525-3614850820-3940112351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3429713525-3614850820-3940112351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3429713525-3614850820-3940112351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3429713525-3614850820-3940112351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-02-20 22:10:31
ComboFix-quarantined-files.txt 2012-02-21 03:10
ComboFix2.txt 2011-09-12 20:40
ComboFix3.txt 2011-09-10 16:20
ComboFix4.txt 2010-12-15 19:13
.
Pre-Run: 21,958,373,376 bytes free
Post-Run: 22,594,330,624 bytes free
.
- - End Of File - - EC2F7CB91DD2EA3CD0D5F374A2EBCB1E

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 20 February 2012 - 10:31 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 muchofrustration

muchofrustration
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 22 February 2012 - 12:33 PM

It's actually a lot better now! It isn't redirecting anymore and hasn't been crashing.

ComboFix 12-02-21.02 - Administrator 02/21/2012 22:58:57.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1130 [GMT -5:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 04:09 . 2012-02-22 04:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-22 04:09 . 2012-02-22 04:09 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-22 04:09 . 2012-02-22 04:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-21 03:18 . 2012-02-21 03:18 -------- d--h--we C:\F
2012-02-21 03:10 . 2012-02-22 04:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-20 20:36 . 2012-02-20 20:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-20 17:26 . 2012-02-20 17:26 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-02-20 00:19 . 2012-02-20 00:19 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-02-13 02:45 . 2012-02-19 03:12 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-02-13 02:45 . 2012-02-13 02:45 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-13 02:45 . 2012-02-19 03:12 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-13 02:45 . 2012-02-19 03:12 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-02-13 02:45 . 2012-02-13 02:45 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-10 00:29 . 2012-02-10 00:29 -------- d-----w- C:\D
2012-01-24 22:31 . 2012-02-13 02:45 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-24 22:31 . 2012-02-13 02:45 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-24 22:31 . 2012-02-13 02:45 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-24 22:31 . 2012-02-19 03:12 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-01-24 22:31 . 2012-02-19 03:12 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-24 22:31 . 2012-02-19 03:12 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-01-24 22:31 . 2012-02-19 03:12 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-01-24 22:31 . 2012-02-19 03:12 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-01-24 22:31 . 2012-02-19 03:12 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:03 . 2012-02-22 01:12 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{501D79F5-4E10-419C-88A2-642A41B0C24B}\mpengine.dll
2012-02-07 14:40 . 2008-09-19 20:54 44544 ----a-w- c:\windows\system32\agremove.exe
2012-01-29 10:10 . 2009-10-09 06:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 15:00 . 2006-11-02 08:31 74752 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-01-09 14:16 . 2012-01-09 14:16 709968 ----a-w- c:\windows\is-9GKUF.exe
2011-12-15 23:49 . 2011-12-15 23:49 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 20:24 . 2010-08-03 19:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 03:12 . 2012-02-13 02:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="c:\users\Administrator\Desktop\sdsetup_revwire207.exe" [2011-07-11 512992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-11-22 31840]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 28672]
"LenovoRegistration"="c:\swtools\LenovoWelcome\LenovoRegistration.exe" [2007-02-15 36864]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-12-13 2614848]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-15 115560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3429713525-3614850820-3940112351-1003Core1cce1231efa0af0.job
- c:\users\Shelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-15 02:44]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3429713525-3614850820-3940112351-1003UA.job
- c:\users\Shelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-15 02:44]
.
2012-02-22 c:\windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\7uy0p2rm.default\
FF - prefs.js: browser.startup.homepage - hxxp://msn.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-21 23:20
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.dfsc]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\S-1-5-21-3429713525-3614850820-3940112351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3429713525-3614850820-3940112351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3429713525-3614850820-3940112351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3429713525-3614850820-3940112351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3429713525-3614850820-3940112351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\LENOVO\HOTKEY\FNF5SVC.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\wermgr.exe
c:\windows\system32\WerCon.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\lpremove.exe
c:\windows\system32\lpksetup.exe
c:\users\ADMINI~1\Desktop\dds.scr
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\iPod\bin\iPodService.exe
c:\users\ADMINI~1\AppData\Local\Temp\nsr761.tmp\PEV.DAT
.
**************************************************************************
.
Completion time: 2012-02-21 23:31:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-22 04:31
ComboFix2.txt 2012-02-21 03:10
ComboFix3.txt 2011-09-12 20:40
ComboFix4.txt 2011-09-10 16:20
ComboFix5.txt 2012-02-22 03:56
.
Pre-Run: 16,002,248,704 bytes free
Post-Run: 15,967,944,704 bytes free
.
- - End Of File - - 313D31FEAEDDDA882D07E39D930AE51B

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 22 February 2012 - 12:53 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 muchofrustration

muchofrustration
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 22 February 2012 - 02:49 PM

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Access Help
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bizarro DC++ 0.674z
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Business Contact Manager for Outlook 2007 SP2
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon iP1800 series
Canon iP1800 series User Registration
Canon MovieEdit Task for ZoomBrowser EX
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-LayoutPrint
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Client Security Solution
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Diskeeper Home
ESET Online Scanner v3
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Talk Plugin
Help Center
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 26
Lenovo Care
Lenovo Care Supplement
Lenovo PM Driver
Lenovo Registration
Lenovo System Interface Driver
LiveUpdate 3.3 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Maintenance Manager
Malwarebytes Anti-Malware version 1.60.1.1000
Message Center
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NirSoft BlueScreenView
On Screen Display
PIXMA Extended Survey Program
PM Driver
Power Ux Customization
Presentation Director
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Registry patch for Windows Vista USB S3 PM Enablement
Rescue and Recovery
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Click to Call
Skype™ 5.5
Symantec Endpoint Protection
Synaptics Pointing Device Driver
System Update
ThinkPad Hotkey Features Setup
ThinkVantage Access Connections
ThinkVantage Technologies Welcome Message
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoLAN VLC media player 0.8.6d
Wallpapers
WhoCrashed 3.03
Windows Live Toolbar
Windows Media Player Firefox Plugin
WordPerfect Office X3
Xvid 1.1.3 final uninstall

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 22 February 2012 - 03:02 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:59 PM

Posted 25 February 2012 - 12:50 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users