Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Being redirect on Chrome


  • This topic is locked This topic is locked
21 replies to this topic

#1 truCido

truCido

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 20 February 2012 - 07:52 AM

I'm having an issue with a friends computer. When she browses google on chrome (she only uses Chrome and I did some brief browsing with IE and I didn't seem to get redirected but it did take a while to happen in Chrome) sometimes she gets redirected to a page that looks a lot like Facebook and asks for personal details. I've fully updated and ran a full scan using Malwarebytes AntiMalware which turned up nothing.

I also ran ComboFix and here is a log:

ComboFix 12-02-17.02 - Mummy 18/02/2012 23:00:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3895.2649 [GMT 0:00]
Running from: c:\users\Mummy\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mummy\Documents\~WRL1763.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))
.
.
2012-02-18 23:04 . 2012-02-18 23:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-17 21:16 . 2012-02-17 21:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E229080F-1532-4CFC-8AFD-1B35C3B8C016}\offreg.dll
2012-02-17 20:37 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E229080F-1532-4CFC-8AFD-1B35C3B8C016}\mpengine.dll
2012-02-16 18:02 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 18:02 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 18:02 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 18:02 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 18:02 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 18:02 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 18:02 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 18:02 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 00:52 . 2011-03-11 21:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-18 20:00 . 2011-04-29 18:52 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-15 11:18 . 2011-12-15 11:18 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-14 08:51 . 2011-06-11 20:09 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24 . 2011-03-11 22:45 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 19:34 . 2011-03-11 11:55 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-28 18:01 . 2011-03-11 22:37 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-03-11 22:37 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-03-11 22:37 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-03-11 22:37 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-03-11 22:37 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-03-11 22:37 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-03-11 22:37 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-03-11 22:37 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-03-11 22:37 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-25 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-02 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-04 21:19]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-04 21:19]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896294659-1784487941-2615415124-1000Core.job
- c:\users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 21:19]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896294659-1784487941-2615415124-1000UA.job
- c:\users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 21:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-18 23:06:08
ComboFix-quarantined-files.txt 2012-02-18 23:06
.
Pre-Run: 29,533,179,904 bytes free
Post-Run: 29,318,549,504 bytes free
.
- - End Of File - - E95C73ACC53AB5C9FD0F952D84C6545C

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:37 PM

Posted 21 February 2012 - 02:49 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:37 PM

Posted 24 February 2012 - 12:44 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:37 PM

Posted 27 February 2012 - 12:40 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:37 PM

Posted 04 March 2012 - 08:17 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 truCido

truCido
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 05 March 2012 - 05:06 AM

Thanks for re-opening gringo! Here's the logs from DDS:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mummy at 23:10:10 on 2012-03-04
.
============== Running Processes ===============
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Mummy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mummy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mummy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mummy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mummy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mummy\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6859B2D7-E641-414C-9B43-91A3D2184203} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6859B2D7-E641-414C-9B43-91A3D2184203}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{6859B2D7-E641-414C-9B43-91A3D2184203}\86F6D656 : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R? amdkmdag;amdkmdag
R? amdkmdap;amdkmdap
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RTL8167;Realtek 8167 NT Driver
R? TsUsbFlt;TsUsbFlt
R? TurboBoost;TurboBoost
R? WatAdminSvc;Windows Activation Technologies Service
R? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
S? AESTFilters;Andrea ST Filters Service
S? AMD External Events Utility;AMD External Events Utility
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? BcmVWL;Broadcom Virtual Wireless
S? btwl2cap;Bluetooth L2CAP Service
S? CtClsFlt;Creative Camera Class Upper Filter Driver
S? DockLoginService;Dock Login Service
S? HECIx64;Intel® Management Engine Interface
S? PxHlpa64;PxHlpa64
S? SftService;SoftThinks Agent Service
S? TurboB;Turbo Boost UI Monitor driver
S? vwififlt;Virtual WiFi Filter Driver
.
=============== Created Last 30 ================
.
2012-03-04 22:56:33 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{662E1A29-7F16-4828-B2C8-F85F9283FA0C}\offreg.dll
2012-03-02 11:49:30 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{662E1A29-7F16-4828-B2C8-F85F9283FA0C}\mpengine.dll
2012-02-19 16:54:47 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-18 22:59:30 98816 ----a-w- C:\windows\sed.exe
2012-02-18 22:59:30 518144 ----a-w- C:\windows\SWREG.exe
2012-02-18 22:59:30 256000 ----a-w- C:\windows\PEV.exe
2012-02-18 22:59:30 208896 ----a-w- C:\windows\MBR.exe
2012-02-16 18:02:44 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-02-16 18:02:43 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-02-16 18:02:28 515584 ----a-w- C:\windows\System32\timedate.cpl
2012-02-16 18:02:28 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2012-02-16 18:02:26 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-02-16 18:02:24 498688 ----a-w- C:\windows\System32\drivers\afd.sys
2012-02-16 18:02:17 634880 ----a-w- C:\windows\System32\msvcrt.dll
2012-02-16 18:02:16 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
.
==================== Find3M ====================
.
2012-03-04 22:56:00 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 05:10:42 279656 ------w- C:\windows\System32\MpSigStub.exe
2011-12-14 07:11:03 2308096 ----a-w- C:\windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-12-10 15:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 23:10:59.96 ===============



.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1
Advanced Audio FX Engine
µTorrent
avast! Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Webcam Central
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
PowerDVD DX
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== End Of File ===========================

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:37 PM

Posted 05 March 2012 - 08:03 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 truCido

truCido
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 06 March 2012 - 02:18 PM

Haven't seen anymore issues. Here's the Combofix log:


ComboFix 12-03-06.01 - Mummy 06/03/2012 19:04:07.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3895.2845 [GMT 0:00]
Running from: c:\users\Mummy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 19:12 . 2012-03-06 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-04 22:56 . 2012-03-04 22:56 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{662E1A29-7F16-4828-B2C8-F85F9283FA0C}\offreg.dll
2012-03-02 11:49 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{662E1A29-7F16-4828-B2C8-F85F9283FA0C}\mpengine.dll
2012-02-16 18:02 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 18:02 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 18:02 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 18:02 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 18:02 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 18:02 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 18:02 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 18:02 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 22:56 . 2011-06-11 20:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 05:10 . 2011-03-11 21:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-18 20:00 . 2011-04-29 18:52 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-15 11:18 . 2011-12-15 11:18 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-10 15:24 . 2011-03-11 22:45 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 19:34 . 2011-03-11 11:55 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-18_23.04.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-02-18 23:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-06 18:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-06 18:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-18 23:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-18 23:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-06 18:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-03-04 22:56 30482 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-11 00:55 . 2012-03-04 22:56 10058 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3896294659-1784487941-2615415124-1000_UserData.bin
+ 2011-02-15 10:56 . 2012-03-04 23:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-15 10:56 . 2012-02-17 21:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-15 10:56 . 2012-03-04 23:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-15 10:56 . 2012-02-17 21:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-04 23:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-17 21:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-02-22 21:13 96016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-20 22:23 . 2012-02-20 22:23 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\42d44cc48edbf4d5b19af6d6afc6cd62\System.Windows.Presentation.ni.dll
+ 2012-02-20 22:23 . 2012-02-20 22:23 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\5c5a54c265c044f359659e6eeff29171\System.Web.ApplicationServices.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\a28951ccb762ff913f976225335d5022\System.Windows.Presentation.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\9d6e5a83184024c95c21b2248ff9afe8\System.Web.ApplicationServices.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6ee107580651a8d528464cc1f86a8c65\System.ServiceModel.Channels.ni.dll
- 2012-02-13 23:17 . 2012-02-17 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-19 16:54 . 2012-03-04 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-19 16:54 . 2012-03-04 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-13 23:17 . 2012-02-17 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-04 22:56 . 2012-03-04 22:56 250016 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
+ 2012-03-04 22:56 . 2012-03-04 22:56 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.dll
+ 2011-03-11 03:21 . 2012-03-06 17:35 273874 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-03-11 14:08 . 2012-03-06 18:41 252808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-02-18 23:29 301632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-13 23:16 301632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-20 22:23 . 2012-02-20 22:23 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\6bdb6c455153a223a2180c883ea5a06c\WindowsFormsIntegration.ni.dll
+ 2012-02-20 22:23 . 2012-02-20 22:23 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\8df6331b51fe3ae5b9d0cf8c582d3f84\UIAutomationClient.ni.dll
+ 2012-02-20 22:23 . 2012-02-20 22:23 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\6afb4b90a21aae2e499f577b92102b85\System.ServiceProcess.ni.dll
+ 2012-02-20 22:23 . 2012-02-20 22:23 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\bfb5e1c0961fe330c89c043a188cc807\System.ServiceModel.Routing.ni.dll
+ 2012-02-20 22:22 . 2012-02-20 22:22 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\671c48760746239f2dfb0b64a7413624\System.ServiceModel.Channels.ni.dll
+ 2012-02-19 21:47 . 2012-02-19 21:47 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\21fa922f90a47d10fd11107efff5ea4f\System.Net.ni.dll
+ 2012-02-19 21:47 . 2012-02-19 21:47 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\c07fc2256ec2210bfd7f7abf1639833e\System.Messaging.ni.dll
+ 2012-02-19 21:47 . 2012-02-19 21:47 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\655c314109b3ab211e13b88d0769651b\System.Management.Instrumentation.ni.dll
+ 2012-02-19 21:47 . 2012-02-19 21:47 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\cf1c0c4152c5548179dd3e2870f25cc4\System.IO.Log.ni.dll
+ 2012-02-19 21:47 . 2012-02-19 21:47 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\d8dc2ea040e12c679b5d779370a19e58\System.IdentityModel.Selectors.ni.dll
+ 2012-02-19 21:47 . 2012-02-19 21:47 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\bc62e3c6c42db6e63c18038e9bac5a5c\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-19 21:47 . 2012-02-19 21:47 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\5373b5adf6f12ca3ac8806827259a986\System.Device.ni.dll
+ 2012-02-19 21:45 . 2012-02-19 21:45 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\938f42c2d694b3935ca890fee7d0c8a7\System.Data.DataSetExtensions.ni.dll
+ 2012-02-19 21:44 . 2012-02-19 21:44 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\cde466cd9b88dc7857c40ac43bf7632c\System.Configuration.Install.ni.dll
+ 2012-02-19 21:44 . 2012-02-19 21:44 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\081bebeff0574ed1969b05eafab5b342\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-19 21:44 . 2012-02-19 21:44 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\e88489a8cc6a68a7ebb4617d1a20e5e7\System.AddIn.ni.dll
+ 2012-02-19 21:44 . 2012-02-19 21:44 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\ba36345815c2011c3f054ebee01a0569\System.Activities.DurableInstancing.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\db262b537b3e126638becbb9e800f6f4\WindowsFormsIntegration.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\65f2715d637bfa0e86efb9be6827a603\UIAutomationClient.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d0c51a642ed9f9815b3c4fdd079fe598\System.ServiceProcess.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f6bb0d89da4631fdfe3ba21bc679abc8\System.ServiceModel.Routing.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\d4ea87b3a293a399d1c9f992844337a0\System.Net.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\34de45dfd565cde0a41693f69699196e\System.Messaging.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\f70f41e97345ba5fdad2c3a2ea2f0bc0\System.Management.Instrumentation.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\b70a65d51c58655ccea84bc52f63b871\System.IO.Log.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\6e851ab472fcdb01e8d2de10b86c744e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-20 22:24 . 2012-02-20 22:24 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\d2136c698861ae4f333a53dbe1375564\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\76dc77aba32960ecb7fbcfc4766799ec\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-20 22:24 . 2012-02-20 22:24 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\7fdcaa0d8edd3616cb00ce49613a0a56\System.Device.ni.dll
+ 2011-06-11 20:07 . 2012-02-18 23:29 1265700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3896294659-1784487941-2615415124-1000-8192.dat
+ 2011-12-13 19:05 . 2012-02-18 23:29 4644608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3896294659-1784487941-2615415124-1000-4096.dat
+ 2012-02-20 22:23 . 2012-02-20 22:23 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\68f44d619637fac197ee6c8ac9f2aec9\UIAutomationClientsideProviders.ni.dll
+ 2012-02-20 22:23 . 2012-02-20 22:23 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\843d0370292b7b124f9b9231f87e8e6a\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-20 22:23 . 2012-02-20 22:23 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\be0e793afecb54a67a688e4528676e70\System.Web.Services.ni.dll
+ 2012-02-20 22:23 . 2012-02-20 22:23 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\ae3a837b63de8d3f3fc63a7bfc16589a\System.Speech.ni.dll
+ 2012-02-20 22:23 . 2012-02-20 22:23 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\aec154cbfb0eec1497fb89ebd6deb344\System.ServiceModel.Discovery.ni.dll
+ 2012-02-20 22:22 . 2012-02-20 22:22 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\80b8b6324a73493227b2672b2d6820d3\System.ServiceModel.Activities.ni.dll
+ 2012-02-19 21:47 . 2012-02-19 21:47 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\15112a35e0e355fc344792e49c41628f\System.Management.ni.dll
+ 2012-02-19 21:47 . 2012-02-19 21:47 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\bffc049b6775c3f6f144917a4387a0be\System.IdentityModel.ni.dll
+ 2012-02-19 21:47 . 2012-02-19 21:47 1217536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\d94ef12e883b2354af26f19ec7e25110\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-19 21:47 . 2012-02-19 21:47 1798656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\6a0bcd0e756819ea795b161d2156e9a8\System.Data.Services.Client.ni.dll
+ 2012-02-19 21:46 . 2012-02-19 21:46 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\1548624d8ec5142825864c5f59be9b49\System.Data.Linq.ni.dll
+ 2012-02-19 21:44 . 2012-02-19 21:44 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\228bb21cab2c9ce2f69d5e24a9352a3f\System.ComponentModel.Composition.ni.dll
+ 2012-02-19 21:44 . 2012-02-19 21:44 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\36f5aa69b510e3aeb24ef402d12c20e0\System.Activities.ni.dll
+ 2012-02-19 21:44 . 2012-02-19 21:44 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\7be5ac01354a0c03d5587607687de1e1\System.Activities.Presentation.ni.dll
+ 2012-02-19 21:44 . 2012-02-19 21:44 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\8d549e47084ec2661c944a1eeb9a2be5\System.Activities.Core.Presentation.ni.dll
+ 2012-02-19 21:44 . 2012-02-19 21:44 4232704 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8d8f46afc9b2b65144f29a609f63398e\ReachFramework.ni.dll
+ 2012-02-19 21:47 . 2012-02-19 21:47 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\f38dbc9d7ebe981a7c22b72dffb4a2af\Microsoft.JScript.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\8d1c73504ed545de5a8aea7885650ab1\UIAutomationClientsideProviders.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\ff09966dc482aa6aba36ab44da40a020\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ecb73a9c862af4bdc7bc5a66bc64a15c\System.Web.Services.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\5ede571ce3e2351e4bd49e7a89d47599\System.Speech.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f5a0d4de131d7a3666e42c65a32902be\System.ServiceModel.Discovery.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\26048ada4992c473f90f5da2ba39a1d6\System.ServiceModel.Activities.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\dbc78bf6ea5ba346651f88cd45febe94\System.Management.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2dc4a022dbe24fda049907ff74054e1b\System.IdentityModel.ni.dll
+ 2012-02-20 22:24 . 2012-02-20 22:24 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\0ffc395d0fd2aaf5d2c142bc30092c02\System.Data.Services.Client.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\82bd448bd064b15cbb8da39b26c477f1\Microsoft.JScript.ni.dll
+ 2012-02-20 22:22 . 2012-02-20 22:22 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\49314ff27e3a21bbb1fb675a295f6571\System.ServiceModel.ni.dll
+ 2012-02-19 21:46 . 2012-02-19 21:46 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\78e35b4bf12ee4833ed720a490e958f2\System.Data.Entity.ni.dll
+ 2012-02-20 22:25 . 2012-02-20 22:25 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\b338e3a94d8eeef4ab507954d4ca4e77\System.ServiceModel.ni.dll
+ 2012-02-20 22:24 . 2012-02-20 22:24 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\76c45d5c3698a2f569ea830e31ac815d\System.Data.Entity.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-25 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-02 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-04 21:19]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-04 21:19]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896294659-1784487941-2615415124-1000Core.job
- c:\users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 21:19]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896294659-1784487941-2615415124-1000UA.job
- c:\users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 21:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-06 19:15:45
ComboFix-quarantined-files.txt 2012-03-06 19:15
ComboFix2.txt 2012-02-18 23:06
.
Pre-Run: 29,725,954,048 bytes free
Post-Run: 29,407,858,688 bytes free
.
- - End Of File - - 1B3A75BE9BEE5AC2F3472F709EEAB473

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:37 PM

Posted 06 March 2012 - 05:11 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 truCido

truCido
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 06 March 2012 - 05:58 PM

Thanks for your help Gringo

tdss killer

22:46:58.0003 6100 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
22:46:58.0134 6100 ============================================================
22:46:58.0134 6100 Current date / time: 2012/03/06 22:46:58.0134
22:46:58.0134 6100 SystemInfo:
22:46:58.0134 6100
22:46:58.0134 6100 OS Version: 6.1.7601 ServicePack: 1.0
22:46:58.0135 6100 Product type: Workstation
22:46:58.0135 6100 ComputerName: OURLAPTOP
22:46:58.0135 6100 UserName: Mummy
22:46:58.0135 6100 Windows directory: C:\windows
22:46:58.0135 6100 System windows directory: C:\windows
22:46:58.0135 6100 Running under WOW64
22:46:58.0135 6100 Processor architecture: Intel x64
22:46:58.0135 6100 Number of processors: 4
22:46:58.0135 6100 Page size: 0x1000
22:46:58.0135 6100 Boot type: Normal boot
22:46:58.0135 6100 ============================================================
22:46:58.0700 6100 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:46:58.0710 6100 \Device\Harddisk0\DR0:
22:46:58.0710 6100 MBR used
22:46:58.0710 6100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
22:46:58.0710 6100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x7530000
22:46:58.0721 6100 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x92AF000, BlocksNum 0x415A8800
22:46:58.0787 6100 Initialize success
22:46:58.0787 6100 ============================================================
22:47:01.0238 3276 ============================================================
22:47:01.0238 3276 Scan started
22:47:01.0238 3276 Mode: Manual;
22:47:01.0238 3276 ============================================================
22:47:01.0675 3276 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
22:47:01.0680 3276 1394ohci - ok
22:47:01.0721 3276 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
22:47:01.0727 3276 ACPI - ok
22:47:01.0750 3276 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
22:47:01.0751 3276 AcpiPmi - ok
22:47:01.0818 3276 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
22:47:01.0828 3276 adp94xx - ok
22:47:01.0893 3276 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
22:47:01.0900 3276 adpahci - ok
22:47:01.0926 3276 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
22:47:01.0930 3276 adpu320 - ok
22:47:02.0012 3276 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
22:47:02.0023 3276 AFD - ok
22:47:02.0049 3276 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
22:47:02.0051 3276 agp440 - ok
22:47:02.0085 3276 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
22:47:02.0087 3276 aliide - ok
22:47:02.0142 3276 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
22:47:02.0144 3276 amdide - ok
22:47:02.0183 3276 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
22:47:02.0186 3276 AmdK8 - ok
22:47:02.0367 3276 amdkmdag (79a11cb10ff02a8425dabbb040249f7d) C:\windows\system32\DRIVERS\atikmdag.sys
22:47:02.0476 3276 amdkmdag - ok
22:47:02.0524 3276 amdkmdap (6f6d47246fbb0cf65619684a0f89179e) C:\windows\system32\DRIVERS\atikmpag.sys
22:47:02.0530 3276 amdkmdap - ok
22:47:02.0561 3276 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
22:47:02.0563 3276 AmdPPM - ok
22:47:02.0620 3276 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
22:47:02.0623 3276 amdsata - ok
22:47:02.0647 3276 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
22:47:02.0651 3276 amdsbs - ok
22:47:02.0669 3276 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
22:47:02.0671 3276 amdxata - ok
22:47:02.0713 3276 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
22:47:02.0716 3276 AppID - ok
22:47:02.0793 3276 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
22:47:02.0796 3276 arc - ok
22:47:02.0820 3276 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
22:47:02.0823 3276 arcsas - ok
22:47:02.0864 3276 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\windows\system32\drivers\aswFsBlk.sys
22:47:02.0866 3276 aswFsBlk - ok
22:47:02.0907 3276 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\windows\system32\drivers\aswMonFlt.sys
22:47:02.0909 3276 aswMonFlt - ok
22:47:02.0938 3276 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\windows\system32\drivers\aswRdr.sys
22:47:02.0940 3276 aswRdr - ok
22:47:02.0978 3276 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\windows\system32\drivers\aswSnx.sys
22:47:02.0989 3276 aswSnx - ok
22:47:03.0033 3276 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\windows\system32\drivers\aswSP.sys
22:47:03.0039 3276 aswSP - ok
22:47:03.0056 3276 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\windows\system32\drivers\aswTdi.sys
22:47:03.0058 3276 aswTdi - ok
22:47:03.0074 3276 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:47:03.0076 3276 AsyncMac - ok
22:47:03.0118 3276 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
22:47:03.0121 3276 atapi - ok
22:47:03.0182 3276 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\windows\system32\drivers\AtiHdmi.sys
22:47:03.0186 3276 AtiHdmiService - ok
22:47:03.0273 3276 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
22:47:03.0282 3276 b06bdrv - ok
22:47:03.0327 3276 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:47:03.0332 3276 b57nd60a - ok
22:47:03.0448 3276 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\windows\system32\DRIVERS\bcmwl664.sys
22:47:03.0497 3276 BCM43XX - ok
22:47:03.0523 3276 BcmVWL (d98f22c21d2969dad4f1faad8cd4faac) C:\windows\system32\DRIVERS\bcmvwl64.sys
22:47:03.0525 3276 BcmVWL - ok
22:47:03.0547 3276 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:47:03.0550 3276 Beep - ok
22:47:03.0595 3276 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
22:47:03.0598 3276 blbdrive - ok
22:47:03.0641 3276 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
22:47:03.0644 3276 bowser - ok
22:47:03.0676 3276 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
22:47:03.0678 3276 BrFiltLo - ok
22:47:03.0699 3276 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
22:47:03.0701 3276 BrFiltUp - ok
22:47:03.0762 3276 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
22:47:03.0766 3276 BridgeMP - ok
22:47:03.0797 3276 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:47:03.0803 3276 Brserid - ok
22:47:03.0824 3276 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:47:03.0827 3276 BrSerWdm - ok
22:47:03.0850 3276 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:47:03.0852 3276 BrUsbMdm - ok
22:47:03.0870 3276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:47:03.0871 3276 BrUsbSer - ok
22:47:03.0928 3276 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
22:47:03.0929 3276 BthEnum - ok
22:47:03.0973 3276 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
22:47:03.0976 3276 BTHMODEM - ok
22:47:04.0028 3276 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
22:47:04.0031 3276 BthPan - ok
22:47:04.0075 3276 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
22:47:04.0084 3276 BTHPORT - ok
22:47:04.0120 3276 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
22:47:04.0122 3276 BTHUSB - ok
22:47:04.0159 3276 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\windows\system32\drivers\btwaudio.sys
22:47:04.0162 3276 btwaudio - ok
22:47:04.0219 3276 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\windows\system32\DRIVERS\btwavdt.sys
22:47:04.0221 3276 btwavdt - ok
22:47:04.0282 3276 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
22:47:04.0283 3276 btwl2cap - ok
22:47:04.0331 3276 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\windows\system32\DRIVERS\btwrchid.sys
22:47:04.0332 3276 btwrchid - ok
22:47:04.0369 3276 catchme - ok
22:47:04.0409 3276 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:47:04.0412 3276 cdfs - ok
22:47:04.0454 3276 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
22:47:04.0458 3276 cdrom - ok
22:47:04.0522 3276 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
22:47:04.0524 3276 circlass - ok
22:47:04.0566 3276 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:47:04.0574 3276 CLFS - ok
22:47:04.0636 3276 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
22:47:04.0637 3276 CmBatt - ok
22:47:04.0680 3276 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
22:47:04.0682 3276 cmdide - ok
22:47:04.0742 3276 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
22:47:04.0751 3276 CNG - ok
22:47:04.0777 3276 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
22:47:04.0778 3276 Compbatt - ok
22:47:04.0807 3276 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
22:47:04.0810 3276 CompositeBus - ok
22:47:04.0846 3276 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
22:47:04.0848 3276 crcdisk - ok
22:47:04.0920 3276 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\windows\system32\DRIVERS\CtClsFlt.sys
22:47:04.0925 3276 CtClsFlt - ok
22:47:04.0982 3276 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
22:47:04.0986 3276 DfsC - ok
22:47:05.0017 3276 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:47:05.0019 3276 discache - ok
22:47:05.0075 3276 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
22:47:05.0078 3276 Disk - ok
22:47:05.0145 3276 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:47:05.0147 3276 drmkaud - ok
22:47:05.0205 3276 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
22:47:05.0223 3276 DXGKrnl - ok
22:47:05.0334 3276 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
22:47:05.0386 3276 ebdrv - ok
22:47:05.0456 3276 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
22:47:05.0466 3276 elxstor - ok
22:47:05.0498 3276 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
22:47:05.0500 3276 ErrDev - ok
22:47:05.0552 3276 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:47:05.0557 3276 exfat - ok
22:47:05.0579 3276 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:47:05.0584 3276 fastfat - ok
22:47:05.0619 3276 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
22:47:05.0621 3276 fdc - ok
22:47:05.0655 3276 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:47:05.0658 3276 FileInfo - ok
22:47:05.0674 3276 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:47:05.0676 3276 Filetrace - ok
22:47:05.0703 3276 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
22:47:05.0705 3276 flpydisk - ok
22:47:05.0743 3276 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
22:47:05.0749 3276 FltMgr - ok
22:47:05.0787 3276 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:47:05.0790 3276 FsDepends - ok
22:47:05.0815 3276 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
22:47:05.0817 3276 Fs_Rec - ok
22:47:05.0858 3276 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
22:47:05.0863 3276 fvevol - ok
22:47:05.0896 3276 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
22:47:05.0898 3276 gagp30kx - ok
22:47:05.0965 3276 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:47:05.0968 3276 hcw85cir - ok
22:47:06.0026 3276 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
22:47:06.0033 3276 HdAudAddService - ok
22:47:06.0068 3276 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
22:47:06.0072 3276 HDAudBus - ok
22:47:06.0119 3276 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
22:47:06.0122 3276 HECIx64 - ok
22:47:06.0142 3276 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
22:47:06.0144 3276 HidBatt - ok
22:47:06.0174 3276 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
22:47:06.0178 3276 HidBth - ok
22:47:06.0212 3276 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
22:47:06.0215 3276 HidIr - ok
22:47:06.0241 3276 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
22:47:06.0243 3276 HidUsb - ok
22:47:06.0282 3276 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
22:47:06.0285 3276 HpSAMD - ok
22:47:06.0344 3276 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
22:47:06.0358 3276 HTTP - ok
22:47:06.0390 3276 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
22:47:06.0392 3276 hwpolicy - ok
22:47:06.0429 3276 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
22:47:06.0432 3276 i8042prt - ok
22:47:06.0472 3276 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\windows\system32\DRIVERS\iaStor.sys
22:47:06.0480 3276 iaStor - ok
22:47:06.0533 3276 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
22:47:06.0542 3276 iaStorV - ok
22:47:06.0846 3276 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys
22:47:07.0110 3276 igfx - ok
22:47:07.0207 3276 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
22:47:07.0210 3276 iirsp - ok
22:47:07.0258 3276 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
22:47:07.0260 3276 intelide - ok
22:47:07.0293 3276 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
22:47:07.0296 3276 intelppm - ok
22:47:07.0358 3276 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:47:07.0361 3276 IpFilterDriver - ok
22:47:07.0410 3276 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
22:47:07.0413 3276 IPMIDRV - ok
22:47:07.0439 3276 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:47:07.0442 3276 IPNAT - ok
22:47:07.0485 3276 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:47:07.0487 3276 IRENUM - ok
22:47:07.0512 3276 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
22:47:07.0514 3276 isapnp - ok
22:47:07.0546 3276 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
22:47:07.0552 3276 iScsiPrt - ok
22:47:07.0591 3276 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
22:47:07.0594 3276 kbdclass - ok
22:47:07.0618 3276 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
22:47:07.0620 3276 kbdhid - ok
22:47:07.0689 3276 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
22:47:07.0693 3276 KSecDD - ok
22:47:07.0713 3276 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
22:47:07.0717 3276 KSecPkg - ok
22:47:07.0739 3276 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:47:07.0741 3276 ksthunk - ok
22:47:07.0806 3276 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:47:07.0809 3276 lltdio - ok
22:47:07.0864 3276 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
22:47:07.0867 3276 LSI_FC - ok
22:47:07.0898 3276 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
22:47:07.0912 3276 LSI_SAS - ok
22:47:07.0932 3276 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:47:07.0935 3276 LSI_SAS2 - ok
22:47:07.0956 3276 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:47:07.0959 3276 LSI_SCSI - ok
22:47:07.0983 3276 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:47:07.0986 3276 luafv - ok
22:47:08.0025 3276 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
22:47:08.0028 3276 megasas - ok
22:47:08.0055 3276 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
22:47:08.0061 3276 MegaSR - ok
22:47:08.0091 3276 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:47:08.0093 3276 Modem - ok
22:47:08.0125 3276 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:47:08.0127 3276 monitor - ok
22:47:08.0156 3276 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:47:08.0158 3276 mouclass - ok
22:47:08.0199 3276 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:47:08.0201 3276 mouhid - ok
22:47:08.0233 3276 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
22:47:08.0235 3276 mountmgr - ok
22:47:08.0312 3276 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
22:47:08.0317 3276 mpio - ok
22:47:08.0356 3276 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:47:08.0358 3276 mpsdrv - ok
22:47:08.0417 3276 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
22:47:08.0421 3276 MRxDAV - ok
22:47:08.0462 3276 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
22:47:08.0466 3276 mrxsmb - ok
22:47:08.0527 3276 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:47:08.0533 3276 mrxsmb10 - ok
22:47:08.0553 3276 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:47:08.0556 3276 mrxsmb20 - ok
22:47:08.0572 3276 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
22:47:08.0575 3276 msahci - ok
22:47:08.0600 3276 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
22:47:08.0603 3276 msdsm - ok
22:47:08.0635 3276 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:47:08.0637 3276 Msfs - ok
22:47:08.0667 3276 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:47:08.0668 3276 mshidkmdf - ok
22:47:08.0689 3276 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
22:47:08.0690 3276 msisadrv - ok
22:47:08.0724 3276 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:47:08.0726 3276 MSKSSRV - ok
22:47:08.0745 3276 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:47:08.0747 3276 MSPCLOCK - ok
22:47:08.0770 3276 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:47:08.0772 3276 MSPQM - ok
22:47:08.0842 3276 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
22:47:08.0859 3276 MsRPC - ok
22:47:08.0897 3276 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
22:47:08.0899 3276 mssmbios - ok
22:47:08.0911 3276 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:47:08.0913 3276 MSTEE - ok
22:47:08.0939 3276 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
22:47:08.0941 3276 MTConfig - ok
22:47:08.0971 3276 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:47:08.0973 3276 Mup - ok
22:47:09.0019 3276 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:47:09.0026 3276 NativeWifiP - ok
22:47:09.0084 3276 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
22:47:09.0101 3276 NDIS - ok
22:47:09.0123 3276 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:47:09.0125 3276 NdisCap - ok
22:47:09.0168 3276 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:47:09.0169 3276 NdisTapi - ok
22:47:09.0200 3276 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
22:47:09.0202 3276 Ndisuio - ok
22:47:09.0236 3276 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
22:47:09.0240 3276 NdisWan - ok
22:47:09.0266 3276 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
22:47:09.0268 3276 NDProxy - ok
22:47:09.0300 3276 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:47:09.0303 3276 NetBIOS - ok
22:47:09.0341 3276 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
22:47:09.0347 3276 NetBT - ok
22:47:09.0412 3276 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
22:47:09.0415 3276 nfrd960 - ok
22:47:09.0442 3276 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:47:09.0445 3276 Npfs - ok
22:47:09.0484 3276 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:47:09.0486 3276 nsiproxy - ok
22:47:09.0554 3276 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
22:47:09.0582 3276 Ntfs - ok
22:47:09.0601 3276 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:47:09.0603 3276 Null - ok
22:47:09.0645 3276 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
22:47:09.0649 3276 nvraid - ok
22:47:09.0673 3276 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
22:47:09.0677 3276 nvstor - ok
22:47:09.0701 3276 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
22:47:09.0704 3276 nv_agp - ok
22:47:09.0731 3276 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
22:47:09.0733 3276 ohci1394 - ok
22:47:09.0795 3276 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
22:47:09.0798 3276 Parport - ok
22:47:09.0832 3276 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
22:47:09.0835 3276 partmgr - ok
22:47:09.0861 3276 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
22:47:09.0865 3276 pci - ok
22:47:09.0889 3276 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
22:47:09.0891 3276 pciide - ok
22:47:09.0916 3276 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
22:47:09.0921 3276 pcmcia - ok
22:47:09.0950 3276 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:47:09.0953 3276 pcw - ok
22:47:09.0984 3276 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:47:09.0996 3276 PEAUTH - ok
22:47:10.0064 3276 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
22:47:10.0068 3276 PptpMiniport - ok
22:47:10.0096 3276 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
22:47:10.0099 3276 Processor - ok
22:47:10.0156 3276 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
22:47:10.0159 3276 Psched - ok
22:47:10.0195 3276 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys
22:47:10.0197 3276 PxHlpa64 - ok
22:47:10.0264 3276 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
22:47:10.0290 3276 ql2300 - ok
22:47:10.0318 3276 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
22:47:10.0322 3276 ql40xx - ok
22:47:10.0345 3276 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:47:10.0348 3276 QWAVEdrv - ok
22:47:10.0367 3276 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:47:10.0370 3276 RasAcd - ok
22:47:10.0407 3276 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:47:10.0409 3276 RasAgileVpn - ok
22:47:10.0443 3276 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
22:47:10.0446 3276 Rasl2tp - ok
22:47:10.0479 3276 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:47:10.0482 3276 RasPppoe - ok
22:47:10.0504 3276 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:47:10.0506 3276 RasSstp - ok
22:47:10.0543 3276 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
22:47:10.0550 3276 rdbss - ok
22:47:10.0570 3276 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
22:47:10.0572 3276 rdpbus - ok
22:47:10.0594 3276 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:47:10.0596 3276 RDPCDD - ok
22:47:10.0632 3276 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:47:10.0634 3276 RDPENCDD - ok
22:47:10.0654 3276 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:47:10.0656 3276 RDPREFMP - ok
22:47:10.0681 3276 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
22:47:10.0686 3276 RDPWD - ok
22:47:10.0740 3276 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
22:47:10.0745 3276 rdyboost - ok
22:47:10.0805 3276 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
22:47:10.0808 3276 RFCOMM - ok
22:47:10.0853 3276 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:47:10.0857 3276 rspndr - ok
22:47:10.0900 3276 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\windows\system32\Drivers\RtsUStor.sys
22:47:10.0906 3276 RSUSBSTOR - ok
22:47:10.0947 3276 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\windows\system32\DRIVERS\Rt64win7.sys
22:47:10.0954 3276 RTL8167 - ok
22:47:10.0994 3276 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
22:47:10.0996 3276 sbp2port - ok
22:47:11.0028 3276 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
22:47:11.0031 3276 scfilter - ok
22:47:11.0076 3276 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:47:11.0078 3276 secdrv - ok
22:47:11.0117 3276 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
22:47:11.0118 3276 Serenum - ok
22:47:11.0141 3276 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
22:47:11.0144 3276 Serial - ok
22:47:11.0179 3276 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
22:47:11.0182 3276 sermouse - ok
22:47:11.0222 3276 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
22:47:11.0224 3276 sffdisk - ok
22:47:11.0251 3276 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
22:47:11.0253 3276 sffp_mmc - ok
22:47:11.0265 3276 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
22:47:11.0267 3276 sffp_sd - ok
22:47:11.0291 3276 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
22:47:11.0293 3276 sfloppy - ok
22:47:11.0345 3276 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:47:11.0348 3276 SiSRaid2 - ok
22:47:11.0374 3276 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
22:47:11.0376 3276 SiSRaid4 - ok
22:47:11.0417 3276 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:47:11.0420 3276 Smb - ok
22:47:11.0459 3276 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:47:11.0461 3276 spldr - ok
22:47:11.0512 3276 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
22:47:11.0522 3276 srv - ok
22:47:11.0550 3276 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
22:47:11.0559 3276 srv2 - ok
22:47:11.0591 3276 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
22:47:11.0596 3276 srvnet - ok
22:47:11.0650 3276 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
22:47:11.0652 3276 stexstor - ok
22:47:11.0702 3276 STHDA (caf5a9708671b14b9670260735b22c4e) C:\windows\system32\DRIVERS\stwrt64.sys
22:47:11.0712 3276 STHDA - ok
22:47:11.0749 3276 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
22:47:11.0750 3276 swenum - ok
22:47:11.0794 3276 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\windows\system32\DRIVERS\SynTP.sys
22:47:11.0801 3276 SynTP - ok
22:47:11.0901 3276 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
22:47:11.0934 3276 Tcpip - ok
22:47:11.0985 3276 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
22:47:12.0008 3276 TCPIP6 - ok
22:47:12.0047 3276 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
22:47:12.0050 3276 tcpipreg - ok
22:47:12.0071 3276 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:47:12.0073 3276 TDPIPE - ok
22:47:12.0097 3276 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
22:47:12.0099 3276 TDTCP - ok
22:47:12.0146 3276 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
22:47:12.0149 3276 tdx - ok
22:47:12.0172 3276 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
22:47:12.0175 3276 TermDD - ok
22:47:12.0226 3276 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
22:47:12.0228 3276 tssecsrv - ok
22:47:12.0267 3276 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
22:47:12.0269 3276 TsUsbFlt - ok
22:47:12.0312 3276 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
22:47:12.0316 3276 tunnel - ok
22:47:12.0348 3276 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\windows\system32\DRIVERS\TurboB.sys
22:47:12.0349 3276 TurboB - ok
22:47:12.0377 3276 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
22:47:12.0380 3276 uagp35 - ok
22:47:12.0416 3276 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
22:47:12.0423 3276 udfs - ok
22:47:12.0456 3276 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
22:47:12.0459 3276 uliagpkx - ok
22:47:12.0509 3276 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
22:47:12.0511 3276 umbus - ok
22:47:12.0541 3276 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
22:47:12.0543 3276 UmPass - ok
22:47:12.0568 3276 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
22:47:12.0571 3276 usbccgp - ok
22:47:12.0597 3276 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
22:47:12.0600 3276 usbcir - ok
22:47:12.0620 3276 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
22:47:12.0623 3276 usbehci - ok
22:47:12.0649 3276 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
22:47:12.0656 3276 usbhub - ok
22:47:12.0681 3276 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
22:47:12.0683 3276 usbohci - ok
22:47:12.0716 3276 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
22:47:12.0718 3276 usbprint - ok
22:47:12.0738 3276 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
22:47:12.0741 3276 USBSTOR - ok
22:47:12.0762 3276 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
22:47:12.0765 3276 usbuhci - ok
22:47:12.0802 3276 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
22:47:12.0807 3276 usbvideo - ok
22:47:12.0836 3276 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
22:47:12.0839 3276 vdrvroot - ok
22:47:12.0878 3276 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:47:12.0881 3276 vga - ok
22:47:12.0903 3276 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:47:12.0905 3276 VgaSave - ok
22:47:12.0942 3276 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
22:47:12.0948 3276 vhdmp - ok
22:47:12.0972 3276 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
22:47:12.0975 3276 viaide - ok
22:47:12.0994 3276 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
22:47:12.0997 3276 volmgr - ok
22:47:13.0033 3276 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
22:47:13.0041 3276 volmgrx - ok
22:47:13.0076 3276 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
22:47:13.0083 3276 volsnap - ok
22:47:13.0115 3276 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
22:47:13.0120 3276 vsmraid - ok
22:47:13.0143 3276 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:47:13.0145 3276 vwifibus - ok
22:47:13.0174 3276 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
22:47:13.0177 3276 vwififlt - ok
22:47:13.0210 3276 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
22:47:13.0212 3276 WacomPen - ok
22:47:13.0246 3276 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:47:13.0249 3276 WANARP - ok
22:47:13.0256 3276 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:47:13.0258 3276 Wanarpv6 - ok
22:47:13.0309 3276 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
22:47:13.0312 3276 Wd - ok
22:47:13.0356 3276 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:47:13.0368 3276 Wdf01000 - ok
22:47:13.0420 3276 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:47:13.0422 3276 WfpLwf - ok
22:47:13.0456 3276 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
22:47:13.0460 3276 WimFltr - ok
22:47:13.0486 3276 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:47:13.0488 3276 WIMMount - ok
22:47:13.0558 3276 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
22:47:13.0561 3276 WinUsb - ok
22:47:13.0609 3276 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
22:47:13.0612 3276 WmiAcpi - ok
22:47:13.0657 3276 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:47:13.0659 3276 ws2ifsl - ok
22:47:13.0709 3276 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
22:47:13.0712 3276 WudfPf - ok
22:47:13.0740 3276 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
22:47:13.0744 3276 WUDFRd - ok
22:47:13.0801 3276 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys
22:47:13.0810 3276 yukonw7 - ok
22:47:13.0859 3276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:47:13.0919 3276 \Device\Harddisk0\DR0 - ok
22:47:13.0924 3276 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
22:47:13.0927 3276 \Device\Harddisk0\DR0\Partition0 - ok
22:47:13.0945 3276 Boot (0x1200) (4baa7e78718d5640af2974dce6838762) \Device\Harddisk0\DR0\Partition1
22:47:13.0947 3276 \Device\Harddisk0\DR0\Partition1 - ok
22:47:13.0963 3276 Boot (0x1200) (94f5bd0d416b336ff7ea50cb98598da6) \Device\Harddisk0\DR0\Partition2
22:47:13.0965 3276 \Device\Harddisk0\DR0\Partition2 - ok
22:47:13.0965 3276 ============================================================
22:47:13.0965 3276 Scan finished
22:47:13.0965 3276 ============================================================
22:47:13.0982 3312 Detected object count: 0
22:47:13.0982 3312 Actual detected object count: 0


aswmbr - it didnt ask about downloading extra definitions


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-06 22:48:22
-----------------------------
22:48:22.596 OS Version: Windows x64 6.1.7601 Service Pack 1
22:48:22.597 Number of processors: 4 586 0x2505
22:48:22.599 ComputerName: OURLAPTOP UserName: Mummy
22:48:22.924 Initialize success
22:48:23.401 AVAST engine defs: 12030600
22:48:35.983 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:48:35.988 Disk 0 Vendor: SAMSUNG_ 2AK1 Size: 610480MB BusType: 3
22:48:36.005 Disk 0 MBR read successfully
22:48:36.010 Disk 0 MBR scan
22:48:36.017 Disk 0 Windows 7 default MBR code
22:48:36.036 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
22:48:36.113 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
22:48:36.148 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 30926848
22:48:36.155 Disk 0 Partition - 00 0F Extended LBA 535378 MB offset 153806848
22:48:36.206 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 535377 MB offset 153808896
22:48:36.281 Disk 0 scanning C:\windows\system32\drivers
22:49:00.604 Service scanning
22:49:18.627 Modules scanning
22:49:18.962 Disk 0 trace - called modules:
22:49:18.984 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:49:18.995 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c05060]
22:49:19.005 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800497a050]
22:49:19.337 AVAST engine scan C:\windows
22:49:21.061 AVAST engine scan C:\windows\system32
22:52:21.238 AVAST engine scan C:\windows\system32\drivers
22:52:38.883 AVAST engine scan C:\Users\Mummy
22:53:46.080 AVAST engine scan C:\ProgramData
22:54:06.948 Scan finished successfully
22:56:00.439 Disk 0 MBR has been saved successfully to "C:\Users\Mummy\Desktop\MBR.dat"
22:56:00.449 The log file has been saved successfully to "C:\Users\Mummy\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:37 PM

Posted 06 March 2012 - 06:45 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 truCido

truCido
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 08 March 2012 - 06:25 PM

Everything seems ok now Gringo and haven't seen the issue again.

ComboFix 12-03-06.01 - Mummy 08/03/2012 23:08:40.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3895.2937 [GMT 0:00]
Running from: c:\users\Mummy\Desktop\ComboFix.exe
Command switches used :: c:\users\Mummy\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 23:16 . 2012-03-08 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 22:50 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6D79CE4-2D79-4434-BE78-B9508D78E733}\mpengine.dll
2012-02-16 18:02 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 18:02 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 18:02 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 18:02 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 18:02 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 18:02 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 18:02 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 18:02 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 22:56 . 2011-06-11 20:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 09:18 . 2011-03-11 21:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-18 20:00 . 2011-04-29 18:52 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-15 11:18 . 2011-12-15 11:18 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-10 15:24 . 2011-03-11 22:45 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-06_19.12.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-06 18:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-08 22:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-06 18:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-08 22:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-08 22:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-06 18:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-11 03:21 . 2012-03-08 23:03 274174 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-03-11 14:08 . 2012-03-08 15:07 252808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-03-11 14:08 . 2012-03-06 18:41 252808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-25 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-02 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 58236693
*NewlyCreated* - ASWMBR
*Deregistered* - 58236693
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-04 21:19]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-04 21:19]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896294659-1784487941-2615415124-1000Core.job
- c:\users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 21:19]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896294659-1784487941-2615415124-1000UA.job
- c:\users\Mummy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 21:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-08 23:20:05
ComboFix-quarantined-files.txt 2012-03-08 23:20
ComboFix2.txt 2012-03-06 19:15
ComboFix3.txt 2012-02-18 23:06
.
Pre-Run: 29,811,941,376 bytes free
Post-Run: 29,623,615,488 bytes free
.
- - End Of File - - A84392D1260066FAA87B3A0E7CC4630A

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:37 PM

Posted 08 March 2012 - 09:38 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1
µTorrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:37 PM

Posted 12 March 2012 - 01:50 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 truCido

truCido
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 13 March 2012 - 10:58 AM

Hi Gringo, sorry I haven't been able to get to the laptop for a few days. I should be able to update tonight :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users