Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HeurEngine.ZeroDayThreat; Rootkit.Agent.YYF and more.


  • This topic is locked This topic is locked
12 replies to this topic

#1 prescben

prescben

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 19 February 2012 - 10:05 PM

Within 48hrs, went from initial detection of viruses to no longer being able to complete virus scans, and odd Windows Explorer and Chrome/Firefox hangs... Really appreciate any help at all. Should probably also note that ESET virus scan also hangs when I try to run it. In reading the instructions about posting, I thought I understood that 64-bit OSs shouldn't do a GMER log, so please find just the DDS logs below. I should probably also note that Chrome would not download the dds, and firefox would become non-responsive whenever I tried to download it. Had to save it on another computer and bring it over on USB.

Thanks!
Ben


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Ben at 22:02:42 on 2012-02-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5887 [GMT -5:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Ben\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Ben\Downloads\SecurityCheck.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mWinlogon: Userinit=userinit.exe,
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
uRun: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Spotify] "C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{99CB2B32-C7DD-4A62-8F7F-FC1B1F789C69} : DhcpNameServer = 192.168.2.1 192.168.2.1
BHO-X64: PC Tools Browser Defender BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Defender BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: PC Tools Browser Defender: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\axje4tvu.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-1-24 546768]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-1-24 402336]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-1-24 1117624]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
R3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
R3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-20 02:33:21 -------- d-----w- C:\Users\Ben\AppData\Roaming\Malwarebytes
2012-02-20 02:33:15 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-20 02:33:14 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-20 02:33:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-18 14:21:03 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-18 01:29:09 -------- d-----w- C:\Users\Ben\AppData\Roaming\PCTools
2012-02-18 00:27:52 -------- d-----r- C:\Users\Ben\New Briefcase
2012-02-17 02:11:01 -------- d-----w- C:\Program Files (x86)\Atari
2012-02-14 22:17:35 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-02-14 22:17:35 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-14 22:17:34 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-14 22:17:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-14 22:17:34 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-14 00:06:09 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-14 00:06:09 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-14 00:06:09 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-14 00:06:09 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-02-13 03:16:00 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-13 03:15:58 2250024 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-02-12 16:05:42 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-02-12 16:05:39 -------- d-----w- C:\Users\Ben\AppData\Local\PunkBuster
2012-02-12 16:05:05 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-11 21:34:21 -------- d-----w- C:\Users\Ben\AppData\Local\Fallout3
2012-02-11 21:33:08 -------- d-----w- C:\Windows\SysWow64\xlive
2012-02-11 21:33:07 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-02-06 22:14:45 -------- d-----w- C:\Program Files (x86)\Freelancer Companion
2012-02-04 20:42:30 553472 ----a-r- C:\Program Files (x86)\Microsoft Games\Freelancer\EXE\DsyAddition.dll
2012-02-04 20:42:30 4780544 ----a-r- C:\Program Files (x86)\Microsoft Games\Freelancer\EXE\Discovery.dll
2012-02-04 20:42:30 274432 ----a-r- C:\Program Files (x86)\Microsoft Games\Freelancer\EXE\bloom.dll
2012-02-04 20:42:30 249856 ----a-r- C:\Program Files (x86)\Microsoft Games\Freelancer\EXE\DSUpdate.dll
2012-02-04 20:42:22 47616 ----a-r- C:\Program Files (x86)\Microsoft Games\Freelancer\EXE\DSInstallChecker.exe
2012-02-04 20:42:22 3005956 ----a-r- C:\Program Files (x86)\Microsoft Games\Freelancer\EXE\Freelancer.exe
2012-02-04 20:42:22 294912 ----a-r- C:\Program Files (x86)\Microsoft Games\Freelancer\EXE\DSUpdate.exe
2012-02-04 20:42:22 184832 ----a-r- C:\Program Files (x86)\Microsoft Games\Freelancer\EXE\FLServer.exe
2012-02-04 20:35:31 40960 ----a-w- C:\Program Files (x86)\Microsoft Games\Freelancer - Copy\DATA\EQUIPMENT\bini.exe
2012-02-04 20:34:39 73779 ----a-w- C:\Program Files (x86)\Microsoft Games\Freelancer - Copy\EBUEula.dll
2012-02-04 20:34:39 6135808 ----a-w- C:\Program Files (x86)\Microsoft Games\Freelancer - Copy\SETUPENU.DLL
2012-02-04 20:34:39 40960 ----a-w- C:\Program Files (x86)\Microsoft Games\Freelancer - Copy\drvmgt.dll
2012-02-04 20:34:39 2392160 ----a-w- C:\Program Files (x86)\Microsoft Games\Freelancer - Copy\UNINSTAL.EXE
2012-02-04 20:14:04 -------- d-----w- C:\Program Files (x86)\Freelancer Mod Manager
2012-01-29 19:06:43 -------- d-----w- C:\Program Files (x86)\BiniQDU
2012-01-29 19:06:37 286720 ------w- C:\Windows\Setup1.exe
2012-01-29 19:06:36 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-01-29 19:04:44 -------- d-----w- C:\Users\Ben\.jedit
2012-01-29 19:03:44 -------- d-----w- C:\Program Files\jEdit
2012-01-29 17:34:22 -------- d-----w- C:\Users\Ben\AppData\Local\Freelancer
2012-01-29 17:21:14 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-01-25 23:05:40 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-01-25 23:00:06 -------- d-----w- C:\AMD
2012-01-25 02:16:18 706776 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
2012-01-25 02:16:18 65664 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
2012-01-25 02:16:18 41968 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
2012-01-25 02:15:27 767952 ----a-w- C:\Windows\BDTSupport.dll
2012-01-25 02:15:27 70760 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
2012-01-25 02:15:26 2246608 ----a-w- C:\Windows\PCTBDCore.dll
2012-01-25 02:15:26 1681360 ----a-w- C:\Windows\PCTBDRes.dll
2012-01-25 02:15:26 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2012-01-25 02:15:08 339608 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-01-25 02:15:08 145432 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-01-25 02:15:06 14776 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2012-01-25 02:15:04 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-01-25 02:12:32 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-01-25 02:12:32 1096688 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-01-25 02:12:31 367912 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-01-24 13:57:37 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A66E4C7-D610-4458-8D03-11050FC9FCF3}\mpengine.dll
.
==================== Find3M ====================
.
2012-01-19 05:02:56 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-11 21:19:08 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-01-09 04:01:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-18 04:33:37 0 ----a-w- C:\Windows\ativpsrm.bin
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-06 03:45:40 10720256 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-12-06 03:18:38 25371136 ----a-w- C:\Windows\System32\atio6axx.dll
2011-12-06 03:17:50 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-12-06 03:17:36 778752 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-12-06 03:16:00 933888 ----a-w- C:\Windows\System32\aticfx64.dll
2011-12-06 03:12:52 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-12-06 03:12:36 494080 ----a-w- C:\Windows\System32\atieclxx.exe
2011-12-06 03:11:56 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-12-06 03:10:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-12-06 03:10:20 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-12-06 03:10:12 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-12-06 03:10:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-12-06 03:09:56 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-12-06 03:09:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-12-06 03:09:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-12-06 03:06:38 6159872 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-12-06 03:04:06 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-12-06 03:04:00 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-12-06 03:03:54 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-12-06 03:03:52 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-12-06 03:03:42 17580544 ----a-w- C:\Windows\System32\amdocl64.dll
2011-12-06 03:03:04 14499328 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-12-06 02:56:40 19125760 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-12-06 02:51:22 7520768 ----a-w- C:\Windows\System32\atidxx64.dll
2011-12-06 02:39:58 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-12-06 02:39:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-12-06 02:39:12 4072960 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-12-06 02:34:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-12-06 02:34:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-12-06 02:34:16 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-12-06 02:34:14 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-12-06 02:34:00 13738496 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-12-06 02:33:36 5919232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-12-06 02:29:30 11484672 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-12-06 02:28:50 4206592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-12-06 02:24:02 7511040 ----a-w- C:\Windows\System32\atiumd64.dll
2011-12-06 02:18:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-12-06 02:13:02 509952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-12-06 02:12:52 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-12-06 02:12:38 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-12-06 02:12:34 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-12-06 02:12:34 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-12-06 02:12:30 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-12-06 02:12:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-12-06 02:12:14 327168 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-12-06 02:11:24 42496 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-12-06 02:11:16 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-12-06 02:11:10 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-12-06 02:11:02 29696 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-12-06 02:10:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
.
============= FINISH: 22:03:42.86 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 AM

Posted 25 February 2012 - 10:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/443344 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 prescben

prescben
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 25 February 2012 - 10:59 PM

Hello help bot!

Yes, I still need help, though I'm out of town until tomorrow and will have to post a new dds log then.

Thanks!
Ben

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 AM

Posted 26 February 2012 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Nothing suspicious was found on your DDS log.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#5 prescben

prescben
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 26 February 2012 - 07:49 PM

Hello nasdaq,

Thanks for the help and sorry for the delayed reply. I only just got back to this computer.

TDS found nothing but I'm including the TDS log below anyway.

Below is also the MBR log and attached is the zip.

Thanks again for the help!
Ben

TDS Log

19:43:03.0793 5964 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
19:43:04.0262 5964 ============================================================
19:43:04.0262 5964 Current date / time: 2012/02/26 19:43:04.0262
19:43:04.0262 5964 SystemInfo:
19:43:04.0262 5964
19:43:04.0262 5964 OS Version: 6.1.7601 ServicePack: 1.0
19:43:04.0262 5964 Product type: Workstation
19:43:04.0262 5964 ComputerName: BEN-PC
19:43:04.0262 5964 UserName: Ben
19:43:04.0262 5964 Windows directory: C:\Windows
19:43:04.0262 5964 System windows directory: C:\Windows
19:43:04.0262 5964 Running under WOW64
19:43:04.0262 5964 Processor architecture: Intel x64
19:43:04.0262 5964 Number of processors: 3
19:43:04.0262 5964 Page size: 0x1000
19:43:04.0262 5964 Boot type: Normal boot
19:43:04.0262 5964 ============================================================
19:43:07.0900 5964 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:07.0912 5964 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:07.0922 5964 \Device\Harddisk0\DR0:
19:43:07.0923 5964 MBR used
19:43:07.0923 5964 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
19:43:07.0923 5964 \Device\Harddisk1\DR1:
19:43:07.0923 5964 MBR used
19:43:07.0923 5964 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD13D8
19:43:07.0975 5964 Initialize success
19:43:07.0975 5964 ============================================================
19:43:09.0333 6048 ============================================================
19:43:09.0333 6048 Scan started
19:43:09.0333 6048 Mode: Manual;
19:43:09.0333 6048 ============================================================
19:43:10.0897 6048 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:43:10.0915 6048 1394ohci - ok
19:43:10.0967 6048 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:43:10.0987 6048 ACPI - ok
19:43:11.0034 6048 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:43:11.0051 6048 AcpiPmi - ok
19:43:11.0116 6048 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:43:11.0177 6048 adp94xx - ok
19:43:11.0229 6048 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:43:11.0242 6048 adpahci - ok
19:43:11.0300 6048 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:43:11.0316 6048 adpu320 - ok
19:43:11.0398 6048 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:43:11.0424 6048 AFD - ok
19:43:11.0460 6048 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:43:11.0463 6048 agp440 - ok
19:43:11.0483 6048 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:43:11.0485 6048 aliide - ok
19:43:11.0522 6048 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:43:11.0524 6048 amdide - ok
19:43:11.0552 6048 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
19:43:11.0554 6048 amdiox64 - ok
19:43:11.0573 6048 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:43:11.0574 6048 AmdK8 - ok
19:43:11.0756 6048 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
19:43:11.0907 6048 amdkmdag - ok
19:43:11.0944 6048 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
19:43:11.0947 6048 amdkmdap - ok
19:43:11.0967 6048 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:43:11.0968 6048 AmdPPM - ok
19:43:12.0001 6048 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:43:12.0003 6048 amdsata - ok
19:43:12.0015 6048 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:43:12.0019 6048 amdsbs - ok
19:43:12.0028 6048 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:43:12.0029 6048 amdxata - ok
19:43:12.0087 6048 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:43:12.0088 6048 AODDriver4.01 - ok
19:43:12.0119 6048 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:43:12.0121 6048 AppID - ok
19:43:12.0154 6048 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:43:12.0156 6048 arc - ok
19:43:12.0170 6048 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:43:12.0172 6048 arcsas - ok
19:43:12.0193 6048 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:43:12.0194 6048 AsyncMac - ok
19:43:12.0209 6048 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:43:12.0209 6048 atapi - ok
19:43:12.0242 6048 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
19:43:12.0247 6048 AtiHDAudioService - ok
19:43:12.0301 6048 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:43:12.0309 6048 b06bdrv - ok
19:43:12.0331 6048 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:43:12.0335 6048 b57nd60a - ok
19:43:12.0350 6048 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:43:12.0351 6048 Beep - ok
19:43:12.0388 6048 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:43:12.0389 6048 blbdrive - ok
19:43:12.0417 6048 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:43:12.0419 6048 bowser - ok
19:43:12.0426 6048 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:43:12.0428 6048 BrFiltLo - ok
19:43:12.0434 6048 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:43:12.0435 6048 BrFiltUp - ok
19:43:12.0456 6048 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:43:12.0461 6048 Brserid - ok
19:43:12.0468 6048 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:43:12.0470 6048 BrSerWdm - ok
19:43:12.0477 6048 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:43:12.0478 6048 BrUsbMdm - ok
19:43:12.0485 6048 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:43:12.0486 6048 BrUsbSer - ok
19:43:12.0498 6048 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:43:12.0499 6048 BTHMODEM - ok
19:43:12.0518 6048 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:43:12.0520 6048 cdfs - ok
19:43:12.0537 6048 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:43:12.0539 6048 cdrom - ok
19:43:12.0554 6048 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:43:12.0556 6048 circlass - ok
19:43:12.0582 6048 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:43:12.0586 6048 CLFS - ok
19:43:12.0646 6048 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:43:12.0647 6048 CmBatt - ok
19:43:12.0661 6048 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:43:12.0662 6048 cmdide - ok
19:43:12.0701 6048 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:43:12.0706 6048 CNG - ok
19:43:12.0722 6048 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:43:12.0724 6048 Compbatt - ok
19:43:12.0748 6048 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:43:12.0749 6048 CompositeBus - ok
19:43:12.0774 6048 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:43:12.0775 6048 crcdisk - ok
19:43:12.0812 6048 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:43:12.0814 6048 DfsC - ok
19:43:12.0827 6048 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:43:12.0829 6048 discache - ok
19:43:12.0848 6048 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:43:12.0849 6048 Disk - ok
19:43:12.0879 6048 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:43:12.0880 6048 drmkaud - ok
19:43:12.0914 6048 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:43:12.0921 6048 DXGKrnl - ok
19:43:12.0992 6048 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:43:13.0102 6048 ebdrv - ok
19:43:13.0127 6048 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:43:13.0145 6048 elxstor - ok
19:43:13.0159 6048 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:43:13.0160 6048 ErrDev - ok
19:43:13.0175 6048 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:43:13.0180 6048 exfat - ok
19:43:13.0199 6048 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:43:13.0203 6048 fastfat - ok
19:43:13.0218 6048 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:43:13.0220 6048 fdc - ok
19:43:13.0239 6048 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:43:13.0240 6048 FileInfo - ok
19:43:13.0254 6048 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:43:13.0256 6048 Filetrace - ok
19:43:13.0278 6048 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:43:13.0280 6048 flpydisk - ok
19:43:13.0301 6048 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:43:13.0305 6048 FltMgr - ok
19:43:13.0322 6048 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:43:13.0324 6048 FsDepends - ok
19:43:13.0335 6048 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:43:13.0336 6048 Fs_Rec - ok
19:43:13.0351 6048 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:43:13.0354 6048 fvevol - ok
19:43:13.0367 6048 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:43:13.0369 6048 gagp30kx - ok
19:43:13.0418 6048 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:43:13.0420 6048 GEARAspiWDM - ok
19:43:13.0449 6048 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:43:13.0452 6048 hcw85cir - ok
19:43:13.0493 6048 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:43:13.0502 6048 HdAudAddService - ok
19:43:13.0523 6048 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:43:13.0525 6048 HDAudBus - ok
19:43:13.0534 6048 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:43:13.0535 6048 HidBatt - ok
19:43:13.0545 6048 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:43:13.0548 6048 HidBth - ok
19:43:13.0564 6048 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:43:13.0566 6048 HidIr - ok
19:43:13.0596 6048 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:43:13.0598 6048 HidUsb - ok
19:43:13.0619 6048 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:43:13.0623 6048 HpSAMD - ok
19:43:13.0655 6048 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:43:13.0673 6048 HTTP - ok
19:43:13.0688 6048 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:43:13.0689 6048 hwpolicy - ok
19:43:13.0717 6048 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:43:13.0719 6048 i8042prt - ok
19:43:13.0748 6048 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:43:13.0766 6048 iaStorV - ok
19:43:13.0783 6048 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:43:13.0786 6048 iirsp - ok
19:43:13.0919 6048 IntcAzAudAddService (0b21b66574e5478fa10cca2d36694c2d) C:\Windows\system32\drivers\RTKVHD64.sys
19:43:13.0943 6048 IntcAzAudAddService - ok
19:43:13.0953 6048 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:43:13.0955 6048 intelide - ok
19:43:13.0983 6048 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
19:43:13.0985 6048 intelppm - ok
19:43:14.0003 6048 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:43:14.0005 6048 IpFilterDriver - ok
19:43:14.0014 6048 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:43:14.0015 6048 IPMIDRV - ok
19:43:14.0023 6048 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:43:14.0025 6048 IPNAT - ok
19:43:14.0051 6048 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:43:14.0052 6048 IRENUM - ok
19:43:14.0065 6048 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:43:14.0067 6048 isapnp - ok
19:43:14.0087 6048 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:43:14.0091 6048 iScsiPrt - ok
19:43:14.0137 6048 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:43:14.0139 6048 kbdclass - ok
19:43:14.0165 6048 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:43:14.0169 6048 kbdhid - ok
19:43:14.0212 6048 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:43:14.0229 6048 KSecDD - ok
19:43:14.0255 6048 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:43:14.0260 6048 KSecPkg - ok
19:43:14.0276 6048 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:43:14.0278 6048 ksthunk - ok
19:43:14.0324 6048 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:43:14.0326 6048 lltdio - ok
19:43:14.0348 6048 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:43:14.0351 6048 LSI_FC - ok
19:43:14.0363 6048 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:43:14.0366 6048 LSI_SAS - ok
19:43:14.0381 6048 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:43:14.0384 6048 LSI_SAS2 - ok
19:43:14.0400 6048 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:43:14.0403 6048 LSI_SCSI - ok
19:43:14.0422 6048 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:43:14.0425 6048 luafv - ok
19:43:14.0438 6048 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:43:14.0440 6048 megasas - ok
19:43:14.0461 6048 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:43:14.0465 6048 MegaSR - ok
19:43:14.0488 6048 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:43:14.0490 6048 Modem - ok
19:43:14.0517 6048 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:43:14.0518 6048 monitor - ok
19:43:14.0530 6048 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:43:14.0531 6048 mouclass - ok
19:43:14.0551 6048 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:43:14.0553 6048 mouhid - ok
19:43:14.0570 6048 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:43:14.0572 6048 mountmgr - ok
19:43:14.0590 6048 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:43:14.0593 6048 mpio - ok
19:43:14.0611 6048 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:43:14.0613 6048 mpsdrv - ok
19:43:14.0631 6048 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:43:14.0634 6048 MRxDAV - ok
19:43:14.0653 6048 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:43:14.0656 6048 mrxsmb - ok
19:43:14.0675 6048 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:43:14.0679 6048 mrxsmb10 - ok
19:43:14.0693 6048 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:43:14.0696 6048 mrxsmb20 - ok
19:43:14.0712 6048 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:43:14.0714 6048 msahci - ok
19:43:14.0727 6048 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:43:14.0731 6048 msdsm - ok
19:43:14.0779 6048 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:43:14.0780 6048 Msfs - ok
19:43:14.0791 6048 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:43:14.0792 6048 mshidkmdf - ok
19:43:14.0807 6048 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:43:14.0808 6048 msisadrv - ok
19:43:14.0832 6048 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:43:14.0834 6048 MSKSSRV - ok
19:43:14.0855 6048 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:43:14.0857 6048 MSPCLOCK - ok
19:43:14.0868 6048 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:43:14.0869 6048 MSPQM - ok
19:43:14.0888 6048 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:43:14.0893 6048 MsRPC - ok
19:43:14.0918 6048 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:43:14.0919 6048 mssmbios - ok
19:43:14.0936 6048 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:43:14.0938 6048 MSTEE - ok
19:43:14.0952 6048 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:43:14.0954 6048 MTConfig - ok
19:43:14.0971 6048 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:43:14.0973 6048 Mup - ok
19:43:15.0001 6048 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:43:15.0006 6048 NativeWifiP - ok
19:43:15.0041 6048 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:43:15.0059 6048 NDIS - ok
19:43:15.0103 6048 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:43:15.0105 6048 NdisCap - ok
19:43:15.0125 6048 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:43:15.0127 6048 NdisTapi - ok
19:43:15.0136 6048 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:43:15.0139 6048 Ndisuio - ok
19:43:15.0178 6048 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:43:15.0185 6048 NdisWan - ok
19:43:15.0257 6048 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:43:15.0274 6048 NDProxy - ok
19:43:15.0313 6048 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:43:15.0327 6048 NetBIOS - ok
19:43:15.0361 6048 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:43:15.0366 6048 NetBT - ok
19:43:15.0433 6048 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:43:15.0435 6048 nfrd960 - ok
19:43:15.0451 6048 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:43:15.0453 6048 Npfs - ok
19:43:15.0466 6048 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:43:15.0467 6048 nsiproxy - ok
19:43:15.0531 6048 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:43:15.0567 6048 Ntfs - ok
19:43:15.0578 6048 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:43:15.0579 6048 Null - ok
19:43:15.0617 6048 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:43:15.0619 6048 nusb3hub - ok
19:43:15.0637 6048 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:43:15.0642 6048 nusb3xhc - ok
19:43:15.0682 6048 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:43:15.0686 6048 nvraid - ok
19:43:15.0701 6048 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:43:15.0705 6048 nvstor - ok
19:43:15.0722 6048 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:43:15.0726 6048 nv_agp - ok
19:43:15.0735 6048 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:43:15.0737 6048 ohci1394 - ok
19:43:15.0763 6048 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:43:15.0766 6048 Parport - ok
19:43:15.0783 6048 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:43:15.0785 6048 partmgr - ok
19:43:15.0808 6048 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:43:15.0811 6048 pci - ok
19:43:15.0826 6048 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:43:15.0826 6048 pciide - ok
19:43:15.0847 6048 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:43:15.0851 6048 pcmcia - ok
19:43:15.0873 6048 PCTBD (7b92f2574a45a99da507a153c7920e8a) C:\Windows\system32\Drivers\PCTBD64.sys
19:43:15.0874 6048 PCTBD - ok
19:43:15.0924 6048 PCTCore (d48bd0ff27afb97005b33c9b6d26da3f) C:\Windows\system32\drivers\PCTCore64.sys
19:43:15.0944 6048 PCTCore - ok
19:43:15.0985 6048 pctDS (1335454528adfa13e1d3c4fa3fdbdc42) C:\Windows\system32\drivers\pctDS64.sys
19:43:15.0997 6048 pctDS - ok
19:43:16.0026 6048 pctEFA (df2a2505f17319dada4b204688cec0c2) C:\Windows\system32\drivers\pctEFA64.sys
19:43:16.0052 6048 pctEFA - ok
19:43:16.0080 6048 pctgntdi (c99a3ee29f23a5d61bd127b48ac9a64e) C:\Windows\System32\drivers\pctgntdi64.sys
19:43:16.0085 6048 pctgntdi - ok
19:43:16.0107 6048 pctplsg (73ed285bdce37b3ab69cc5a371bf3010) C:\Windows\System32\drivers\pctplsg64.sys
19:43:16.0109 6048 pctplsg - ok
19:43:16.0139 6048 PCTSD (13635ffcaeebddbe2ca93b1218d8331f) C:\Windows\system32\Drivers\PCTSD64.sys
19:43:16.0142 6048 PCTSD - ok
19:43:16.0162 6048 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:43:16.0163 6048 pcw - ok
19:43:16.0210 6048 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:43:16.0229 6048 PEAUTH - ok
19:43:16.0307 6048 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:43:16.0310 6048 PptpMiniport - ok
19:43:16.0329 6048 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:43:16.0332 6048 Processor - ok
19:43:16.0366 6048 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:43:16.0369 6048 Psched - ok
19:43:16.0404 6048 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:43:16.0431 6048 ql2300 - ok
19:43:16.0452 6048 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:43:16.0456 6048 ql40xx - ok
19:43:16.0475 6048 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:43:16.0478 6048 QWAVEdrv - ok
19:43:16.0490 6048 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:43:16.0492 6048 RasAcd - ok
19:43:16.0517 6048 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:43:16.0519 6048 RasAgileVpn - ok
19:43:16.0539 6048 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:43:16.0543 6048 Rasl2tp - ok
19:43:16.0558 6048 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:43:16.0561 6048 RasPppoe - ok
19:43:16.0600 6048 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:43:16.0602 6048 RasSstp - ok
19:43:16.0620 6048 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:43:16.0626 6048 rdbss - ok
19:43:16.0643 6048 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:43:16.0646 6048 rdpbus - ok
19:43:16.0661 6048 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:43:16.0662 6048 RDPCDD - ok
19:43:16.0684 6048 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:43:16.0686 6048 RDPENCDD - ok
19:43:16.0703 6048 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:43:16.0704 6048 RDPREFMP - ok
19:43:16.0731 6048 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:43:16.0735 6048 RDPWD - ok
19:43:16.0762 6048 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:43:16.0766 6048 rdyboost - ok
19:43:16.0807 6048 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:43:16.0810 6048 rspndr - ok
19:43:16.0845 6048 RTHDMIAzAudService (c618475866f6a7129f64a55961c1bb8b) C:\Windows\system32\drivers\RtHDMIVX.sys
19:43:16.0849 6048 RTHDMIAzAudService - ok
19:43:16.0893 6048 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:43:16.0903 6048 RTL8167 - ok
19:43:16.0962 6048 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:43:16.0964 6048 sbp2port - ok
19:43:16.0995 6048 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:43:16.0997 6048 scfilter - ok
19:43:17.0050 6048 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:43:17.0052 6048 secdrv - ok
19:43:17.0081 6048 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:43:17.0082 6048 Serenum - ok
19:43:17.0105 6048 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:43:17.0108 6048 Serial - ok
19:43:17.0126 6048 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:43:17.0128 6048 sermouse - ok
19:43:17.0147 6048 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:43:17.0149 6048 sffdisk - ok
19:43:17.0157 6048 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:43:17.0159 6048 sffp_mmc - ok
19:43:17.0168 6048 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:43:17.0170 6048 sffp_sd - ok
19:43:17.0179 6048 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:43:17.0181 6048 sfloppy - ok
19:43:17.0203 6048 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:43:17.0206 6048 SiSRaid2 - ok
19:43:17.0219 6048 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:43:17.0223 6048 SiSRaid4 - ok
19:43:17.0239 6048 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:43:17.0243 6048 Smb - ok
19:43:17.0270 6048 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:43:17.0272 6048 spldr - ok
19:43:17.0309 6048 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:43:17.0315 6048 srv - ok
19:43:17.0335 6048 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:43:17.0341 6048 srv2 - ok
19:43:17.0353 6048 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:43:17.0355 6048 srvnet - ok
19:43:17.0383 6048 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:43:17.0384 6048 stexstor - ok
19:43:17.0407 6048 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:43:17.0408 6048 swenum - ok
19:43:17.0467 6048 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:43:17.0502 6048 Tcpip - ok
19:43:17.0549 6048 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:43:17.0559 6048 TCPIP6 - ok
19:43:17.0572 6048 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:43:17.0574 6048 tcpipreg - ok
19:43:17.0591 6048 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:43:17.0592 6048 TDPIPE - ok
19:43:17.0599 6048 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:43:17.0601 6048 TDTCP - ok
19:43:17.0622 6048 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:43:17.0624 6048 tdx - ok
19:43:17.0638 6048 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
19:43:17.0639 6048 TermDD - ok
19:43:17.0664 6048 TfFsMon (9cd5c339754e2310790ca27dbbd31f88) C:\Windows\system32\drivers\TfFsMon.sys
19:43:17.0665 6048 TfFsMon - ok
19:43:17.0675 6048 TfNetMon (00809507fafa1be93dbbace5029f27bb) C:\Windows\system32\drivers\TfNetMon.sys
19:43:17.0676 6048 TfNetMon - ok
19:43:17.0699 6048 TFSysMon (3593a7b1264fba24fe9e097a99b3e848) C:\Windows\system32\drivers\TfSysMon.sys
19:43:17.0716 6048 TFSysMon - ok
19:43:17.0736 6048 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:43:17.0738 6048 tssecsrv - ok
19:43:17.0745 6048 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:43:17.0747 6048 TsUsbFlt - ok
19:43:17.0763 6048 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:43:17.0765 6048 TsUsbGD - ok
19:43:17.0797 6048 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:43:17.0802 6048 tunnel - ok
19:43:17.0825 6048 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:43:17.0830 6048 uagp35 - ok
19:43:17.0858 6048 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:43:17.0869 6048 udfs - ok
19:43:17.0907 6048 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:43:17.0909 6048 uliagpkx - ok
19:43:17.0932 6048 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:43:17.0934 6048 umbus - ok
19:43:17.0943 6048 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:43:17.0944 6048 UmPass - ok
19:43:17.0986 6048 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:43:17.0989 6048 USBAAPL64 - ok
19:43:18.0017 6048 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
19:43:18.0020 6048 usbccgp - ok
19:43:18.0045 6048 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:43:18.0048 6048 usbcir - ok
19:43:18.0069 6048 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:43:18.0071 6048 usbehci - ok
19:43:18.0090 6048 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:43:18.0096 6048 usbhub - ok
19:43:18.0113 6048 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:43:18.0115 6048 usbohci - ok
19:43:18.0135 6048 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:43:18.0138 6048 usbprint - ok
19:43:18.0166 6048 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:43:18.0169 6048 USBSTOR - ok
19:43:18.0187 6048 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:43:18.0190 6048 usbuhci - ok
19:43:18.0214 6048 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:43:18.0216 6048 vdrvroot - ok
19:43:18.0227 6048 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:43:18.0229 6048 vga - ok
19:43:18.0241 6048 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:43:18.0243 6048 VgaSave - ok
19:43:18.0261 6048 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:43:18.0266 6048 vhdmp - ok
19:43:18.0278 6048 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:43:18.0280 6048 viaide - ok
19:43:18.0300 6048 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:43:18.0302 6048 volmgr - ok
19:43:18.0324 6048 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:43:18.0331 6048 volmgrx - ok
19:43:18.0354 6048 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:43:18.0375 6048 volsnap - ok
19:43:18.0398 6048 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:43:18.0402 6048 vsmraid - ok
19:43:18.0421 6048 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:43:18.0423 6048 vwifibus - ok
19:43:18.0445 6048 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:43:18.0447 6048 WacomPen - ok
19:43:18.0470 6048 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:43:18.0473 6048 WANARP - ok
19:43:18.0477 6048 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:43:18.0479 6048 Wanarpv6 - ok
19:43:18.0513 6048 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:43:18.0515 6048 Wd - ok
19:43:18.0538 6048 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:43:18.0556 6048 Wdf01000 - ok
19:43:18.0601 6048 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:43:18.0602 6048 WfpLwf - ok
19:43:18.0620 6048 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:43:18.0623 6048 WIMMount - ok
19:43:18.0687 6048 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:43:18.0692 6048 WinUsb - ok
19:43:18.0709 6048 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:43:18.0712 6048 WmiAcpi - ok
19:43:18.0739 6048 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:43:18.0741 6048 ws2ifsl - ok
19:43:18.0759 6048 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:43:18.0761 6048 WudfPf - ok
19:43:18.0778 6048 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:43:18.0781 6048 WUDFRd - ok
19:43:18.0800 6048 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:43:18.0824 6048 \Device\Harddisk0\DR0 - ok
19:43:18.0826 6048 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:43:18.0935 6048 \Device\Harddisk1\DR1 - ok
19:43:18.0939 6048 Boot (0x1200) (6e036a36ba430f1675d9b6e68b50d7c3) \Device\Harddisk0\DR0\Partition0
19:43:18.0940 6048 \Device\Harddisk0\DR0\Partition0 - ok
19:43:18.0957 6048 Boot (0x1200) (4c553675056e537887e1b2980fdc48e9) \Device\Harddisk1\DR1\Partition0
19:43:18.0957 6048 \Device\Harddisk1\DR1\Partition0 - ok
19:43:18.0958 6048 ============================================================
19:43:18.0958 6048 Scan finished
19:43:18.0958 6048 ============================================================
19:43:18.0965 6040 Detected object count: 0
19:43:18.0965 6040 Actual detected object count: 0


MBR Log

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-26 19:45:20
-----------------------------
19:45:20.870 OS Version: Windows x64 6.1.7601 Service Pack 1
19:45:20.870 Number of processors: 3 586 0x402
19:45:20.871 ComputerName: BEN-PC UserName: Ben
19:45:22.950 Initialize success
19:45:45.245 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:45:45.249 Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 3
19:45:45.255 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-8
19:45:45.260 Disk 1 Vendor: Maxtor_6L200S0 BACE1G10 Size: 194481MB BusType: 3
19:45:45.272 Disk 0 MBR read successfully
19:45:45.277 Disk 0 MBR scan
19:45:45.281 Disk 0 Windows 7 default MBR code
19:45:45.284 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610477 MB offset 63
19:45:45.297 Disk 0 scanning C:\Windows\system32\drivers
19:45:48.549 Service scanning
19:46:11.098 Modules scanning
19:46:11.115 Disk 0 trace - called modules:
19:46:11.146 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:46:11.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079b3790]
19:46:11.482 3 CLASSPNP.SYS[fffff88001b7643f] -> nt!IofCallDriver -> [0xfffffa80079b27b0]
19:46:11.494 5 PCTCore64.sys[fffff8800117bf38] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006b2b060]
19:46:11.506 Scan finished successfully
19:46:26.959 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Documents\MBR.dat"
19:46:26.963 The log file has been saved successfully to "C:\Users\Ben\Documents\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   592bytes   1 downloads

Edited by prescben, 26 February 2012 - 07:50 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 AM

Posted 27 February 2012 - 09:40 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#7 prescben

prescben
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 27 February 2012 - 08:05 PM

Hello Nasdaq,

The ComboFix.txt file is below. Sorry for the delay in getting back to you.

ComboFix.txt

ComboFix 12-02-27.02 - Ben 02/27/2012 19:50:45.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6691 [GMT -5:00]
Running from: c:\users\Ben\Downloads\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 00:54 . 2012-02-28 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-20 02:33 . 2012-02-20 02:33 -------- d-----w- c:\users\Ben\AppData\Roaming\Malwarebytes
2012-02-20 02:33 . 2012-02-20 02:33 -------- d-----w- c:\programdata\Malwarebytes
2012-02-20 02:33 . 2012-02-20 02:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-20 02:33 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-18 14:21 . 2012-02-18 14:21 -------- d-----w- c:\program files (x86)\ESET
2012-02-18 01:29 . 2012-02-18 01:29 -------- d-----w- c:\users\Ben\AppData\Roaming\PCTools
2012-02-18 00:27 . 2012-02-18 00:27 -------- d-----r- c:\users\Ben\New Briefcase
2012-02-17 02:11 . 2012-02-17 02:11 -------- d-----w- c:\program files (x86)\Atari
2012-02-14 22:17 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-02-14 22:17 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-14 22:17 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-14 22:17 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-14 22:17 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-14 00:06 . 2012-02-14 00:06 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-14 00:06 . 2012-02-14 00:06 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-14 00:06 . 2012-02-14 00:06 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-14 00:06 . 2012-02-14 00:06 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-13 03:16 . 2012-02-15 22:53 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-13 03:15 . 2012-02-13 03:15 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-02-12 16:05 . 2012-02-12 16:05 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-12 16:05 . 2012-02-12 16:05 -------- d-----w- c:\users\Ben\AppData\Local\PunkBuster
2012-02-12 16:05 . 2012-02-15 23:13 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-11 21:34 . 2012-02-11 21:34 -------- d-----w- c:\users\Ben\AppData\Local\Fallout3
2012-02-11 21:33 . 2012-02-11 21:33 -------- d-----w- c:\windows\SysWow64\xlive
2012-02-11 21:33 . 2012-02-11 21:33 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-02-06 22:14 . 2012-02-06 22:14 -------- d-----w- c:\program files (x86)\Freelancer Companion
2012-02-04 20:14 . 2012-02-04 20:14 -------- d-----w- c:\program files (x86)\Freelancer Mod Manager
2012-01-29 19:06 . 2012-01-29 19:06 -------- d-----w- c:\program files (x86)\BiniQDU
2012-01-29 19:06 . 2012-01-29 19:06 286720 ------w- c:\windows\Setup1.exe
2012-01-29 19:06 . 2012-01-29 19:06 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-01-29 19:04 . 2012-01-29 19:46 -------- d-----w- c:\users\Ben\.jedit
2012-01-29 19:03 . 2012-01-29 19:04 -------- d-----w- c:\program files\jEdit
2012-01-29 17:34 . 2012-01-29 17:34 -------- d-----w- c:\users\Ben\AppData\Local\Freelancer
2012-01-29 17:21 . 2012-02-04 20:34 -------- d-----w- c:\program files (x86)\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 05:02 . 2012-01-19 05:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-16 21:28 . 2012-01-25 02:15 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-01-16 21:28 . 2012-01-25 02:15 2246608 ----a-w- c:\windows\PCTBDCore.dll
2012-01-16 21:28 . 2012-01-25 02:15 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-01-16 21:28 . 2012-01-25 02:15 767952 ----a-w- c:\windows\BDTSupport.dll
2012-01-11 21:19 . 2012-01-25 02:15 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-01-11 21:19 . 2011-12-18 05:08 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-01-11 21:17 . 2012-01-25 02:15 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-01-11 21:14 . 2012-01-25 02:15 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-01-11 21:14 . 2012-01-25 02:15 339608 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-01-11 19:56 . 2012-01-25 02:16 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-01-11 19:56 . 2012-01-25 02:16 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-01-11 19:56 . 2012-01-25 02:16 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-01-09 04:01 . 2012-01-09 04:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-06 05:15 . 2012-01-24 13:57 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A66E4C7-D610-4458-8D03-11050FC9FCF3}\mpengine.dll
2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-11-10 03:16 778752 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2011-11-10 03:15 933888 ----a-w- c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-12-06 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-12-06 03:06 6159872 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-12-06 03:04 . 2011-12-06 03:04 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-12-06 03:04 . 2011-12-06 03:04 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-12-06 03:03 . 2011-12-06 03:03 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-12-06 03:03 . 2011-12-06 03:03 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-12-06 03:03 . 2011-12-06 03:03 17580544 ----a-w- c:\windows\system32\amdocl64.dll
2011-12-06 03:03 . 2011-12-06 03:03 14499328 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2011-11-10 02:51 7520768 ----a-w- c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-12-06 02:39 4072960 ----a-w- c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-11-10 02:33 5919232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-11-10 02:29 4206592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-12-06 02:24 7511040 ----a-w- c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2011-04-20 06:27 58880 ----a-w- c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2011-12-06 02:13 509952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 327168 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2011-11-10 02:11 42496 ----a-w- c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-12-06 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-12-06 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-11-10 02:11 29696 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-12-01 21:07 . 2012-01-25 02:12 1096688 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-12-01 21:07 . 2012-01-25 02:12 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-18 1242448]
"Spotify"="c:\users\Ben\AppData\Roaming\Spotify\Spotify.exe" [2012-02-02 4009648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-01-11 402336]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-01-16 546768]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-14807378-1664203960-260147632-1001Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 03:57]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-14807378-1664203960-260147632-1001UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 03:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\axje4tvu.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-27 19:56:16
ComboFix-quarantined-files.txt 2012-02-28 00:56
.
Pre-Run: 420,943,474,688 bytes free
Post-Run: 420,888,133,632 bytes free
.
- - End Of File - - 5935353FCF9F063FCEDB3309F695EA36

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 AM

Posted 28 February 2012 - 08:45 AM

All your logs are clean.

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what issues are persisting on this computer.

#9 prescben

prescben
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 28 February 2012 - 05:34 PM

Log is below. I didn't re-enable Spyware Doctor or the Windows Firewall yet as I wasn't sure if you were going to have me do anything with Combo Fix. I'm re-enabling now.

Thanks!
Ben

Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ESET Online Scanner v3
PC Tools Spyware Doctor with AntiVirus 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

PC Tools Spyware Doctor with AntiVirus 9.0
Java™ 6 Update 30
Adobe Flash Player 11.1.102.55
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 AM

Posted 29 February 2012 - 08:23 AM

Looking good.

Any remaining issues with this computer?

#11 prescben

prescben
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 29 February 2012 - 09:13 AM

Strangely, no. Since de-activating and re-activating Spyware Doctor I can now run through virus scans, Windows Explorer doesn't hang anymore, and I'm able to download programs like ESET and DDS from the computer (something I wasn't able to do prior...). Virus Scans from MBAM and Spyware Doctor are also coming up clean, so I guess we're good. Very sorry to waste your time, as I don't think any of the utilities that were run actually made any changes...

Thanks for the help, though! I really appreciate it!
Ben

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 AM

Posted 29 February 2012 - 10:08 AM

Good!

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 AM

Posted 06 March 2012 - 11:12 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users