Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus/Win32 Infected/Connection "Times Out"


  • This topic is locked This topic is locked
17 replies to this topic

#1 StarkTheWolf

StarkTheWolf

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 11 March 2012 - 03:38 PM

Hello,

I made a thread about this a few months ago, but by the time I received a response I had already gone back to college and did not have access to my desktop; the old thread was locked. However, my desktop now has a few more issues so I figured it's prudent to make a new thread rather than reactivating the old one.

My desktop has been infected with an insidious Trojan that tries to redirect any Google link I click on the first few times after I search. I use Mozilla as my default browser, and its security add-ons (NoScript and WoT, primarily) have made it so that the virus can't force the URL rerouting. I now also get a "Message from Web Browser" that simply says, "Thanks," along with a yellow/black triangle icon. When I close it out, my computer stalls and eventually freezes. My connection also times out the first few times I try to access a website from my Bookmarks - that isn't to say the page takes a while to load before timing out; rather, it doesn't try to load at all and simply just times out.

I've tried everything to get rid of these problems. I've used multiple anti-virus programs to no avail, including MalwareBytes, AVG, Avast; specialized neutralizers like TDSSKiller haven't worked, either - apparently TDSSKiller can't even find the virus! I've tried with normal reboots, on Safe Mode, and even during the bootup process. I just can't get rid of it. It must be extremely new or extremely embedded.


Thanks for any and all help,

Harry

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 11 March 2012 - 06:38 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 12 March 2012 - 08:22 PM

I've attached the DDS logs. I am running 64-bit Windows so I did not run GMER.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 13 March 2012 - 01:05 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 13 March 2012 - 03:02 AM

Log from ComboFix:

ComboFix 12-03-12.03 - Harry 03/13/2012 2:29.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.5320 [GMT -4:00]
Running from: c:\users\Harry\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
c:\users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk
c:\windows\SysWow64\f3PSSavr.scr
.
---- Previous Run -------
.
c:\program files (x86)\Blinkx
c:\program files (x86)\Blinkx\lang.dll
c:\program files (x86)\Blinkx\templates\beat.ico
c:\program files (x86)\Blinkx\templates\index.html
c:\program files (x86)\Blinkx\templates\noflash.html
c:\program files (x86)\Blinkx\templates\offline.html
c:\program files (x86)\Blinkx\templates\offline.swf
c:\program files (x86)\Blinkx\templates\uninstall.exe
c:\program files (x86)\DealScout
c:\program files (x86)\DealScout\dealscout.crx
c:\program files (x86)\DealScout\uninstall.exe
c:\users\Harry\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 07:02 . 2012-03-13 07:02 -------- d-----w- c:\users\Gary\AppData\Local\temp
2012-03-13 07:02 . 2012-03-13 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 07:02 . 2012-03-13 07:02 -------- d-----w- c:\users\Aksh\AppData\Local\temp
2012-03-12 16:08 . 2012-02-08 07:13 8643640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B03771F-078E-44DB-A76F-BC78DD9D7611}\mpengine.dll
2012-03-10 05:51 . 2012-03-10 05:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-10 05:35 . 2012-03-10 05:35 -------- d-----w- c:\program files\iTunes
2012-03-10 05:35 . 2012-03-10 05:35 -------- d-----w- c:\program files (x86)\iTunes
2012-03-10 05:35 . 2012-03-10 05:35 -------- d-----w- c:\program files\iPod
2012-03-10 00:19 . 2012-03-10 00:19 -------- d-----w- C:\$AVG
2012-02-20 22:52 . 2011-10-12 00:37 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-20 22:52 . 2012-02-20 22:51 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{572A0612-6B57-4D21-BFF0-693728D68CB5}\gapaengine.dll
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 02:13 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 02:13 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 02:13 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 02:13 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 02:13 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 02:13 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 02:13 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 02:13 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 05:51 . 2011-06-29 18:50 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-02 18:12 . 2012-02-29 22:37 1046094 ----a-w- c:\windows\SysWow64\internalList.zip
2012-02-25 21:11 . 2011-04-16 23:29 293510 ----a-w- C:\DUMP534d.tmp
2012-02-08 07:13 . 2011-10-13 01:27 8643640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-03 16:51 . 2011-06-11 03:13 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Facebook Update"="c:\users\Harry\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-6-12 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4078119499-3288300230-806680709-1000Core.job
- c:\users\Harry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 02:48]
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4078119499-3288300230-806680709-1000UA.job
- c:\users\Harry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 02:48]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078119499-3288300230-806680709-1000Core.job
- c:\users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 13:47]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078119499-3288300230-806680709-1000UA.job
- c:\users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 13:47]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078119499-3288300230-806680709-1002Core.job
- c:\users\Aksh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 14:00]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078119499-3288300230-806680709-1002UA.job
- c:\users\Aksh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 14:00]
.
2012-02-19 c:\windows\Tasks\HPCeeScheduleForAksh.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-03-07 c:\windows\Tasks\HPCeeScheduleForHP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-01-21 c:\windows\Tasks\SetupManager.job
- c:\program files (x86)\Hewlett-Packard\Setup Manager\Toaster.exe [2011-03-04 04:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF31463.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\by28qcbw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.time.com/time/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-13 03:30:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-13 07:30
.
Pre-Run: 805,822,287,872 bytes free
Post-Run: 806,849,937,408 bytes free
.
- - End Of File - - 06B16D7309CCD19A60AAE0AEE89FA5B2

Problems I had:

- Virus redirected Google searches.

- Computer randomly froze.

- Webpages timed out before even trying to establish a connection.

The first two problems are still present.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 13 March 2012 - 03:14 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 13 March 2012 - 04:15 PM

TDSSKiller Report:

16:51:30.0209 1088 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
16:51:30.0434 1088 ============================================================
16:51:30.0434 1088 Current date / time: 2012/03/13 16:51:30.0434
16:51:30.0434 1088 SystemInfo:
16:51:30.0434 1088
16:51:30.0434 1088 OS Version: 6.1.7601 ServicePack: 1.0
16:51:30.0434 1088 Product type: Workstation
16:51:30.0434 1088 ComputerName: HP
16:51:30.0435 1088 UserName: Harry
16:51:30.0435 1088 Windows directory: C:\Windows
16:51:30.0435 1088 System windows directory: C:\Windows
16:51:30.0435 1088 Running under WOW64
16:51:30.0435 1088 Processor architecture: Intel x64
16:51:30.0435 1088 Number of processors: 8
16:51:30.0435 1088 Page size: 0x1000
16:51:30.0435 1088 Boot type: Normal boot
16:51:30.0435 1088 ============================================================
16:51:30.0888 1088 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:51:30.0907 1088 \Device\Harddisk0\DR0:
16:51:30.0908 1088 MBR used
16:51:30.0908 1088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:51:30.0908 1088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7306D800
16:51:30.0908 1088 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730A0000, BlocksNum 0x1666000
16:51:31.0006 1088 Initialize success
16:51:31.0006 1088 ============================================================
16:51:45.0493 2856 ============================================================
16:51:45.0493 2856 Scan started
16:51:45.0493 2856 Mode: Manual;
16:51:45.0493 2856 ============================================================
16:51:46.0466 2856 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:51:46.0469 2856 1394ohci - ok
16:51:46.0552 2856 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:51:46.0555 2856 ACPI - ok
16:51:46.0637 2856 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:51:46.0638 2856 AcpiPmi - ok
16:51:46.0700 2856 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:51:46.0705 2856 adp94xx - ok
16:51:46.0739 2856 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:51:46.0743 2856 adpahci - ok
16:51:46.0762 2856 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:51:46.0768 2856 adpu320 - ok
16:51:46.0866 2856 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:51:46.0878 2856 AFD - ok
16:51:46.0917 2856 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:51:46.0918 2856 agp440 - ok
16:51:46.0988 2856 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:51:46.0989 2856 aliide - ok
16:51:47.0046 2856 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:51:47.0046 2856 amdide - ok
16:51:47.0067 2856 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:51:47.0068 2856 AmdK8 - ok
16:51:47.0176 2856 amdkmdag (522d53e0b119897838a04da4bbea787f) C:\Windows\system32\DRIVERS\atikmdag.sys
16:51:47.0247 2856 amdkmdag - ok
16:51:47.0320 2856 amdkmdap (a6f7a21d44397d9badd28f6730da0607) C:\Windows\system32\DRIVERS\atikmpag.sys
16:51:47.0323 2856 amdkmdap - ok
16:51:47.0383 2856 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:51:47.0384 2856 AmdPPM - ok
16:51:47.0415 2856 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:51:47.0416 2856 amdsata - ok
16:51:47.0447 2856 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:51:47.0449 2856 amdsbs - ok
16:51:47.0464 2856 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:51:47.0464 2856 amdxata - ok
16:51:47.0598 2856 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:51:47.0600 2856 AppID - ok
16:51:47.0734 2856 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:51:47.0735 2856 arc - ok
16:51:47.0755 2856 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:51:47.0762 2856 arcsas - ok
16:51:47.0850 2856 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:51:47.0850 2856 AsyncMac - ok
16:51:47.0914 2856 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:51:47.0915 2856 atapi - ok
16:51:48.0042 2856 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
16:51:48.0043 2856 AtiHDAudioService - ok
16:51:48.0146 2856 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:51:48.0148 2856 AVGIDSDriver - ok
16:51:48.0173 2856 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:51:48.0173 2856 AVGIDSEH - ok
16:51:48.0193 2856 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:51:48.0194 2856 AVGIDSFilter - ok
16:51:48.0246 2856 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
16:51:48.0249 2856 Avgldx64 - ok
16:51:48.0259 2856 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
16:51:48.0260 2856 Avgmfx64 - ok
16:51:48.0360 2856 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
16:51:48.0360 2856 Avgrkx64 - ok
16:51:48.0433 2856 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
16:51:48.0437 2856 Avgtdia - ok
16:51:48.0523 2856 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:51:48.0527 2856 b06bdrv - ok
16:51:48.0591 2856 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:51:48.0594 2856 b57nd60a - ok
16:51:48.0687 2856 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:51:48.0688 2856 Beep - ok
16:51:48.0802 2856 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
16:51:48.0804 2856 blbdrive - ok
16:51:48.0892 2856 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:51:48.0893 2856 bowser - ok
16:51:48.0914 2856 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:51:48.0915 2856 BrFiltLo - ok
16:51:48.0931 2856 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:51:48.0932 2856 BrFiltUp - ok
16:51:49.0026 2856 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:51:49.0027 2856 BridgeMP - ok
16:51:49.0122 2856 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:51:49.0125 2856 Brserid - ok
16:51:49.0142 2856 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:51:49.0143 2856 BrSerWdm - ok
16:51:49.0199 2856 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:51:49.0200 2856 BrUsbMdm - ok
16:51:49.0219 2856 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:51:49.0220 2856 BrUsbSer - ok
16:51:49.0241 2856 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:51:49.0242 2856 BTHMODEM - ok
16:51:49.0402 2856 catchme - ok
16:51:49.0499 2856 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:51:49.0500 2856 cdfs - ok
16:51:49.0600 2856 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:51:49.0602 2856 cdrom - ok
16:51:49.0657 2856 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:51:49.0658 2856 circlass - ok
16:51:49.0682 2856 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:51:49.0685 2856 CLFS - ok
16:51:49.0761 2856 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:51:49.0766 2856 CmBatt - ok
16:51:49.0866 2856 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:51:49.0867 2856 cmdide - ok
16:51:49.0905 2856 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:51:49.0909 2856 CNG - ok
16:51:49.0924 2856 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:51:49.0925 2856 Compbatt - ok
16:51:50.0002 2856 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:51:50.0003 2856 CompositeBus - ok
16:51:50.0066 2856 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:51:50.0067 2856 crcdisk - ok
16:51:50.0132 2856 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:51:50.0133 2856 DfsC - ok
16:51:50.0155 2856 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:51:50.0161 2856 discache - ok
16:51:50.0177 2856 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:51:50.0181 2856 Disk - ok
16:51:50.0248 2856 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:51:50.0249 2856 drmkaud - ok
16:51:50.0311 2856 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:51:50.0314 2856 dtsoftbus01 - ok
16:51:50.0338 2856 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:51:50.0346 2856 DXGKrnl - ok
16:51:50.0406 2856 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:51:50.0435 2856 ebdrv - ok
16:51:50.0554 2856 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:51:50.0559 2856 elxstor - ok
16:51:50.0579 2856 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:51:50.0580 2856 ErrDev - ok
16:51:50.0602 2856 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:51:50.0605 2856 exfat - ok
16:51:50.0626 2856 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:51:50.0628 2856 fastfat - ok
16:51:50.0646 2856 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:51:50.0647 2856 fdc - ok
16:51:50.0668 2856 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:51:50.0669 2856 FileInfo - ok
16:51:50.0684 2856 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:51:50.0685 2856 Filetrace - ok
16:51:50.0700 2856 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:51:50.0700 2856 flpydisk - ok
16:51:50.0794 2856 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:51:50.0797 2856 FltMgr - ok
16:51:50.0867 2856 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:51:50.0868 2856 FsDepends - ok
16:51:50.0922 2856 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
16:51:50.0923 2856 fssfltr - ok
16:51:50.0938 2856 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:51:50.0939 2856 Fs_Rec - ok
16:51:50.0960 2856 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:51:50.0962 2856 fvevol - ok
16:51:50.0978 2856 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:51:50.0980 2856 gagp30kx - ok
16:51:51.0111 2856 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:51:51.0112 2856 GEARAspiWDM - ok
16:51:51.0136 2856 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:51:51.0137 2856 hcw85cir - ok
16:51:51.0198 2856 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:51:51.0201 2856 HdAudAddService - ok
16:51:51.0272 2856 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:51:51.0274 2856 HDAudBus - ok
16:51:51.0304 2856 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:51:51.0305 2856 HidBatt - ok
16:51:51.0324 2856 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:51:51.0326 2856 HidBth - ok
16:51:51.0412 2856 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:51:51.0413 2856 HidIr - ok
16:51:51.0432 2856 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:51:51.0432 2856 HidUsb - ok
16:51:51.0599 2856 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:51:51.0600 2856 HpSAMD - ok
16:51:51.0717 2856 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:51:51.0726 2856 HTTP - ok
16:51:51.0742 2856 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:51:51.0743 2856 hwpolicy - ok
16:51:51.0838 2856 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:51:51.0839 2856 i8042prt - ok
16:51:51.0863 2856 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
16:51:51.0864 2856 iaStor - ok
16:51:51.0914 2856 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:51:51.0918 2856 iaStorV - ok
16:51:52.0046 2856 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:51:52.0098 2856 igfx - ok
16:51:52.0262 2856 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:51:52.0266 2856 iirsp - ok
16:51:52.0372 2856 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
16:51:52.0397 2856 IntcAzAudAddService - ok
16:51:52.0499 2856 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:51:52.0500 2856 intelide - ok
16:51:52.0525 2856 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
16:51:52.0526 2856 intelppm - ok
16:51:52.0590 2856 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:51:52.0591 2856 IpFilterDriver - ok
16:51:52.0613 2856 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:51:52.0614 2856 IPMIDRV - ok
16:51:52.0637 2856 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:51:52.0638 2856 IPNAT - ok
16:51:52.0704 2856 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:51:52.0704 2856 IRENUM - ok
16:51:52.0820 2856 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:51:52.0821 2856 isapnp - ok
16:51:52.0852 2856 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:51:52.0855 2856 iScsiPrt - ok
16:51:52.0908 2856 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:51:52.0909 2856 kbdclass - ok
16:51:52.0955 2856 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:51:52.0956 2856 kbdhid - ok
16:51:53.0033 2856 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:51:53.0034 2856 KSecDD - ok
16:51:53.0052 2856 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:51:53.0054 2856 KSecPkg - ok
16:51:53.0079 2856 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:51:53.0080 2856 ksthunk - ok
16:51:53.0172 2856 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:51:53.0173 2856 lltdio - ok
16:51:53.0275 2856 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:51:53.0277 2856 LSI_FC - ok
16:51:53.0330 2856 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:51:53.0331 2856 LSI_SAS - ok
16:51:53.0350 2856 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:51:53.0351 2856 LSI_SAS2 - ok
16:51:53.0372 2856 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:51:53.0373 2856 LSI_SCSI - ok
16:51:53.0429 2856 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:51:53.0439 2856 luafv - ok
16:51:53.0479 2856 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:51:53.0480 2856 megasas - ok
16:51:53.0580 2856 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:51:53.0583 2856 MegaSR - ok
16:51:53.0621 2856 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
16:51:53.0623 2856 MEIx64 - ok
16:51:53.0656 2856 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:51:53.0657 2856 Modem - ok
16:51:53.0712 2856 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:51:53.0712 2856 monitor - ok
16:51:53.0738 2856 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:51:53.0739 2856 mouclass - ok
16:51:53.0770 2856 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:51:53.0771 2856 mouhid - ok
16:51:53.0803 2856 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:51:53.0804 2856 mountmgr - ok
16:51:53.0871 2856 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:51:53.0873 2856 MpFilter - ok
16:51:53.0916 2856 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:51:53.0918 2856 mpio - ok
16:51:53.0952 2856 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:51:53.0953 2856 MpNWMon - ok
16:51:53.0976 2856 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:51:53.0978 2856 mpsdrv - ok
16:51:53.0998 2856 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:51:54.0000 2856 MRxDAV - ok
16:51:54.0035 2856 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:51:54.0036 2856 mrxsmb - ok
16:51:54.0076 2856 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:54.0088 2856 mrxsmb10 - ok
16:51:54.0127 2856 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:54.0128 2856 mrxsmb20 - ok
16:51:54.0186 2856 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:51:54.0189 2856 msahci - ok
16:51:54.0239 2856 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:51:54.0244 2856 msdsm - ok
16:51:54.0277 2856 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:51:54.0277 2856 Msfs - ok
16:51:54.0339 2856 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:51:54.0339 2856 mshidkmdf - ok
16:51:54.0352 2856 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:51:54.0353 2856 msisadrv - ok
16:51:54.0414 2856 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:51:54.0414 2856 MSKSSRV - ok
16:51:54.0544 2856 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:54.0544 2856 MSPCLOCK - ok
16:51:54.0603 2856 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:51:54.0604 2856 MSPQM - ok
16:51:54.0624 2856 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:51:54.0627 2856 MsRPC - ok
16:51:54.0649 2856 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:51:54.0649 2856 mssmbios - ok
16:51:54.0663 2856 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:51:54.0664 2856 MSTEE - ok
16:51:54.0687 2856 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:51:54.0687 2856 MTConfig - ok
16:51:54.0720 2856 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:51:54.0721 2856 Mup - ok
16:51:54.0838 2856 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:51:54.0841 2856 NativeWifiP - ok
16:51:54.0906 2856 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:51:54.0914 2856 NDIS - ok
16:51:54.0928 2856 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:51:54.0929 2856 NdisCap - ok
16:51:54.0978 2856 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:54.0978 2856 NdisTapi - ok
16:51:55.0020 2856 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:55.0021 2856 Ndisuio - ok
16:51:55.0036 2856 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:51:55.0038 2856 NdisWan - ok
16:51:55.0053 2856 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:51:55.0054 2856 NDProxy - ok
16:51:55.0094 2856 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:51:55.0094 2856 NetBIOS - ok
16:51:55.0120 2856 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:51:55.0122 2856 NetBT - ok
16:51:55.0232 2856 netr28x (24cf1304d899124336f67f88f3c15e21) C:\Windows\system32\DRIVERS\netr28x.sys
16:51:55.0248 2856 netr28x - ok
16:51:55.0325 2856 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:51:55.0326 2856 nfrd960 - ok
16:51:55.0369 2856 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:51:55.0370 2856 NisDrv - ok
16:51:55.0457 2856 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:51:55.0457 2856 Npfs - ok
16:51:55.0475 2856 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:51:55.0475 2856 nsiproxy - ok
16:51:55.0535 2856 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:51:55.0549 2856 Ntfs - ok
16:51:55.0565 2856 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:51:55.0565 2856 Null - ok
16:51:55.0678 2856 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:51:55.0680 2856 nvraid - ok
16:51:55.0707 2856 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:51:55.0709 2856 nvstor - ok
16:51:55.0806 2856 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:51:55.0808 2856 nv_agp - ok
16:51:55.0832 2856 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:51:55.0833 2856 ohci1394 - ok
16:51:55.0926 2856 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:51:55.0928 2856 Parport - ok
16:51:55.0964 2856 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:51:55.0965 2856 partmgr - ok
16:51:55.0990 2856 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:51:55.0992 2856 pci - ok
16:51:56.0000 2856 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:51:56.0001 2856 pciide - ok
16:51:56.0010 2856 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:51:56.0013 2856 pcmcia - ok
16:51:56.0026 2856 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:51:56.0027 2856 pcw - ok
16:51:56.0046 2856 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:51:56.0052 2856 PEAUTH - ok
16:51:56.0156 2856 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:51:56.0157 2856 PptpMiniport - ok
16:51:56.0189 2856 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:51:56.0190 2856 Processor - ok
16:51:56.0251 2856 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:51:56.0253 2856 Psched - ok
16:51:56.0301 2856 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:51:56.0315 2856 ql2300 - ok
16:51:56.0337 2856 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:51:56.0338 2856 ql40xx - ok
16:51:56.0381 2856 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:51:56.0382 2856 QWAVEdrv - ok
16:51:56.0440 2856 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:51:56.0441 2856 RasAcd - ok
16:51:56.0512 2856 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:51:56.0513 2856 RasAgileVpn - ok
16:51:56.0559 2856 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:51:56.0561 2856 Rasl2tp - ok
16:51:56.0574 2856 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:51:56.0576 2856 RasPppoe - ok
16:51:56.0588 2856 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:51:56.0589 2856 RasSstp - ok
16:51:56.0607 2856 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:51:56.0609 2856 rdbss - ok
16:51:56.0656 2856 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
16:51:56.0657 2856 rdpbus - ok
16:51:56.0721 2856 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:51:56.0722 2856 RDPCDD - ok
16:51:56.0800 2856 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:51:56.0800 2856 RDPENCDD - ok
16:51:56.0816 2856 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:51:56.0817 2856 RDPREFMP - ok
16:51:56.0836 2856 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:51:56.0838 2856 RDPWD - ok
16:51:56.0853 2856 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:51:56.0854 2856 rdyboost - ok
16:51:56.0933 2856 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:51:56.0934 2856 rspndr - ok
16:51:57.0060 2856 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:51:57.0064 2856 RTL8167 - ok
16:51:57.0089 2856 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:51:57.0090 2856 sbp2port - ok
16:51:57.0108 2856 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:51:57.0108 2856 scfilter - ok
16:51:57.0179 2856 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:51:57.0180 2856 secdrv - ok
16:51:57.0316 2856 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:51:57.0317 2856 Serenum - ok
16:51:57.0340 2856 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:51:57.0341 2856 Serial - ok
16:51:57.0356 2856 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:51:57.0357 2856 sermouse - ok
16:51:57.0383 2856 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:51:57.0383 2856 sffdisk - ok
16:51:57.0424 2856 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:51:57.0425 2856 sffp_mmc - ok
16:51:57.0439 2856 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:51:57.0440 2856 sffp_sd - ok
16:51:57.0459 2856 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:51:57.0460 2856 sfloppy - ok
16:51:57.0548 2856 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:51:57.0549 2856 SiSRaid2 - ok
16:51:57.0582 2856 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:51:57.0584 2856 SiSRaid4 - ok
16:51:57.0644 2856 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:51:57.0645 2856 Smb - ok
16:51:57.0689 2856 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:51:57.0689 2856 spldr - ok
16:51:57.0730 2856 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:51:57.0734 2856 srv - ok
16:51:57.0770 2856 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:51:57.0774 2856 srv2 - ok
16:51:57.0869 2856 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:51:57.0871 2856 srvnet - ok
16:51:57.0930 2856 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:51:57.0931 2856 stexstor - ok
16:51:58.0031 2856 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:51:58.0032 2856 swenum - ok
16:51:58.0092 2856 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:51:58.0108 2856 Tcpip - ok
16:51:58.0198 2856 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:51:58.0205 2856 TCPIP6 - ok
16:51:58.0226 2856 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:51:58.0238 2856 tcpipreg - ok
16:51:58.0275 2856 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:51:58.0275 2856 TDPIPE - ok
16:51:58.0289 2856 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:51:58.0289 2856 TDTCP - ok
16:51:58.0343 2856 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:51:58.0344 2856 tdx - ok
16:51:58.0409 2856 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:51:58.0410 2856 TermDD - ok
16:51:58.0472 2856 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:51:58.0474 2856 tssecsrv - ok
16:51:58.0539 2856 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:51:58.0542 2856 TsUsbFlt - ok
16:51:58.0565 2856 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:51:58.0569 2856 TsUsbGD - ok
16:51:58.0646 2856 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:51:58.0647 2856 tunnel - ok
16:51:58.0673 2856 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:51:58.0674 2856 uagp35 - ok
16:51:58.0697 2856 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:51:58.0701 2856 udfs - ok
16:51:58.0795 2856 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:51:58.0797 2856 uliagpkx - ok
16:51:58.0820 2856 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:51:58.0821 2856 umbus - ok
16:51:58.0905 2856 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:51:58.0906 2856 UmPass - ok
16:51:59.0009 2856 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:51:59.0009 2856 USBAAPL64 - ok
16:51:59.0051 2856 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:51:59.0052 2856 usbccgp - ok
16:51:59.0080 2856 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:51:59.0089 2856 usbcir - ok
16:51:59.0149 2856 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:51:59.0150 2856 usbehci - ok
16:51:59.0221 2856 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:51:59.0225 2856 usbhub - ok
16:51:59.0275 2856 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:51:59.0276 2856 usbohci - ok
16:51:59.0331 2856 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:51:59.0332 2856 usbprint - ok
16:51:59.0389 2856 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:51:59.0390 2856 usbscan - ok
16:51:59.0425 2856 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:51:59.0427 2856 USBSTOR - ok
16:51:59.0481 2856 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:51:59.0482 2856 usbuhci - ok
16:51:59.0562 2856 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:51:59.0563 2856 vdrvroot - ok
16:51:59.0655 2856 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:51:59.0656 2856 vga - ok
16:51:59.0671 2856 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:51:59.0672 2856 VgaSave - ok
16:51:59.0694 2856 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:51:59.0697 2856 vhdmp - ok
16:51:59.0720 2856 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:51:59.0721 2856 viaide - ok
16:51:59.0815 2856 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:51:59.0816 2856 volmgr - ok
16:51:59.0857 2856 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:51:59.0861 2856 volmgrx - ok
16:51:59.0908 2856 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:51:59.0911 2856 volsnap - ok
16:51:59.0964 2856 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:51:59.0966 2856 vsmraid - ok
16:52:00.0002 2856 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:52:00.0002 2856 vwifibus - ok
16:52:00.0048 2856 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:52:00.0049 2856 vwififlt - ok
16:52:00.0073 2856 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:52:00.0074 2856 WacomPen - ok
16:52:00.0109 2856 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:00.0111 2856 WANARP - ok
16:52:00.0113 2856 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:00.0114 2856 Wanarpv6 - ok
16:52:00.0214 2856 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:52:00.0215 2856 Wd - ok
16:52:00.0279 2856 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:52:00.0280 2856 WDC_SAM - ok
16:52:00.0310 2856 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:52:00.0316 2856 Wdf01000 - ok
16:52:00.0365 2856 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:52:00.0365 2856 WfpLwf - ok
16:52:00.0395 2856 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:52:00.0407 2856 WIMMount - ok
16:52:00.0476 2856 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:52:00.0477 2856 WinUsb - ok
16:52:00.0505 2856 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:52:00.0506 2856 WmiAcpi - ok
16:52:00.0559 2856 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:52:00.0560 2856 ws2ifsl - ok
16:52:00.0576 2856 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:52:00.0578 2856 WudfPf - ok
16:52:00.0595 2856 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:52:00.0597 2856 WUDFRd - ok
16:52:00.0645 2856 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
16:52:00.0700 2856 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
16:52:00.0700 2856 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
16:52:00.0701 2856 Boot (0x1200) (bc5db0d600aa768df309d9199d7cf728) \Device\Harddisk0\DR0\Partition0
16:52:00.0702 2856 \Device\Harddisk0\DR0\Partition0 - ok
16:52:00.0732 2856 Boot (0x1200) (b3449a73b3770ebe8136b13235b43957) \Device\Harddisk0\DR0\Partition1
16:52:00.0733 2856 \Device\Harddisk0\DR0\Partition1 - ok
16:52:00.0762 2856 Boot (0x1200) (0e63820c7453feb54d50ffd604deec85) \Device\Harddisk0\DR0\Partition2
16:52:00.0769 2856 \Device\Harddisk0\DR0\Partition2 - ok
16:52:00.0769 2856 ============================================================
16:52:00.0769 2856 Scan finished
16:52:00.0769 2856 ============================================================
16:52:00.0775 4552 Detected object count: 1
16:52:00.0775 4552 Actual detected object count: 1
16:52:09.0218 4552 \Device\Harddisk0\DR0\# - copied to quarantine
16:52:09.0219 4552 \Device\Harddisk0\DR0 - copied to quarantine
16:52:09.0248 4552 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
16:52:09.0248 4552 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
16:52:09.0249 4552 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
16:52:09.0250 4552 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
16:52:09.0251 4552 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
16:52:09.0253 4552 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
16:52:09.0254 4552 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
16:52:09.0255 4552 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
16:52:09.0256 4552 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:52:09.0258 4552 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:52:09.0259 4552 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:52:09.0260 4552 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:52:09.0261 4552 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
16:52:09.0262 4552 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
16:52:09.0290 4552 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
16:52:09.0359 4552 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
16:52:09.0361 4552 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
16:52:09.0371 4552 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
16:52:09.0377 4552 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
16:52:09.0385 4552 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
16:52:09.0451 4552 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
16:52:09.0461 4552 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
16:52:09.0481 4552 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
16:52:09.0534 4552 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
16:52:09.0545 4552 \Device\Harddisk0\DR0 - ok
16:52:09.0796 4552 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
16:52:37.0844 5924 Deinitialize success


aswMBR Report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-13 16:57:01
-----------------------------
16:57:01.278 OS Version: Windows x64 6.1.7601 Service Pack 1
16:57:01.278 Number of processors: 8 586 0x2A07
16:57:01.279 ComputerName: HP UserName:
16:57:04.486 Initialize success
16:57:38.169 AVAST engine defs: 12031300
16:57:56.983 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:57:56.986 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
16:57:56.994 Disk 0 MBR read successfully
16:57:56.995 Disk 0 MBR scan
16:57:56.998 Disk 0 unknown MBR code
16:57:57.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:57:57.006 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942299 MB offset 206848
16:57:57.036 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11468 MB offset 1930035200
16:57:57.068 Disk 0 scanning C:\Windows\system32\drivers
16:58:10.208 Service scanning
16:58:28.281 Modules scanning
16:58:28.285 Disk 0 trace - called modules:
16:58:28.292 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:58:28.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009609790]
16:58:28.299 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b60050]
16:58:32.699 AVAST engine scan C:\Windows
16:58:36.216 AVAST engine scan C:\Windows\system32
17:01:03.719 AVAST engine scan C:\Windows\system32\drivers
17:01:19.594 AVAST engine scan C:\Users\Harry
17:05:22.556 Disk 0 MBR has been saved successfully to "C:\Users\Harry\Desktop\MBR.dat"
17:05:22.560 The log file has been saved successfully to "C:\Users\Harry\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-13 16:57:01
-----------------------------
16:57:01.278 OS Version: Windows x64 6.1.7601 Service Pack 1
16:57:01.278 Number of processors: 8 586 0x2A07
16:57:01.279 ComputerName: HP UserName:
16:57:04.486 Initialize success
16:57:38.169 AVAST engine defs: 12031300
16:57:56.983 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:57:56.986 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
16:57:56.994 Disk 0 MBR read successfully
16:57:56.995 Disk 0 MBR scan
16:57:56.998 Disk 0 unknown MBR code
16:57:57.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:57:57.006 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942299 MB offset 206848
16:57:57.036 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11468 MB offset 1930035200
16:57:57.068 Disk 0 scanning C:\Windows\system32\drivers
16:58:10.208 Service scanning
16:58:28.281 Modules scanning
16:58:28.285 Disk 0 trace - called modules:
16:58:28.292 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:58:28.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009609790]
16:58:28.299 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b60050]
16:58:32.699 AVAST engine scan C:\Windows
16:58:36.216 AVAST engine scan C:\Windows\system32
17:01:03.719 AVAST engine scan C:\Windows\system32\drivers
17:01:19.594 AVAST engine scan C:\Users\Harry
17:05:22.556 Disk 0 MBR has been saved successfully to "C:\Users\Harry\Desktop\MBR.dat"
17:05:22.560 The log file has been saved successfully to "C:\Users\Harry\Desktop\aswMBR.txt"
17:09:31.356 AVAST engine scan C:\ProgramData
17:10:28.308 Scan finished successfully
17:11:59.213 Disk 0 MBR has been saved successfully to "C:\Users\Harry\Desktop\MBR.dat"
17:11:59.216 The log file has been saved successfully to "C:\Users\Harry\Desktop\aswMBR.txt"


My computer seems to be symptom-free and operating cleanly. Thanks a lot!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 13 March 2012 - 04:57 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 13 March 2012 - 06:05 PM

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6077 [GMT -4:00]
Running from: c:\users\Harry\Desktop\ComboFix.exe
Command switches used :: c:\users\Harry\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 22:04 . 2012-03-13 22:04 -------- d-----w- c:\users\Gary\AppData\Local\temp
2012-03-13 22:04 . 2012-03-13 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 22:04 . 2012-03-13 22:04 -------- d-----w- c:\users\Aksh\AppData\Local\temp
2012-03-13 21:04 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0AE9E65-C688-4A15-97DE-1C61CF42F6D3}\mpengine.dll
2012-03-13 20:52 . 2012-03-13 20:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-10 05:51 . 2012-03-10 05:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-10 05:35 . 2012-03-10 05:35 -------- d-----w- c:\program files\iTunes
2012-03-10 05:35 . 2012-03-10 05:35 -------- d-----w- c:\program files (x86)\iTunes
2012-03-10 05:35 . 2012-03-10 05:35 -------- d-----w- c:\program files\iPod
2012-03-10 00:19 . 2012-03-10 00:19 -------- d-----w- C:\$AVG
2012-02-20 22:52 . 2011-10-12 00:37 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-20 22:52 . 2012-02-20 22:51 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{572A0612-6B57-4D21-BFF0-693728D68CB5}\gapaengine.dll
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 02:13 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 02:13 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 02:13 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 02:13 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 02:13 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 02:13 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 02:13 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 02:13 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 05:51 . 2011-06-29 18:50 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-02 18:12 . 2012-02-29 22:37 1046094 ----a-w- c:\windows\SysWow64\internalList.zip
2012-02-25 21:11 . 2011-04-16 23:29 293510 ----a-w- C:\DUMP534d.tmp
2012-02-08 07:13 . 2011-10-13 01:27 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-03 16:51 . 2011-06-11 03:13 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-13_07.10.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-03-13 20:55 37596 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-13 20:55 37596 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-13 07:30 . 2012-03-13 07:30 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 70656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml.Hosting\d4c98757d64684477081d5f200e875c1\System.Xaml.Hosting.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 26112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Routing\8295dbd8d0d3dbbfac33aa7dc15c8d29\System.Web.Routing.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 53760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\2b458d13f6e3900827854507ba765d2e\System.Web.DynamicData.Design.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 26112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Abstract#\46c50dbb9de3e13078242f8b3b32e4fe\System.Web.Abstractions.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 13824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\f0042f79d36bedda0e99e2892bb02fe7\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 47616 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Workflow.#\64fd2fd1812f2536afaec66752707952\Microsoft.Workflow.Compiler.ni.exe
+ 2012-03-13 07:26 . 2012-03-13 07:26 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll
+ 2012-03-13 07:22 . 2012-03-13 07:22 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe
+ 2012-03-13 07:22 . 2012-03-13 07:22 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\8dd565cc0b374e1eec73cf7eaba91e92\UIAutomationProvider.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\31c9ef760d04c92e17106dae1a9091f4\System.Xaml.Hosting.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\077e75015456f75a0495f65cfcf140cb\System.Windows.Presentation.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\205067fe0e5c75891b489719b799c79d\System.Web.Routing.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\d1525e7fd8ba4234de86defa5b38e677\System.Web.DynamicData.Design.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\22a9aa847a8e4e651a35b63270ce8999\System.Web.ApplicationServices.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\931f8d259c4bde5078375e82897db92f\System.Web.Abstractions.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fdeb5ca04943da59f732d3001d6a0df0\System.ServiceModel.Channels.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5ab20ea5fd89e0e8ba9e93e297cea012\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\9688786618bf6390637c283b5bd1c9b3\System.AddIn.Contract.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\974157f629303efea6fc23e6578901ba\Microsoft.Workflow.Compiler.ni.exe
+ 2012-03-13 07:15 . 2012-03-13 07:15 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\6ffc3ac04451b4978519218fd266403e\Microsoft.VisualC.ni.dll
+ 2012-03-13 07:14 . 2012-03-13 07:14 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\8cbc15b63aa3f06453f1aaa8659cf809\Accessibility.ni.dll
+ 2011-10-11 19:35 . 2012-03-13 20:52 1846 c:\windows\system64\wdi\ERCQueuedResolutions.dat
+ 2011-06-13 22:25 . 2012-03-13 20:55 7070 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4078119499-3288300230-806680709-1000_UserData.bin
+ 2011-10-11 19:35 . 2012-03-13 20:52 1846 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-06-13 22:25 . 2012-03-13 20:55 7070 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4078119499-3288300230-806680709-1000_UserData.bin
+ 2012-03-13 22:05 . 2012-03-13 22:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-13 07:08 . 2012-03-13 07:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-13 07:08 . 2012-03-13 07:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-13 22:05 . 2012-03-13 22:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-13 07:25 . 2012-03-13 07:25 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\6bafe185b3d23de57ec689035642fe43\System.Xml.Serialization.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\592252ee904bd41f99cd1d19909b548c\dfsvc.ni.exe
+ 2009-07-14 02:36 . 2012-03-13 20:59 662196 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-03-13 07:05 662196 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-03-13 07:05 122024 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-13 20:59 122024 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-03-13 07:05 662196 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-13 20:59 662196 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-13 07:05 122024 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-13 20:59 122024 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-13 07:07 234356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-13 22:05 234356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-13 07:30 . 2012-03-13 07:30 553984 c:\windows\assembly\NativeImages_v4.0.30319_64\XamlBuildTask\ce782fd1260cae5ae699b71e0d812d83\XamlBuildTask.ni.dll
+ 2012-03-13 07:23 . 2012-03-13 07:23 462336 c:\windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\eac69863f449fe367f746d5f0a350679\WsatConfig.ni.exe
+ 2012-03-13 07:30 . 2012-03-13 07:30 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d05858dd730eef93a5e4a3cc88dd4ec3\WindowsFormsIntegration.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll
+ 2012-03-13 07:30 . 2012-03-13 07:30 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 244736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\cbbafa4beae62e36534fe49eb2018c0b\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 314880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.RegularE#\ebfbacf10670251b2db61f2cbca08af3\System.Web.RegularExpressions.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 451072 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\ae212f98035c56e3afef587327872f59\System.Web.Entity.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 367104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\fc1fc26fb70875a7316ce94536e2bf57\System.Web.Entity.Design.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 973824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\4f6f5611091cf04590731745a34de340\System.Web.DynamicData.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 331264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\5a490156ae434d704b39404e9647f08f\System.Web.DataVisualization.Design.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\73874670b92afbde73b23e8a1200eede\System.ServiceProcess.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 587776 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\7bb3d57e54fb2ce288cfe4cacd43a893\System.ServiceModel.Activation.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll
+ 2012-03-13 07:22 . 2012-03-13 07:22 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 995328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\2da997f0d78859f06d72fcc61fc1a36f\System.Runtime.Remoting.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 311296 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Cach#\c64bdda4c5b1008a50130456a416e688\System.Runtime.Caching.ni.dll
+ 2012-03-13 07:23 . 2012-03-13 07:23 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\ae0089b9135614de304ebe288fa6fca8\System.Messaging.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 289792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\af04fce546a43c407b9ede1a77f272b6\System.Drawing.Design.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 662528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\18dc9d6390f0fbbd47581cb3ea6567c6\System.Data.Services.Design.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll
+ 2012-03-13 07:23 . 2012-03-13 07:23 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
+ 2012-03-13 07:26 . 2012-03-13 07:26 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll
+ 2012-03-13 07:23 . 2012-03-13 07:23 364544 c:\windows\assembly\NativeImages_v4.0.30319_64\MSBuild\fe507be01e652c9d1577ed3c82bc0725\MSBuild.ni.exe
+ 2012-03-13 07:26 . 2012-03-13 07:26 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5a7e968020fcc15deaead9c8f27feeab\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 851456 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Uti#\ef49e94c2b9e293e658979ba193686c7\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-03-13 07:22 . 2012-03-13 07:22 353792 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Fra#\f03be672b1993e4a2dee05f0c99cf27a\Microsoft.Build.Framework.ni.dll
+ 2012-03-13 07:23 . 2012-03-13 07:23 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
+ 2012-03-13 07:22 . 2012-03-13 07:22 661504 c:\windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\3c87931e06af65974a92146167d898f3\ComSvcConfig.ni.exe
+ 2012-03-13 07:25 . 2012-03-13 07:25 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\fd0c917972edf6f2a05c090627030608\XamlBuildTask.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\5f644edb4fd9228b50499b597b20f8d6\WsatConfig.ni.exe
+ 2012-03-13 07:25 . 2012-03-13 07:25 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\d5a18f2355101b19f23ff2f31d1d1e17\WindowsFormsIntegration.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\9562374f940f41cdc64d88268d543f0b\UIAutomationTypes.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\641eec5b274fe3972d02892607f9b650\UIAutomationClient.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\0b68854406b775365c6d91e87813c2dc\System.Windows.Input.Manipulations.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\01defe5a0bf7227f37645625367393ab\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\0613bd8bf52bb05610bc85ae9b950e9f\System.Web.RegularExpressions.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\6e30f0637c198b8ddac89379ae0cc3b4\System.Web.Extensions.Design.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\f2a8d54def527c06078b2ea3ca364e21\System.Web.Entity.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\66538729163731ccf2afebcfa705931a\System.Web.Entity.Design.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\934f6270b71946989b09dabf37692d9d\System.Web.DynamicData.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\e0738a758f95ad36a1ca4ea4fe014383\System.Web.DataVisualization.Design.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\bf0b3689dd5e261097f2feb2ed0103e8\System.ServiceProcess.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 432640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\eed602a6dac854f70fa1bb181b2179de\System.ServiceModel.Activation.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d3d9c582c7cd77f17fd93167dc462242\System.ServiceModel.Routing.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7b17528dffe47d9b17be6086a575a516\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 244736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\a89c27bacba019eeed438f67b8544b78\System.Runtime.Caching.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\965e2749489298cc85387f44f76a40f2\System.Net.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f5333e6e06a2d476f93b0880c5e7fd14\System.Messaging.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\1bff2d3e952c2160ba0c790d2342a601\System.Management.Instrumentation.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e6cb98078120266f5310adf0f45aa7df\System.IO.Log.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\22dadf930ad449894633480562d6c913\System.IdentityModel.Selectors.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.Wrapper.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e25cc7918b583b3beffcad52920eae29\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\a3be39ae9813098aa81430dd507d22ca\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4975f93d2055b33bd7a91d6f05628e2a\System.Device.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 508928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\35a9933c9a009b623b4332a4e1daf245\System.Data.Services.Design.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\42d3d301d2adef24edeb3b775fbe3a4b\System.Data.DataSetExtensions.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\e844f0d4cf703c2e97515ed020331b76\System.Configuration.Install.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\9b418b211d6207feafcdc27027d26036\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\a4cfba8e3500f8387fe5924b940983be\System.AddIn.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\520d0ed9f48c121fbe79bda6fc176b74\System.Activities.DurableInstancing.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\98ec8a39382e6eee39845bd4759ecf04\SMSvcHost.ni.exe
+ 2012-03-13 07:15 . 2012-03-13 07:15 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b905cdec5960d51e5bdc7030b005c09\SMDiagnostics.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\265875f162e9c2ffefca67188cee8faa\MSBuild.ni.exe
+ 2012-03-13 07:15 . 2012-03-13 07:15 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0a5b8a58dc91116727bfc775a1c19b8c\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5958d9610eb58adb2b62153492a7c27e\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\861156abd2fbeb15a72e479fb140c9b9\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\03c15533eddd91753b86895c6bfd59aa\Microsoft.Build.Framework.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 136192 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\dda5a6b2ff35b701c4585b7845101391\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 475136 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\e9dee8646a22abf1626514f0f14fcdd9\ComSvcConfig.ni.exe
+ 2012-03-13 07:14 . 2012-03-13 07:14 851968 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\cd00df3ad31231170f909bd387c2164e\AspNetMMCExt.ni.dll
+ 2011-04-16 23:34 . 2012-03-13 22:05 1291736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-04-16 23:34 . 2012-03-13 07:07 1291736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-13 07:26 . 2012-03-13 07:26 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll
+ 2012-03-13 07:30 . 2012-03-13 07:30 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll
+ 2012-03-13 07:22 . 2012-03-13 07:22 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
+ 2012-03-13 07:22 . 2012-03-13 07:22 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
+ 2012-03-13 07:30 . 2012-03-13 07:30 1601024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\7c63d28d59e41ae8e5bb5b8e50841e21\System.WorkflowServices.ni.dll
+ 2012-03-13 07:30 . 2012-03-13 07:30 2887168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Run#\e4b0b5a166ae5bcbf921d0ae8f461f33\System.Workflow.Runtime.ni.dll
+ 2012-03-13 07:30 . 2012-03-13 07:30 5909504 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Com#\0d94daa82d426e57c7084542bf36d25c\System.Workflow.ComponentModel.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 3743744 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\ea6ba9a3cc1b2640d807ef23e02fef02\System.Workflow.Activities.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\455d5edfdc989057a8fea7bc88a02ef6\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 2287104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\97b05378b616e023221f9c6072239168\System.Web.Services.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 2964480 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\53ceacfb78d2a4a0497e5c06df4feec0\System.Web.Mobile.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 1100800 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\cdc1f95ddc4c4cf20630490b7a1ab044\System.Web.Extensions.Design.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 3805184 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\8562144b72380768c1489a7b1a584fc4\System.Web.Extensions.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 5599232 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\f119a8e910ca7aee618c10112191db26\System.Web.DataVisualization.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 1506816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\8b0750707e418bbea8a7eed272890585\System.ServiceModel.Web.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\7668fa73a73410f2e00d341a8684e28a\System.Printing.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\5b5fe518d1a632afaae9f24dd18cee2f\System.Drawing.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\0ce1b3a9a0192c2cdb16d848e78e6688\System.Deployment.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll
+ 2012-03-13 07:22 . 2012-03-13 07:22 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 2703360 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Services\b5d6361ffc4e2ab8b2fa989e65267668\System.Data.Services.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 1498112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.OracleC#\f1e8508072fb84206550bc497dc5b49c\System.Data.OracleClient.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 1750528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity.#\463d0d0f836d6286345ae0e7a980d609\System.Data.Entity.Design.ni.dll
+ 2012-03-13 07:22 . 2012-03-13 07:22 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\26671ab09e54e0ecfd23012e32cb6383\System.Activities.Presentation.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\9c49a7b6fb133a307e3804ca7ba35d16\ReachFramework.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\68d02e44d8b1f23c21a116119fbb65d0\PresentationUI.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 1891328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationBuildTa#\2876e05f3ce0df4f38abe04c9bec2e8c\PresentationBuildTasks.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 1824256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\55d6cffb92660d6dfd2e007dc7ed36cb\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll
+ 2012-03-13 07:23 . 2012-03-13 07:23 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
+ 2012-03-13 07:23 . 2012-03-13 07:23 6004736 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build\5417f88ad5b4444a5f1e744fcd8ac9cc\Microsoft.Build.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 3820544 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\ff91cc20786f3ccd7f8efd9c32b969e7\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-03-13 07:23 . 2012-03-13 07:23 2521088 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Eng#\0220591dc78673b4efa66d7848de3f54\Microsoft.Build.Engine.ni.dll
+ 2012-03-13 07:22 . 2012-03-13 07:22 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\ea41875cd4720b16a0a164e1d266c374\AspNetMMCExt.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0f5df23e9f268e9ff4c8033f9865a12a\UIAutomationClientsideProviders.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 1223168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\4dca8783493d21bc2cbbdd5ad65819a1\System.WorkflowServices.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 1971712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\7a4b5fe58999d11fd532120d6f75f6da\System.Workflow.Runtime.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 4462080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\257e00af8ec6389753a9f66ef1711eea\System.Workflow.ComponentModel.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 2871808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\bf2865f9411bf7887ec8377c5642d307\System.Workflow.Activities.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\d6c84e888c7f465844a8ae0e6470e05c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1925632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b6139cfbdbdc57c3ff421204292f4041\System.Web.Services.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 2334208 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\cd802595d26f321d11da210aeedd35cc\System.Web.Mobile.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 3127296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\4cefa390fdd82b25aab99c33cc49e3c0\System.Web.Extensions.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 4535808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\b18af03d37654b9593c660d0ba6968c6\System.Web.DataVisualization.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\90de8ba8101001c8845439cd5f9a76eb\System.Speech.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8c12f469cbd6b8d9718c64a4b2c96d47\System.ServiceModel.Activities.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\746651ce870c2f9cd43bc7246154f81a\System.ServiceModel.Discovery.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 1086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\60ada6691ab37a75d25670eab4e32c5f\System.ServiceModel.Web.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a14816d568ee8c7cc9f9923d979d682d\System.Runtime.Serialization.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d6b9e13a40ed53cfc10e04c023c62a49\System.Runtime.DurableInstancing.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\1141220aff69c63f638ab64e5b0186bc\System.Printing.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2a4589aeec877df58cbbcd633bc18fb6\System.IdentityModel.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6bd4a77663c0e708e0827be849906fdc\System.DirectoryServices.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\84d9ec8b14f9731797c51d31cae12d87\System.Deployment.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 2025984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\546dc84f7a98dd07602ebe6dca6fda7f\System.Data.Services.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\4b28434c73ac4229c7ae7c4f0598e25f\System.Data.Services.Client.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\c8b5d26c88a0f00cfb079bf421298076\System.Data.OracleClient.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 1424384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\f58605285e9bf14f17c39f28d5621628\System.Data.Entity.Design.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\7bbd2b637fbe2a5b17a16cd4fcc3c3ca\System.Activities.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a479b22107e8fe08689d840a3a1a77e9\System.Activities.Presentation.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\819fccf9934ef29a6078d4accbf9ea0c\System.Activities.Core.Presentation.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\073c60e5566fdaab702636f1474233b0\ReachFramework.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\7194eb8e3da784ae30566a64569314a4\PresentationUI.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1479168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\f021e82fdaaf18ca99ff997f6552f947\PresentationBuildTasks.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\9150a80d10ec86440aa59f6fe4b73f9d\Microsoft.VisualBasic.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\573b77cd372bf5452858f6424dbf4a31\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1ae1a98af2c7d3e68c7525bf1395fa61\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fb09c8733a8ef9292079399b25d5d973\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\8b1e797d9c7f5ef773c150e15b07a087\Microsoft.JScript.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 4248064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\faa09803e406df761fee15f3cb4390bb\Microsoft.Build.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\f54f6b0d404f8063e75770dd0f138827\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 1931264 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\4bfe4b4fa5d4fccdcbfc10ff609e6a28\Microsoft.Build.Engine.ni.dll
+ 2011-06-12 12:02 . 2012-03-13 22:05 47142475 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4078119499-3288300230-806680709-1000-8192.dat
- 2011-06-12 12:02 . 2012-03-13 07:07 47142475 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4078119499-3288300230-806680709-1000-8192.dat
+ 2012-03-13 07:27 . 2012-03-13 07:27 17291264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f850dba642b0cc845d9a7d8ac300e243\System.Windows.Forms.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 15761920 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\2605cdaf34cca062227586a12c495d24\System.Web.ni.dll
+ 2012-03-13 07:29 . 2012-03-13 07:29 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll
+ 2012-03-13 07:27 . 2012-03-13 07:27 13300736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\a947e015cf07f17b4e06ef4b1120bf6f\System.Design.ni.dll
+ 2012-03-13 07:28 . 2012-03-13 07:28 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll
+ 2012-03-13 07:22 . 2012-03-13 07:22 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8a4ac50c706da226242a99b871c9f981\PresentationFramework.ni.dll
+ 2012-03-13 07:26 . 2012-03-13 07:26 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll
+ 2012-03-13 07:15 . 2012-03-13 07:15 12079104 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\3c5ebc7acef28749f02bbc1f1c24f51f\System.Web.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c43869b44f633a3ad003a0ad9e79b273\System.ServiceModel.ni.dll
+ 2012-03-13 07:25 . 2012-03-13 07:25 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b642a4ad94ff1e027a128b9796878372\System.Data.Entity.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Facebook Update"="c:\users\Harry\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-6-12 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4078119499-3288300230-806680709-1000Core.job
- c:\users\Harry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 02:48]
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4078119499-3288300230-806680709-1000UA.job
- c:\users\Harry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 02:48]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078119499-3288300230-806680709-1000Core.job
- c:\users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 13:47]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078119499-3288300230-806680709-1000UA.job
- c:\users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 13:47]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078119499-3288300230-806680709-1002Core.job
- c:\users\Aksh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 14:00]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078119499-3288300230-806680709-1002UA.job
- c:\users\Aksh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 14:00]
.
2012-02-19 c:\windows\Tasks\HPCeeScheduleForAksh.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-03-07 c:\windows\Tasks\HPCeeScheduleForHP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-01-21 c:\windows\Tasks\SetupManager.job
- c:\program files (x86)\Hewlett-Packard\Setup Manager\Toaster.exe [2011-03-04 04:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\by28qcbw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.time.com/time/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-13 18:09:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-13 22:09
ComboFix2.txt 2012-03-13 07:30
.
Pre-Run: 806,186,074,112 bytes free
Post-Run: 806,365,003,776 bytes free
.
- - End Of File - - 5991388B6FF56866A28D1B3E35EA000E

The computer seems to be running fine.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 13 March 2012 - 09:37 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Bing Bar Platform
Bing Rewards Client Installer
My Web Search (My Fun Cards)
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 16 March 2012 - 01:57 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 16 March 2012 - 04:18 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo


My apologies; never received the e-mail notification.

MBAM Log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Harry :: HP [administrator]

Protection: Disabled

3/16/2012 4:50:27 PM
mbam-log-2012-03-16 (16-50-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229907
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Aksh\Downloads\Setup (1).exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Users\Aksh\Downloads\Setup.exe (Adware.Gamevance) -> Quarantined and deleted successfully.

(end)


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:15:55 PM, on 3/16/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Harry\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11186 bytes


Problems:

- Google searches redirected
- Random stalling/freezing
- Websites timing out before attempting to establish a connection

All these problems seem to have been fixed.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 17 March 2012 - 12:08 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
      O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Harry\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 17 March 2012 - 01:25 AM

C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll

Win32/Toolbar.MyWebSearch application

C:\Program Files (x86)\Windows Live\Messenger\riched20.dll

Win32/Toolbar.MyWebSearch application

C:\Qoobox\Quarantine\C\Windows\SysWOW64\f3PSSavr.scr.vir

Win32/Toolbar.MyWebSearch application

C:\TDSSKiller_Quarantine\13.03.2012_16.51.30\mbr0000\tdlfs0000\tsk0004.dta

Win32/Olmasco.O trojan

C:\TDSSKiller_Quarantine\13.03.2012_16.51.30\mbr0000\tdlfs0000\tsk0005.dta

Win64/Olmasco.S trojan

C:\TDSSKiller_Quarantine\13.03.2012_16.51.30\mbr0000\tdlfs0000\tsk0006.dta

Win32/Olmasco.O trojan

C:\TDSSKiller_Quarantine\13.03.2012_16.51.30\mbr0000\tdlfs0000\tsk0007.dta

Win64/Olmasco.O trojan

C:\TDSSKiller_Quarantine\13.03.2012_16.51.30\mbr0000\tdlfs0000\tsk0008.dta

Win32/Olmasco.O trojan

C:\TDSSKiller_Quarantine\13.03.2012_16.51.30\mbr0000\tdlfs0000\tsk0009.dta

Win64/Olmasco.R trojan

C:\TDSSKiller_Quarantine\13.03.2012_16.51.30\mbr0000\tdlfs0000\tsk0010.dta

a variant of Win32/Olmasco.Q trojan

C:\TDSSKiller_Quarantine\13.03.2012_16.51.30\mbr0000\tdlfs0000\tsk0011.dta

Win64/Olmasco.X trojan

C:\Users\Gary\AppData\LocalLow\FunWebProducts\Installr\Cache\15D165D6.exe

a variant of Win32/Toolbar.MyWebSearch.O application


Edited by StarkTheWolf, 17 March 2012 - 01:27 AM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 17 March 2012 - 01:34 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files (x86)\Windows Live\Messenger\msimg32.dl"
    del /f /s /q "C:\Program Files (x86)\Windows Live\Messenger\riched20.dll"
    rd /s /q "C:\TDSSKiller_Quarantine\"
    del /f /s /q "C:\Users\Gary\AppData\LocalLow\FunWebProducts\Installr\Cache\15D165D6.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop.

:DeFogger:

Note** This only needs to be run if it was run before - If not then skip it.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users