Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS, google redirects me!


  • This topic is locked This topic is locked
8 replies to this topic

#1 Mogot27

Mogot27

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 23 April 2012 - 04:40 PM

Everytime I click on a search result in Google, it redirects to a different site. Also, pop -ups sometimes appear when I'm doing something else on the internet, like Youtube for example. I have also noticed that my IE browser is running much slower than usual. Any help would be great, thanks.

Here is the log from DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Tj at 22:30:44 on 2012-04-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2815.1247 [GMT 1:00]
.
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\sysWOW64\svchost.exe -k netsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.uk/
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3210&r=173603101616p0485v185y4463925n
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3210&r=173603101616p0485v185y4463925n
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
BHO: Groove GFS Browser Helper: {169821dc-1953-00ee-3827-59b80149155a} - C:\Windows\SysWow64\OobeFlldr.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\Tj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAM.lnk - C:\Program Files (x86)\SAM\SAM.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: mswsock.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F5D9ADC7-1C56-402B-B1A6-3D855E702637} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F5D9ADC7-1C56-402B-B1A6-3D855E702637}\4435C4D22363430325 : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Groove GFS Browser Helper: {169821DC-1953-00EE-3827-59B80149155A} - C:\Windows\SysWow64\OobeFlldr.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-X64: SWEETIE - No File
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
TB-X64: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB-X64: HyperCam Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tj\AppData\Roaming\Mozilla\Firefox\Profiles\p3ya80le.default\
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-6-17 1143416]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110629.050\IDSviA64.sys [2011-6-30 488056]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccsvchst.exe [2012-4-4 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-27 2253120]
R2 SPService;SPService;C:\Windows\sysWOW64\svchost.exe -k netsvc --> C:\Windows\sysWOW64\svchost.exe -k netsvc [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-10-28 240160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-6-9 136824]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 253088]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-10-16 131912]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-23 18:56:14 -------- d-----w- C:\Users\Tj\AppData\Local\{8A2BC6EC-2F7C-4FC9-A880-6F4459BD5ECF}
2012-04-22 22:13:51 -------- d-----w- C:\Users\Tj\AppData\Local\{322573A0-B09C-481B-B052-ECC9A401320B}
2012-04-22 22:13:40 -------- d-----w- C:\Users\Tj\AppData\Local\{0CF5A03F-C338-4336-A16C-D6B557BCC49D}
2012-04-22 16:07:52 -------- d-----w- C:\Users\Tj\AppData\Local\{B38CC4C4-7011-45CC-A978-31A7B8EAAD11}
2012-04-22 16:07:39 -------- d-----w- C:\Users\Tj\AppData\Local\{62048A64-741B-432E-878E-7D18393DC31E}
2012-04-21 11:28:23 -------- d-----w- C:\Users\Tj\AppData\Local\{36009C91-0806-472D-B58B-941501A170C5}
2012-04-21 11:28:13 -------- d-----w- C:\Users\Tj\AppData\Local\{C72C0CDC-639D-4ADE-BBEF-22702358E28F}
2012-04-20 22:24:07 -------- d-----w- C:\Users\Tj\AppData\Local\{D1310D38-0B65-46FC-9E6E-02442EC1B56E}
2012-04-20 22:23:56 -------- d-----w- C:\Users\Tj\AppData\Local\{62A0CCB6-8781-44B1-8345-FCABC3064CDA}
2012-04-20 15:26:16 -------- d-----w- C:\Users\Tj\AppData\Local\{3B9DFABC-0757-41FA-B4F0-ACDAEBF3D599}
2012-04-20 15:25:06 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-20 15:07:15 -------- d-s---w- C:\ComboFix
2012-04-16 19:07:26 98816 ----a-w- C:\Windows\sed.exe
2012-04-16 19:07:26 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-16 19:07:26 256000 ----a-w- C:\Windows\PEV.exe
2012-04-16 19:07:26 208896 ----a-w- C:\Windows\MBR.exe
2012-04-16 16:01:57 -------- d-----w- C:\Users\Tj\AppData\Local\{ED102A0E-96DB-4019-BA2A-0C15D2F02D47}
2012-04-15 14:57:19 -------- d-----w- C:\Users\Tj\AppData\Local\{7983E3C0-CBD6-4CCE-96D5-A35BC46D8DB8}
2012-04-15 12:52:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 12:48:43 -------- d-----w- C:\Users\Tj\AppData\Roaming\Malwarebytes
2012-04-15 12:48:33 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-15 12:48:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-15 12:48:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-13 15:07:40 -------- d-----w- C:\Users\Tj\AppData\Local\Google
2012-04-13 14:49:25 -------- d-----w- C:\Users\Tj\AppData\Local\{547A46DF-75F4-4F3C-ABE5-053BC6EDEB39}
2012-04-13 14:48:44 -------- d-----w- C:\Users\Tj\AppData\Roaming\Tific
2012-04-13 14:48:30 -------- d-----w- C:\Users\Tj\AppData\Local\Symantec
2012-04-12 22:09:39 -------- d-----w- C:\Users\Tj\AppData\Roaming\Iqagiw
2012-04-12 22:09:39 -------- d-----w- C:\Users\Tj\AppData\Roaming\Idgi
2012-04-12 21:37:02 -------- d--h--w- C:\$AVG
2012-04-12 21:37:02 -------- d-----w- C:\ProgramData\AVG2012
2012-04-12 21:35:17 -------- d-----w- C:\Program Files (x86)\AVG
2012-04-12 21:29:00 -------- d--h--w- C:\ProgramData\Common Files
2012-04-12 21:28:00 -------- d-----w- C:\ProgramData\MFAData
2012-04-12 21:19:15 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-12 21:19:15 -------- d-----w- C:\Program Files\AVAST Software
2012-04-11 17:34:42 -------- d-----w- C:\Users\Tj\AppData\Local\LogMeIn Hamachi
2012-04-11 17:33:59 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-04-11 09:36:50 -------- d-----w- C:\Users\Tj\AppData\Local\{23BAE9FA-6533-439F-B8F5-EFD864DCEFC2}
2012-04-10 20:18:10 -------- d-----w- C:\Users\Tj\AppData\Local\{412CA824-FC5E-43BA-9C40-956F6E835845}
2012-04-09 08:38:42 -------- d-----w- C:\Users\Tj\AppData\Local\{14D7A234-3E7F-417C-99CF-F329FBB12FE6}
2012-04-08 17:43:41 -------- d-----w- C:\Users\Tj\AppData\Local\{9AADE460-B7BA-48F0-89CC-0DFFA7B14439}
2012-04-08 07:27:02 -------- d-----w- C:\Users\Tj\AppData\Local\{77238134-EDFD-47C6-BAC8-7E2309B86A82}
2012-04-07 16:42:38 -------- d-----w- C:\Users\Tj\AppData\Roaming\Pamela Call Recorder
2012-04-07 16:42:27 -------- d-----w- C:\Users\Tj\AppData\Roaming\Pamela
2012-04-07 16:42:26 172544 ----a-w- C:\Windows\SysWow64\RemoteControl.dll
2012-04-07 16:42:25 -------- d-----w- C:\Program Files (x86)\PamelaPCR
2012-04-07 09:14:12 -------- d-----w- C:\Users\Tj\AppData\Local\{933AA0F7-85D3-493B-BD1F-E62A0D0A5583}
2012-04-06 18:34:47 -------- d-----w- C:\Users\Tj\AppData\Roaming\SAM
2012-04-06 12:23:54 -------- d-----w- C:\Users\Tj\AppData\Local\{754EDD12-A5FC-49DC-B16F-FC7E70CD5818}
2012-04-05 20:50:11 -------- d-----w- C:\Users\Tj\AppData\Local\The Lord of the Rings Online
2012-04-05 15:37:18 -------- d-----w- C:\Users\Tj\AppData\Local\PMB Files
2012-04-05 15:37:17 -------- d-----w- C:\ProgramData\PMB Files
2012-04-05 15:37:11 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-04-05 15:02:08 -------- d-----w- C:\Users\Tj\AppData\Local\{36A80CA3-76A4-46CB-8E97-D4D7B0C6A443}
2012-04-04 22:10:28 -------- d-----w- C:\Users\Tj\Zomboid
2012-04-04 22:10:06 -------- d-----w- C:\Program Files (x86)\Project Zomboid
2012-04-04 09:31:53 912504 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\symefa64.sys
2012-04-04 09:31:53 744568 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
2012-04-04 09:31:53 450680 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\symds64.sys
2012-04-04 09:31:53 40568 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
2012-04-04 09:31:53 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symnets.sys
2012-04-04 09:31:53 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\ironx64.sys
2012-04-04 09:31:44 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502010.003
2012-04-04 09:11:28 -------- d-----w- C:\Users\Tj\AppData\Local\{8E53F11F-9FCD-441A-BF9D-4A1DCC5D0BCE}
2012-04-03 14:53:07 -------- d-----w- C:\Users\Tj\AppData\Local\{E0FA4A69-B2CF-46BF-ADD1-FA7A29BBB926}
2012-04-02 22:13:15 -------- d-----w- C:\Users\Tj\AppData\Roaming\ManyCam
2012-04-02 22:13:15 -------- d-----w- C:\Users\Tj\AppData\Local\ManyCam
2012-04-02 22:13:11 -------- d-----w- C:\Program Files (x86)\ManyCam
2012-04-02 22:12:51 -------- d-----w- C:\ProgramData\Ask
2012-04-02 11:08:31 -------- d-----w- C:\Users\Tj\AppData\Local\{5CCE5DB4-3656-4522-AD43-811E5F276703}
2012-04-01 09:13:19 -------- d-----w- C:\Users\Tj\AppData\Local\{693A07B3-8F60-4593-90D0-71701AD96084}
2012-03-30 14:57:10 -------- d-----w- C:\Users\Tj\AppData\Local\{A197E3C2-842D-4E54-8926-BEB5CC2F7ABA}
2012-03-29 17:12:26 -------- d-----w- C:\Users\Tj\AppData\Local\{18E01752-4564-4F9C-B436-ADAB4E5FE79A}
2012-03-28 21:13:17 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-28 20:31:17 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-28 14:53:10 -------- d-----w- C:\Users\Tj\AppData\Local\{D76A1E5C-E4F1-4C12-81F0-41FDBE2685C9}
2012-03-27 18:39:19 -------- d-----w- C:\Users\Tj\AppData\Local\{91E6096A-FE98-4D1E-B923-C3AC39ABCC26}
2012-03-27 18:39:08 -------- d-----w- C:\Users\Tj\AppData\Local\{35DAD97C-0A8B-46AA-8D36-6329FE071898}
2012-03-26 17:40:48 -------- d-----w- C:\Users\Tj\AppData\Local\{D1339BA9-276A-4AC7-9DA6-42A2FD188FFF}
2012-03-26 17:40:37 -------- d-----w- C:\Users\Tj\AppData\Local\{A76BF571-D58E-460E-9504-2322A5C3B88A}
2012-03-26 14:52:57 -------- d-----w- C:\Users\Tj\AppData\Local\{6EC7C6C5-1AA7-49BA-A844-8D7DB30825B3}
2012-03-26 14:52:45 -------- d-----w- C:\Users\Tj\AppData\Local\{A04DFE46-646E-40DF-A281-3317AD8C699D}
2012-03-25 08:56:44 -------- d-----w- C:\Users\Tj\AppData\Local\{8CACD243-01FB-43E1-BD0A-1C94CEDB64B5}
.
==================== Find3M ====================
.
2012-04-15 14:13:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 05:26:10 28160 ----a-w- C:\Windows\System32\drivers\mcaudrv_x64.sys
2012-02-07 16:44:32 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2012-02-07 16:44:31 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
.
============= FINISH: 22:31:57.08 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 24 April 2012 - 12:19 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Mogot27

Mogot27
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 24 April 2012 - 12:07 PM

Log from Security Check:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Java™ 6 Update 25
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (4.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````


Log from ComboFix:

ComboFix 12-04-16.02 - Tj 24/04/2012 17:55:07.2.3 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2815.1490 [GMT 1:00]
Running from: c:\users\Tj\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 16:58 . 2012-04-24 16:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-24 16:54 . 2012-04-24 16:54 -------- d-----w- c:\users\Tj\AppData\Local\My Games
2012-04-24 15:03 . 2012-04-24 15:07 -------- d-----w- c:\users\Tj\AppData\Roaming\Ymirzo
2012-04-24 15:03 . 2012-04-24 15:03 -------- d-----w- c:\users\Tj\AppData\Roaming\Gysuc
2012-04-24 15:03 . 2012-04-24 15:03 -------- d-----w- c:\users\Tj\AppData\Roaming\Efca
2012-04-24 15:03 . 2012-04-24 15:03 180224 ----a-w- c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ylqit.exe
2012-04-24 15:03 . 2012-04-24 15:03 180224 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\wuyn.exe
2012-04-15 12:52 . 2012-04-21 12:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 12:48 . 2012-04-15 12:48 -------- d-----w- c:\users\Tj\AppData\Roaming\Malwarebytes
2012-04-15 12:48 . 2012-04-15 12:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-15 12:48 . 2012-04-15 12:48 -------- d-----w- c:\programdata\Malwarebytes
2012-04-15 12:48 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 15:07 . 2012-04-13 15:16 -------- d-----w- c:\users\Tj\AppData\Local\Google
2012-04-13 15:07 . 2012-04-13 15:10 -------- d-----w- c:\program files (x86)\Google
2012-04-13 14:48 . 2012-04-13 14:48 -------- d-----w- c:\users\Tj\AppData\Roaming\Tific
2012-04-13 14:48 . 2012-04-13 14:48 -------- d-----w- c:\users\Tj\AppData\Local\Symantec
2012-04-12 22:09 . 2012-04-12 22:10 -------- d-----w- c:\users\Tj\AppData\Roaming\Idgi
2012-04-12 22:09 . 2012-04-12 22:09 -------- d-----w- c:\users\Tj\AppData\Roaming\Iqagiw
2012-04-12 21:37 . 2012-04-13 23:33 -------- d-----w- c:\programdata\AVG2012
2012-04-12 21:37 . 2012-04-12 21:37 -------- d-----w- C:\$AVG
2012-04-12 21:35 . 2012-04-13 23:30 -------- d-----w- c:\program files (x86)\AVG
2012-04-12 21:29 . 2012-04-12 21:29 -------- d--h--w- c:\programdata\Common Files
2012-04-12 21:28 . 2012-04-13 23:43 -------- d-----w- c:\programdata\MFAData
2012-04-12 21:20 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-12 21:19 . 2012-04-13 15:06 -------- d-----w- c:\programdata\AVAST Software
2012-04-12 21:19 . 2012-04-13 15:06 -------- d-----w- c:\program files\AVAST Software
2012-04-12 20:54 . 2012-04-12 20:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-11 17:34 . 2012-04-24 17:00 -------- d-----w- c:\users\Tj\AppData\Local\LogMeIn Hamachi
2012-04-11 17:33 . 2012-04-11 17:34 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-04-07 16:42 . 2012-04-07 16:43 -------- d-----w- c:\users\Tj\AppData\Roaming\Pamela Call Recorder
2012-04-07 16:42 . 2012-04-07 16:42 -------- d-----w- c:\users\Tj\AppData\Roaming\Pamela
2012-04-07 16:42 . 2012-04-07 16:42 172544 ----a-w- c:\windows\SysWow64\RemoteControl.dll
2012-04-07 16:42 . 2012-04-13 23:41 -------- d-----w- c:\program files (x86)\PamelaPCR
2012-04-06 18:34 . 2012-04-06 18:34 -------- d-----w- c:\users\Tj\AppData\Roaming\SAM
2012-04-05 20:50 . 2012-04-05 20:50 -------- d-----w- c:\users\Tj\AppData\Local\The Lord of the Rings Online
2012-04-05 15:37 . 2012-04-06 22:58 -------- d-----w- c:\users\Tj\AppData\Local\PMB Files
2012-04-05 15:37 . 2012-04-06 12:31 -------- d-----w- c:\programdata\PMB Files
2012-04-05 15:37 . 2012-04-13 23:41 -------- d-----w- c:\program files (x86)\Pando Networks
2012-04-04 22:10 . 2012-04-04 22:16 -------- d-----w- c:\users\Tj\Zomboid
2012-04-04 22:10 . 2012-04-13 23:41 -------- d-----w- c:\program files (x86)\Project Zomboid
2012-04-04 09:31 . 2012-04-04 13:18 -------- d-----w- c:\windows\system32\drivers\N360x64\0502010.003
2012-04-02 22:13 . 2012-04-02 22:13 -------- d-----w- c:\users\Tj\AppData\Roaming\ManyCam
2012-04-02 22:13 . 2012-04-02 22:13 -------- d-----w- c:\users\Tj\AppData\Local\ManyCam
2012-04-02 22:13 . 2012-04-13 23:40 -------- d-----w- c:\program files (x86)\ManyCam
2012-04-02 22:12 . 2012-04-13 23:41 -------- d-----w- c:\programdata\Ask
2012-03-28 21:13 . 2012-04-15 14:13 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-28 20:31 . 2012-04-15 14:13 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 14:13 . 2011-05-18 16:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 05:26 . 2012-02-28 05:26 28160 ----a-w- c:\windows\system32\drivers\mcaudrv_x64.sys
2012-02-07 16:44 . 2012-02-07 16:44 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-02-07 16:44 . 2012-02-07 16:44 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-13 16:25 1438520 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Ehasbaoqa"="c:\users\Tj\AppData\Roaming\Efca\ginyd.exe" [2010-12-06 180224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
c:\users\Tj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SAM.lnk - c:\program files (x86)\SAM\SAM.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wuyn.exe [2012-4-24 180224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 SPService;SPService;c:\windows\sysWOW64\svchost.exe [2009-07-14 20992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-02-16 131912]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\Tj\AppData\Local\Temp\001EABC.tmp [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110629.050\IDSvia64.sys [2011-06-03 488056]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-06-09 136824]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 14:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
infrastructure
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: mswsock.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Tj\AppData\Roaming\Mozilla\Firefox\Profiles\p3ya80le.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{169821DC-1953-00EE-3827-59B80149155A} - c:\windows\SysWow64\OobeFlldr.dll
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
Wow6432Node-HKLM-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe
SafeBoot-08470607.sys
SafeBoot-15847736.sys
SafeBoot-28921221.sys
SafeBoot-59788962.sys
SafeBoot-63238464.sys
SafeBoot-72141739.sys
SafeBoot-93955960.sys
Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Desura - c:\program files (x86)\Common Files\Desura\\Desura_Uninstaller.exe
AddRemove-Desura_62350040236064 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-EA Download Manager - c:\program files (x86)\Electronic Arts\EADM\EADMUninstall.exe
AddRemove-Fallout_is1 - c:\program files (x86)\GOG.com\Fallout\unins000.exe
AddRemove-Metaboli - c:\program files (x86)\Packard Bell\metaboli\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\Tj\AppData\Local\Temp\001EABC.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1956528259-1469322145-758387781-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1956528259-1469322145-758387781-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1956528259-1469322145-758387781-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d8,65,52,e0,d2,28,eb,9a,b8,ba,bf,34,9d,da,76,03,e4,ba,74,16,06,ec,15,
05,9c,03,75,0b,a0,ad,6f,b9,f9,d3,13,86,93,9f,15,3b,72,6a,40,b8,06,42,f5,24,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1956528259-1469322145-758387781-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:8b,6f,54,85,66,19,1e,c9,32,1d,3d,2a,d0,e3,31,ee,4c,80,44,93,b6,
b1,51,52,c4,ce,88,e1,35,a5,e3,fa,9e,8e,b2,b8,64,eb,2f,00,ca,fa,0d,79,51,96,\
"rkeysecu"=hex:4a,e6,ae,2f,0a,90,29,90,b6,67,58,2a,b4,45,7b,cb
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-04-24 18:05:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-24 17:05
.
Pre-Run: 10,757,513,216 bytes free
Post-Run: 11,171,655,680 bytes free
.
- - End Of File - - E0282BBC340F1CB6E5BA03E9A8EB863B

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 24 April 2012 - 12:34 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Mogot27

Mogot27
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 25 April 2012 - 12:26 PM

TDSS Killer:

18:11:46.0965 2396 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
18:11:49.0103 2396 ============================================================
18:11:49.0103 2396 Current date / time: 2012/04/25 18:11:49.0103
18:11:49.0103 2396 SystemInfo:
18:11:49.0103 2396
18:11:49.0103 2396 OS Version: 6.1.7600 ServicePack: 0.0
18:11:49.0103 2396 Product type: Workstation
18:11:49.0103 2396 ComputerName: TJ-PC
18:11:49.0103 2396 UserName: Tj
18:11:49.0103 2396 Windows directory: C:\Windows
18:11:49.0103 2396 System windows directory: C:\Windows
18:11:49.0103 2396 Running under WOW64
18:11:49.0103 2396 Processor architecture: Intel x64
18:11:49.0103 2396 Number of processors: 3
18:11:49.0103 2396 Page size: 0x1000
18:11:49.0103 2396 Boot type: Normal boot
18:11:49.0103 2396 ============================================================
18:11:51.0708 2396 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:11:51.0723 2396 \Device\Harddisk0\DR0:
18:11:51.0723 2396 MBR partitions:
18:11:51.0723 2396 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
18:11:51.0723 2396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x11DE7000
18:11:51.0723 2396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13619800, BlocksNum 0x11E14800
18:11:51.0770 2396 C: <-> \Device\Harddisk0\DR0\Partition1
18:11:51.0833 2396 D: <-> \Device\Harddisk0\DR0\Partition2
18:11:51.0833 2396 Initialize success
18:11:51.0833 2396 ============================================================
18:11:53.0439 1608 ============================================================
18:11:53.0439 1608 Scan started
18:11:53.0439 1608 Mode: Manual;
18:11:53.0439 1608 ============================================================
18:11:54.0797 1608 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:11:54.0797 1608 1394ohci - ok
18:11:54.0843 1608 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:11:54.0843 1608 ACPI - ok
18:11:54.0875 1608 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:11:54.0875 1608 AcpiPmi - ok
18:11:54.0953 1608 AdobeActiveFileMonitor7.0 (6d9fc1e7ea3c548f4d3455f0c3feef8c) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
18:11:54.0968 1608 AdobeActiveFileMonitor7.0 - ok
18:11:55.0077 1608 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:11:55.0077 1608 AdobeFlashPlayerUpdateSvc - ok
18:11:55.0358 1608 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:11:55.0374 1608 adp94xx - ok
18:11:55.0467 1608 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:11:55.0467 1608 adpahci - ok
18:11:55.0483 1608 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:11:55.0483 1608 adpu320 - ok
18:11:55.0499 1608 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:11:55.0499 1608 AeLookupSvc - ok
18:11:55.0577 1608 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
18:11:55.0577 1608 AFD - ok
18:11:55.0592 1608 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:11:55.0608 1608 agp440 - ok
18:11:55.0623 1608 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:11:55.0623 1608 ALG - ok
18:11:55.0639 1608 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:11:55.0639 1608 aliide - ok
18:11:55.0670 1608 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:11:55.0670 1608 amdide - ok
18:11:55.0717 1608 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:11:55.0717 1608 AmdK8 - ok
18:11:55.0748 1608 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:11:55.0748 1608 AmdPPM - ok
18:11:55.0795 1608 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:11:55.0795 1608 amdsata - ok
18:11:55.0826 1608 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:11:55.0826 1608 amdsbs - ok
18:11:55.0857 1608 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:11:55.0857 1608 amdxata - ok
18:11:55.0904 1608 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:11:55.0904 1608 AppID - ok
18:11:55.0920 1608 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:11:55.0920 1608 AppIDSvc - ok
18:11:55.0935 1608 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:11:55.0951 1608 Appinfo - ok
18:11:56.0123 1608 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:11:56.0123 1608 Apple Mobile Device - ok
18:11:56.0169 1608 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:11:56.0169 1608 arc - ok
18:11:56.0185 1608 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:11:56.0185 1608 arcsas - ok
18:11:56.0341 1608 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:11:56.0341 1608 aspnet_state - ok
18:11:56.0388 1608 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:11:56.0388 1608 AsyncMac - ok
18:11:56.0419 1608 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:11:56.0419 1608 atapi - ok
18:11:56.0466 1608 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
18:11:56.0466 1608 atksgt - ok
18:11:56.0528 1608 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:11:56.0528 1608 AudioEndpointBuilder - ok
18:11:56.0544 1608 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:11:56.0544 1608 AudioSrv - ok
18:11:56.0591 1608 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:11:56.0591 1608 AxInstSV - ok
18:11:56.0622 1608 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:11:56.0637 1608 b06bdrv - ok
18:11:56.0669 1608 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:11:56.0669 1608 b57nd60a - ok
18:11:56.0700 1608 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:11:56.0700 1608 BDESVC - ok
18:11:56.0715 1608 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:11:56.0715 1608 Beep - ok
18:11:56.0762 1608 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:11:56.0778 1608 BFE - ok
18:11:57.0059 1608 BHDrvx64 (2175fbc1639e623872081b0f057409c8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx64.sys
18:11:57.0059 1608 BHDrvx64 - ok
18:11:57.0137 1608 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
18:11:57.0152 1608 BITS - ok
18:11:57.0183 1608 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:11:57.0183 1608 blbdrive - ok
18:11:57.0324 1608 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:11:57.0339 1608 Bonjour Service - ok
18:11:57.0402 1608 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:11:57.0402 1608 bowser - ok
18:11:57.0449 1608 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:11:57.0449 1608 BrFiltLo - ok
18:11:57.0464 1608 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:11:57.0464 1608 BrFiltUp - ok
18:11:57.0511 1608 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:11:57.0511 1608 BridgeMP - ok
18:11:57.0542 1608 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:11:57.0542 1608 Browser - ok
18:11:57.0573 1608 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:11:57.0573 1608 Brserid - ok
18:11:57.0589 1608 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:11:57.0589 1608 BrSerWdm - ok
18:11:57.0605 1608 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:11:57.0620 1608 BrUsbMdm - ok
18:11:57.0636 1608 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:11:57.0636 1608 BrUsbSer - ok
18:11:57.0667 1608 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:11:57.0667 1608 BTHMODEM - ok
18:11:57.0714 1608 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:11:57.0714 1608 bthserv - ok
18:11:57.0729 1608 catchme - ok
18:11:57.0776 1608 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:11:57.0776 1608 cdfs - ok
18:11:57.0807 1608 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:11:57.0807 1608 cdrom - ok
18:11:57.0854 1608 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:11:57.0854 1608 CertPropSvc - ok
18:11:57.0870 1608 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:11:57.0870 1608 circlass - ok
18:11:58.0353 1608 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:11:58.0650 1608 CLFS - ok
18:11:58.0697 1608 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:11:58.0712 1608 clr_optimization_v2.0.50727_32 - ok
18:11:58.0759 1608 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:11:58.0759 1608 clr_optimization_v2.0.50727_64 - ok
18:11:58.0868 1608 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:11:58.0977 1608 clr_optimization_v4.0.30319_32 - ok
18:11:59.0024 1608 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:11:59.0040 1608 clr_optimization_v4.0.30319_64 - ok
18:11:59.0118 1608 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:11:59.0118 1608 CmBatt - ok
18:11:59.0133 1608 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:11:59.0133 1608 cmdide - ok
18:11:59.0430 1608 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
18:11:59.0492 1608 CNG - ok
18:11:59.0523 1608 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:11:59.0523 1608 Compbatt - ok
18:11:59.0570 1608 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:11:59.0570 1608 CompositeBus - ok
18:11:59.0570 1608 COMSysApp - ok
18:11:59.0586 1608 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:11:59.0601 1608 crcdisk - ok
18:11:59.0617 1608 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
18:11:59.0633 1608 CryptSvc - ok
18:11:59.0664 1608 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:11:59.0679 1608 DcomLaunch - ok
18:11:59.0711 1608 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:11:59.0711 1608 defragsvc - ok
18:11:59.0851 1608 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
18:11:59.0851 1608 Desura Install Service - ok
18:11:59.0960 1608 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:11:59.0960 1608 DfsC - ok
18:12:00.0007 1608 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:12:00.0023 1608 Dhcp - ok
18:12:00.0069 1608 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:12:00.0069 1608 discache - ok
18:12:00.0085 1608 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:12:00.0085 1608 Disk - ok
18:12:00.0132 1608 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:12:00.0132 1608 Dnscache - ok
18:12:00.0194 1608 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:12:00.0194 1608 dot3svc - ok
18:12:00.0210 1608 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:12:00.0210 1608 DPS - ok
18:12:00.0272 1608 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:12:00.0272 1608 drmkaud - ok
18:12:00.0335 1608 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:12:00.0335 1608 DXGKrnl - ok
18:12:00.0397 1608 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:12:00.0397 1608 EapHost - ok
18:12:00.0491 1608 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:12:00.0553 1608 ebdrv - ok
18:12:00.0678 1608 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:12:00.0678 1608 eeCtrl - ok
18:12:00.0756 1608 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
18:12:00.0756 1608 EFS - ok
18:12:00.0803 1608 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:12:00.0818 1608 ehRecvr - ok
18:12:00.0834 1608 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:12:00.0834 1608 ehSched - ok
18:12:00.0881 1608 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:12:00.0881 1608 elxstor - ok
18:12:01.0005 1608 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:12:01.0005 1608 EraserUtilRebootDrv - ok
18:12:01.0068 1608 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:12:01.0068 1608 ErrDev - ok
18:12:01.0115 1608 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:12:01.0115 1608 EventSystem - ok
18:12:01.0146 1608 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:12:01.0161 1608 exfat - ok
18:12:01.0177 1608 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:12:01.0177 1608 fastfat - ok
18:12:01.0239 1608 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:12:01.0255 1608 Fax - ok
18:12:01.0286 1608 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:12:01.0286 1608 fdc - ok
18:12:01.0302 1608 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:12:01.0317 1608 fdPHost - ok
18:12:01.0317 1608 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:12:01.0317 1608 FDResPub - ok
18:12:01.0333 1608 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:12:01.0333 1608 FileInfo - ok
18:12:01.0349 1608 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:12:01.0364 1608 Filetrace - ok
18:12:01.0473 1608 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:12:01.0473 1608 FLEXnet Licensing Service - ok
18:12:01.0489 1608 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:12:01.0489 1608 flpydisk - ok
18:12:01.0520 1608 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:12:01.0520 1608 FltMgr - ok
18:12:01.0583 1608 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
18:12:01.0598 1608 FontCache - ok
18:12:01.0645 1608 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:12:01.0645 1608 FontCache3.0.0.0 - ok
18:12:01.0723 1608 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
18:12:01.0739 1608 ForceWare Intelligent Application Manager (IAM) - ok
18:12:01.0770 1608 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:12:01.0770 1608 FsDepends - ok
18:12:01.0785 1608 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:12:01.0785 1608 Fs_Rec - ok
18:12:01.0848 1608 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:12:01.0848 1608 fvevol - ok
18:12:01.0863 1608 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:12:01.0863 1608 gagp30kx - ok
18:12:01.0910 1608 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:12:01.0910 1608 GEARAspiWDM - ok
18:12:01.0941 1608 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:12:01.0957 1608 gpsvc - ok
18:12:02.0066 1608 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
18:12:02.0082 1608 Greg_Service - ok
18:12:02.0207 1608 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
18:12:02.0207 1608 hamachi - ok
18:12:02.0300 1608 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
18:12:02.0331 1608 Hamachi2Svc - ok
18:12:02.0347 1608 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:12:02.0347 1608 hcw85cir - ok
18:12:02.0394 1608 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:12:02.0394 1608 HdAudAddService - ok
18:12:02.0441 1608 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:12:02.0441 1608 HDAudBus - ok
18:12:02.0456 1608 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:12:02.0472 1608 HidBatt - ok
18:12:02.0503 1608 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:12:02.0503 1608 HidBth - ok
18:12:02.0519 1608 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:12:02.0519 1608 HidIr - ok
18:12:02.0550 1608 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:12:02.0550 1608 hidserv - ok
18:12:02.0550 1608 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:12:02.0550 1608 HidUsb - ok
18:12:02.0581 1608 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:12:02.0581 1608 hkmsvc - ok
18:12:02.0612 1608 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:12:02.0612 1608 HomeGroupListener - ok
18:12:02.0675 1608 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:12:02.0675 1608 HomeGroupProvider - ok
18:12:02.0706 1608 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:12:02.0706 1608 HpSAMD - ok
18:12:02.0737 1608 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:12:02.0753 1608 HTTP - ok
18:12:02.0768 1608 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:12:02.0768 1608 hwpolicy - ok
18:12:02.0799 1608 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:12:02.0799 1608 i8042prt - ok
18:12:02.0831 1608 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:12:02.0846 1608 iaStorV - ok
18:12:02.0971 1608 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:12:02.0987 1608 IDriverT - ok
18:12:03.0033 1608 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:12:03.0049 1608 idsvc - ok
18:12:03.0299 1608 IDSVia64 (d321ff68ff6986bcc18fe85943cb55ef) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110629.050\IDSvia64.sys
18:12:03.0299 1608 IDSVia64 - ok
18:12:03.0377 1608 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:12:03.0377 1608 iirsp - ok
18:12:03.0423 1608 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:12:03.0423 1608 IKEEXT - ok
18:12:03.0501 1608 infrastructure (5f22132c9153639762708909f156b33d) C:\Windows\system32\ZD1211BU(ZyDAS).dll
18:12:03.0501 1608 infrastructure ( Backdoor.Multi.ZAccess.gen ) - infected
18:12:03.0501 1608 infrastructure - detected Backdoor.Multi.ZAccess.gen (0)
18:12:03.0767 1608 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
18:12:03.0767 1608 IntcAzAudAddService - ok
18:12:03.0813 1608 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:12:03.0813 1608 intelide - ok
18:12:03.0845 1608 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:12:03.0845 1608 intelppm - ok
18:12:03.0860 1608 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:12:03.0876 1608 IPBusEnum - ok
18:12:03.0891 1608 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:12:03.0891 1608 IpFilterDriver - ok
18:12:03.0923 1608 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:12:03.0938 1608 iphlpsvc - ok
18:12:03.0954 1608 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:12:03.0954 1608 IPMIDRV - ok
18:12:04.0001 1608 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:12:04.0001 1608 IPNAT - ok
18:12:04.0110 1608 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
18:12:04.0125 1608 iPod Service - ok
18:12:04.0172 1608 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:12:04.0172 1608 IRENUM - ok
18:12:04.0188 1608 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:12:04.0188 1608 isapnp - ok
18:12:04.0219 1608 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:12:04.0235 1608 iScsiPrt - ok
18:12:04.0281 1608 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:12:04.0281 1608 kbdclass - ok
18:12:04.0328 1608 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:12:04.0328 1608 kbdhid - ok
18:12:04.0344 1608 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:12:04.0359 1608 KeyIso - ok
18:12:04.0359 1608 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
18:12:04.0375 1608 KSecDD - ok
18:12:04.0406 1608 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
18:12:04.0406 1608 KSecPkg - ok
18:12:04.0422 1608 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:12:04.0437 1608 ksthunk - ok
18:12:04.0453 1608 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:12:04.0469 1608 KtmRm - ok
18:12:04.0515 1608 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
18:12:04.0515 1608 LanmanServer - ok
18:12:04.0547 1608 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:12:04.0547 1608 LanmanWorkstation - ok
18:12:04.0609 1608 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
18:12:04.0609 1608 lirsgt - ok
18:12:04.0656 1608 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:12:04.0656 1608 lltdio - ok
18:12:04.0718 1608 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:12:04.0718 1608 lltdsvc - ok
18:12:04.0734 1608 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:12:04.0734 1608 lmhosts - ok
18:12:04.0781 1608 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:12:04.0781 1608 LSI_FC - ok
18:12:04.0796 1608 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:12:04.0796 1608 LSI_SAS - ok
18:12:04.0812 1608 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:12:04.0812 1608 LSI_SAS2 - ok
18:12:04.0827 1608 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:12:04.0827 1608 LSI_SCSI - ok
18:12:04.0859 1608 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:12:04.0859 1608 luafv - ok
18:12:04.0937 1608 ManyCam (922cbac7b992b9614cab7122f4bf9406) C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
18:12:04.0937 1608 ManyCam - ok
18:12:04.0983 1608 mcaudrv_simple (34a42dd7cf525d0d2c5232916496e4b8) C:\Windows\system32\drivers\mcaudrv_x64.sys
18:12:04.0983 1608 mcaudrv_simple - ok
18:12:04.0999 1608 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:12:04.0999 1608 Mcx2Svc - ok
18:12:05.0015 1608 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:12:05.0015 1608 megasas - ok
18:12:05.0061 1608 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:12:05.0061 1608 MegaSR - ok
18:12:05.0077 1608 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:12:05.0077 1608 MMCSS - ok
18:12:05.0093 1608 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:12:05.0093 1608 Modem - ok
18:12:05.0139 1608 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:12:05.0139 1608 monitor - ok
18:12:05.0171 1608 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:12:05.0171 1608 mouclass - ok
18:12:05.0186 1608 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:12:05.0186 1608 mouhid - ok
18:12:05.0202 1608 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:12:05.0202 1608 mountmgr - ok
18:12:05.0233 1608 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:12:05.0233 1608 mpio - ok
18:12:05.0249 1608 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:12:05.0249 1608 mpsdrv - ok
18:12:05.0327 1608 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:12:05.0327 1608 MpsSvc - ok
18:12:05.0373 1608 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:12:05.0373 1608 MRxDAV - ok
18:12:05.0420 1608 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:12:05.0420 1608 mrxsmb - ok
18:12:05.0483 1608 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:12:05.0483 1608 mrxsmb10 - ok
18:12:05.0529 1608 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:12:05.0529 1608 mrxsmb20 - ok
18:12:05.0561 1608 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:12:05.0561 1608 msahci - ok
18:12:05.0576 1608 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:12:05.0576 1608 msdsm - ok
18:12:05.0607 1608 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:12:05.0607 1608 MSDTC - ok
18:12:05.0639 1608 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:12:05.0639 1608 Msfs - ok
18:12:05.0670 1608 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:12:05.0685 1608 mshidkmdf - ok
18:12:05.0685 1608 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:12:05.0685 1608 msisadrv - ok
18:12:05.0732 1608 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:12:05.0732 1608 MSiSCSI - ok
18:12:05.0732 1608 msiserver - ok
18:12:05.0763 1608 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:12:05.0779 1608 MSKSSRV - ok
18:12:05.0795 1608 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:12:05.0795 1608 MSPCLOCK - ok
18:12:05.0810 1608 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:12:05.0826 1608 MSPQM - ok
18:12:05.0841 1608 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:12:05.0841 1608 MsRPC - ok
18:12:05.0873 1608 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:12:05.0873 1608 mssmbios - ok
18:12:05.0888 1608 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:12:05.0888 1608 MSTEE - ok
18:12:05.0904 1608 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:12:05.0904 1608 MTConfig - ok
18:12:05.0935 1608 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:12:05.0935 1608 Mup - ok
18:12:06.0044 1608 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
18:12:06.0044 1608 N360 - ok
18:12:06.0075 1608 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:12:06.0091 1608 napagent - ok
18:12:06.0153 1608 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:12:06.0153 1608 NativeWifiP - ok
18:12:06.0341 1608 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110630.002\ENG64.SYS
18:12:06.0341 1608 NAVENG - ok
18:12:06.0497 1608 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110630.002\EX64.SYS
18:12:06.0528 1608 NAVEX15 - ok
18:12:07.0199 1608 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:12:07.0729 1608 NDIS - ok
18:12:07.0776 1608 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:12:07.0776 1608 NdisCap - ok
18:12:07.0823 1608 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:12:07.0823 1608 NdisTapi - ok
18:12:07.0869 1608 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:12:07.0869 1608 Ndisuio - ok
18:12:07.0885 1608 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:12:07.0885 1608 NdisWan - ok
18:12:07.0901 1608 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:12:07.0901 1608 NDProxy - ok
18:12:07.0994 1608 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:12:08.0010 1608 Nero BackItUp Scheduler 4.0 - ok
18:12:08.0057 1608 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:12:08.0057 1608 NetBIOS - ok
18:12:08.0088 1608 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:12:08.0088 1608 NetBT - ok
18:12:08.0103 1608 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:12:08.0103 1608 Netlogon - ok
18:12:08.0150 1608 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:12:08.0150 1608 Netman - ok
18:12:08.0275 1608 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:12:08.0306 1608 NetMsmqActivator - ok
18:12:08.0306 1608 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:12:08.0306 1608 NetPipeActivator - ok
18:12:08.0353 1608 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:12:08.0369 1608 netprofm - ok
18:12:08.0384 1608 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:12:08.0384 1608 NetTcpActivator - ok
18:12:08.0384 1608 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:12:08.0400 1608 NetTcpPortSharing - ok
18:12:08.0415 1608 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:12:08.0415 1608 nfrd960 - ok
18:12:08.0478 1608 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:12:08.0478 1608 NlaSvc - ok
18:12:08.0493 1608 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:12:08.0493 1608 Npfs - ok
18:12:08.0525 1608 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:12:08.0525 1608 nsi - ok
18:12:08.0540 1608 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:12:08.0540 1608 nsiproxy - ok
18:12:08.0618 1608 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
18:12:08.0618 1608 nSvcIp - ok
18:12:08.0696 1608 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:12:08.0727 1608 Ntfs - ok
18:12:08.0743 1608 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:12:08.0743 1608 Null - ok
18:12:08.0774 1608 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
18:12:08.0790 1608 NVENETFD - ok
18:12:08.0852 1608 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
18:12:08.0852 1608 NVHDA - ok
18:12:09.0102 1608 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:12:09.0164 1608 nvlddmkm - ok
18:12:09.0258 1608 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys
18:12:09.0258 1608 NVNET - ok
18:12:09.0289 1608 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:12:09.0289 1608 nvraid - ok
18:12:09.0336 1608 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
18:12:09.0336 1608 nvsmu - ok
18:12:09.0383 1608 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:12:09.0383 1608 nvstor - ok
18:12:09.0398 1608 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
18:12:09.0398 1608 nvstor64 - ok
18:12:09.0461 1608 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
18:12:09.0492 1608 nvsvc - ok
18:12:09.0679 1608 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:12:09.0710 1608 nvUpdatusService - ok
18:12:09.0773 1608 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:12:09.0788 1608 nv_agp - ok
18:12:09.0851 1608 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:12:09.0851 1608 odserv - ok
18:12:09.0866 1608 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:12:09.0866 1608 ohci1394 - ok
18:12:09.0913 1608 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:12:09.0913 1608 ose - ok
18:12:09.0960 1608 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:12:09.0960 1608 p2pimsvc - ok
18:12:09.0991 1608 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:12:09.0991 1608 p2psvc - ok
18:12:10.0022 1608 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:12:10.0022 1608 Parport - ok
18:12:10.0038 1608 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:12:10.0038 1608 partmgr - ok
18:12:10.0069 1608 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:12:10.0069 1608 PcaSvc - ok
18:12:10.0085 1608 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:12:10.0085 1608 pci - ok
18:12:10.0100 1608 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:12:10.0100 1608 pciide - ok
18:12:10.0116 1608 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:12:10.0116 1608 pcmcia - ok
18:12:10.0131 1608 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:12:10.0131 1608 pcw - ok
18:12:10.0163 1608 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:12:10.0163 1608 PEAUTH - ok
18:12:10.0225 1608 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:12:10.0225 1608 PerfHost - ok
18:12:10.0287 1608 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:12:10.0303 1608 pla - ok
18:12:10.0381 1608 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:12:10.0381 1608 PlugPlay - ok
18:12:10.0397 1608 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:12:10.0397 1608 PNRPAutoReg - ok
18:12:10.0412 1608 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:12:10.0428 1608 PNRPsvc - ok
18:12:10.0459 1608 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:12:10.0475 1608 PolicyAgent - ok
18:12:10.0506 1608 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:12:10.0506 1608 Power - ok
18:12:10.0553 1608 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:12:10.0553 1608 PptpMiniport - ok
18:12:10.0599 1608 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:12:10.0599 1608 Processor - ok
18:12:10.0631 1608 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
18:12:10.0631 1608 ProfSvc - ok
18:12:10.0662 1608 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:12:10.0662 1608 ProtectedStorage - ok
18:12:10.0693 1608 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:12:10.0693 1608 Psched - ok
18:12:10.0771 1608 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
18:12:10.0771 1608 PxHlpa64 - ok
18:12:10.0849 1608 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:12:10.0880 1608 ql2300 - ok
18:12:10.0896 1608 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:12:10.0896 1608 ql40xx - ok
18:12:10.0927 1608 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:12:10.0927 1608 QWAVE - ok
18:12:10.0943 1608 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:12:10.0943 1608 QWAVEdrv - ok
18:12:10.0974 1608 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:12:10.0974 1608 RasAcd - ok
18:12:11.0005 1608 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:12:11.0005 1608 RasAgileVpn - ok
18:12:11.0021 1608 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:12:11.0021 1608 RasAuto - ok
18:12:11.0052 1608 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:12:11.0052 1608 Rasl2tp - ok
18:12:11.0083 1608 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:12:11.0083 1608 RasMan - ok
18:12:11.0099 1608 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:12:11.0099 1608 RasPppoe - ok
18:12:11.0145 1608 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:12:11.0145 1608 RasSstp - ok
18:12:11.0192 1608 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:12:11.0192 1608 rdbss - ok
18:12:11.0208 1608 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:12:11.0208 1608 rdpbus - ok
18:12:11.0239 1608 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:12:11.0239 1608 RDPCDD - ok
18:12:11.0270 1608 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:12:11.0270 1608 RDPENCDD - ok
18:12:11.0286 1608 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:12:11.0286 1608 RDPREFMP - ok
18:12:11.0301 1608 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
18:12:11.0317 1608 RDPWD - ok
18:12:11.0333 1608 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:12:11.0333 1608 rdyboost - ok
18:12:11.0395 1608 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:12:11.0395 1608 RemoteAccess - ok
18:12:11.0426 1608 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:12:11.0442 1608 RemoteRegistry - ok
18:12:11.0457 1608 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:12:11.0457 1608 RpcEptMapper - ok
18:12:11.0489 1608 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:12:11.0489 1608 RpcLocator - ok
18:12:11.0520 1608 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:12:11.0520 1608 RpcSs - ok
18:12:11.0567 1608 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:12:11.0567 1608 rspndr - ok
18:12:11.0613 1608 RTL8192su (a332db1dac07e95667a57aaeec236c37) C:\Windows\system32\DRIVERS\RTL8192su.sys
18:12:11.0629 1608 RTL8192su - ok
18:12:11.0629 1608 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:12:11.0629 1608 SamSs - ok
18:12:11.0660 1608 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:12:11.0660 1608 sbp2port - ok
18:12:11.0691 1608 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:12:11.0691 1608 SCardSvr - ok
18:12:11.0707 1608 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:12:11.0707 1608 scfilter - ok
18:12:11.0785 1608 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:12:11.0785 1608 Schedule - ok
18:12:11.0832 1608 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:12:11.0832 1608 SCPolicySvc - ok
18:12:11.0847 1608 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:12:11.0847 1608 SDRSVC - ok
18:12:11.0894 1608 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:12:11.0894 1608 secdrv - ok
18:12:11.0910 1608 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:12:11.0910 1608 seclogon - ok
18:12:11.0925 1608 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:12:11.0925 1608 SENS - ok
18:12:11.0941 1608 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:12:11.0941 1608 SensrSvc - ok
18:12:11.0957 1608 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:12:11.0957 1608 Serenum - ok
18:12:11.0988 1608 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:12:11.0988 1608 Serial - ok
18:12:12.0003 1608 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:12:12.0003 1608 sermouse - ok
18:12:12.0066 1608 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:12:12.0066 1608 SessionEnv - ok
18:12:12.0081 1608 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:12:12.0097 1608 sffdisk - ok
18:12:12.0097 1608 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:12:12.0113 1608 sffp_mmc - ok
18:12:12.0128 1608 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:12:12.0128 1608 sffp_sd - ok
18:12:12.0159 1608 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:12:12.0159 1608 sfloppy - ok
18:12:12.0206 1608 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:12:12.0206 1608 SharedAccess - ok
18:12:12.0237 1608 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:12:12.0237 1608 ShellHWDetection - ok
18:12:12.0253 1608 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:12:12.0253 1608 SiSRaid2 - ok
18:12:12.0284 1608 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:12:12.0284 1608 SiSRaid4 - ok
18:12:12.0362 1608 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:12:12.0362 1608 SkypeUpdate - ok
18:12:12.0409 1608 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:12:12.0409 1608 Smb - ok
18:12:12.0471 1608 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:12:12.0471 1608 SNMPTRAP - ok
18:12:12.0487 1608 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:12:12.0487 1608 spldr - ok
18:12:12.0518 1608 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:12:12.0518 1608 Spooler - ok
18:12:12.0596 1608 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:12:12.0659 1608 sppsvc - ok
18:12:12.0659 1608 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:12:12.0674 1608 sppuinotify - ok
18:12:12.0737 1608 SPService - ok
18:12:12.0861 1608 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
18:12:12.0877 1608 SRTSP - ok
18:12:12.0893 1608 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
18:12:12.0893 1608 SRTSPX - ok
18:12:12.0955 1608 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:12:12.0955 1608 srv - ok
18:12:12.0971 1608 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:12:12.0971 1608 srv2 - ok
18:12:13.0002 1608 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:12:13.0002 1608 srvnet - ok
18:12:13.0049 1608 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:12:13.0064 1608 SSDPSRV - ok
18:12:13.0064 1608 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:12:13.0064 1608 SstpSvc - ok
18:12:13.0142 1608 Steam Client Service - ok
18:12:13.0298 1608 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:12:13.0298 1608 Stereo Service - ok
18:12:13.0376 1608 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:12:13.0376 1608 stexstor - ok
18:12:13.0439 1608 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:12:13.0439 1608 stisvc - ok
18:12:13.0454 1608 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:12:13.0454 1608 swenum - ok
18:12:13.0501 1608 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:12:13.0517 1608 swprv - ok
18:12:13.0610 1608 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
18:12:13.0610 1608 SymDS - ok
18:12:13.0657 1608 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
18:12:13.0673 1608 SymEFA - ok
18:12:13.0735 1608 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:12:13.0735 1608 SymEvent - ok
18:12:13.0860 1608 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS
18:12:13.0860 1608 SymIRON - ok
18:12:13.0891 1608 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS
18:12:13.0907 1608 SymNetS - ok
18:12:13.0938 1608 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:12:13.0985 1608 SysMain - ok
18:12:14.0016 1608 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:12:14.0016 1608 TabletInputService - ok
18:12:14.0031 1608 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:12:14.0047 1608 TapiSrv - ok
18:12:14.0063 1608 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:12:14.0063 1608 TBS - ok
18:12:14.0156 1608 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
18:12:14.0187 1608 Tcpip - ok
18:12:14.0234 1608 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
18:12:14.0234 1608 TCPIP6 - ok
18:12:14.0312 1608 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:12:14.0312 1608 tcpipreg - ok
18:12:14.0375 1608 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:12:14.0375 1608 TDPIPE - ok
18:12:14.0390 1608 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:12:14.0390 1608 TDTCP - ok
18:12:14.0421 1608 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:12:14.0421 1608 tdx - ok
18:12:14.0453 1608 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:12:14.0453 1608 TermDD - ok
18:12:14.0484 1608 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:12:14.0484 1608 TermService - ok
18:12:14.0499 1608 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:12:14.0499 1608 Themes - ok
18:12:14.0531 1608 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:12:14.0531 1608 THREADORDER - ok
18:12:14.0577 1608 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:12:14.0577 1608 TrkWks - ok
18:12:14.0718 1608 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:12:14.0718 1608 TrustedInstaller - ok
18:12:14.0921 1608 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:12:14.0921 1608 tssecsrv - ok
18:12:14.0967 1608 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:12:14.0967 1608 tunnel - ok
18:12:14.0983 1608 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:12:14.0983 1608 uagp35 - ok
18:12:15.0014 1608 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:12:15.0030 1608 udfs - ok
18:12:15.0061 1608 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:12:15.0061 1608 UI0Detect - ok
18:12:15.0092 1608 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:12:15.0092 1608 uliagpkx - ok
18:12:15.0139 1608 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:12:15.0139 1608 umbus - ok
18:12:15.0170 1608 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:12:15.0170 1608 UmPass - ok
18:12:15.0233 1608 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
18:12:15.0233 1608 Updater Service - ok
18:12:15.0264 1608 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:12:15.0264 1608 upnphost - ok
18:12:15.0326 1608 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
18:12:15.0326 1608 usbaudio - ok
18:12:15.0404 1608 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
18:12:15.0404 1608 usbccgp - ok
18:12:15.0467 1608 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:12:15.0467 1608 usbcir - ok
18:12:15.0513 1608 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
18:12:15.0513 1608 usbehci - ok
18:12:15.0560 1608 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
18:12:15.0576 1608 usbhub - ok
18:12:15.0623 1608 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
18:12:15.0623 1608 usbohci - ok
18:12:15.0654 1608 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:12:15.0654 1608 usbprint - ok
18:12:15.0685 1608 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:12:15.0685 1608 USBSTOR - ok
18:12:15.0716 1608 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
18:12:15.0716 1608 usbuhci - ok
18:12:15.0747 1608 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:12:15.0747 1608 UxSms - ok
18:12:15.0763 1608 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:12:15.0763 1608 VaultSvc - ok
18:12:15.0794 1608 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:12:15.0794 1608 vdrvroot - ok
18:12:15.0825 1608 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:12:15.0841 1608 vds - ok
18:12:15.0872 1608 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:12:15.0872 1608 vga - ok
18:12:15.0888 1608 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:12:15.0903 1608 VgaSave - ok
18:12:15.0919 1608 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:12:15.0935 1608 vhdmp - ok
18:12:15.0950 1608 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:12:15.0950 1608 viaide - ok
18:12:15.0966 1608 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:12:15.0966 1608 volmgr - ok
18:12:15.0997 1608 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:12:15.0997 1608 volmgrx - ok
18:12:16.0028 1608 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:12:16.0028 1608 volsnap - ok
18:12:16.0044 1608 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:12:16.0044 1608 vsmraid - ok
18:12:16.0122 1608 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:12:16.0153 1608 VSS - ok
18:12:16.0169 1608 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:12:16.0169 1608 vwifibus - ok
18:12:16.0184 1608 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:12:16.0184 1608 vwififlt - ok
18:12:16.0247 1608 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:12:16.0247 1608 vwifimp - ok
18:12:16.0325 1608 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:12:16.0325 1608 W32Time - ok
18:12:16.0356 1608 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:12:16.0356 1608 WacomPen - ok
18:12:16.0403 1608 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:12:16.0403 1608 WANARP - ok
18:12:16.0403 1608 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:12:16.0403 1608 Wanarpv6 - ok
18:12:16.0605 1608 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:12:16.0637 1608 WatAdminSvc - ok
18:12:16.0715 1608 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:12:16.0746 1608 wbengine - ok
18:12:16.0761 1608 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:12:16.0761 1608 WbioSrvc - ok
18:12:16.0793 1608 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
18:12:16.0793 1608 wcncsvc - ok
18:12:16.0808 1608 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:12:16.0824 1608 WcsPlugInService - ok
18:12:16.0839 1608 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:12:16.0839 1608 Wd - ok
18:12:17.0198 1608 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:12:17.0448 1608 Wdf01000 - ok
18:12:17.0510 1608 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:12:17.0510 1608 WdiServiceHost - ok
18:12:17.0526 1608 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:12:17.0526 1608 WdiSystemHost - ok
18:12:17.0635 1608 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
18:12:17.0635 1608 WebClient - ok
18:12:17.0682 1608 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:12:17.0682 1608 Wecsvc - ok
18:12:17.0697 1608 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:12:17.0713 1608 wercplsupport - ok
18:12:17.0760 1608 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:12:17.0760 1608 WerSvc - ok
18:12:17.0791 1608 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:12:17.0791 1608 WfpLwf - ok
18:12:17.0822 1608 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:12:17.0822 1608 WIMMount - ok
18:12:17.0931 1608 WinDefend - ok
18:12:17.0947 1608 WinHttpAutoProxySvc - ok
18:12:18.0119 1608 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:12:18.0119 1608 Winmgmt - ok
18:12:18.0306 1608 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:12:18.0337 1608 WinRM - ok
18:12:18.0602 1608 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:12:18.0633 1608 Wlansvc - ok
18:12:18.0727 1608 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:12:18.0789 1608 wlidsvc - ok
18:12:18.0914 1608 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:12:18.0930 1608 WmiAcpi - ok
18:12:19.0023 1608 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:12:19.0023 1608 wmiApSrv - ok
18:12:19.0070 1608 WMPNetworkSvc - ok
18:12:19.0148 1608 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:12:19.0148 1608 WPCSvc - ok
18:12:19.0164 1608 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:12:19.0164 1608 WPDBusEnum - ok
18:12:19.0195 1608 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:12:19.0195 1608 ws2ifsl - ok
18:12:19.0273 1608 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
18:12:19.0273 1608 wscsvc - ok
18:12:19.0289 1608 WSearch - ok
18:12:19.0382 1608 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
18:12:19.0445 1608 wuauserv - ok
18:12:19.0491 1608 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:12:19.0491 1608 WudfPf - ok
18:12:19.0538 1608 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:12:19.0538 1608 WUDFRd - ok
18:12:19.0569 1608 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:12:19.0569 1608 wudfsvc - ok
18:12:19.0585 1608 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:12:19.0601 1608 WwanSvc - ok
18:12:19.0772 1608 X6va001 - ok
18:12:19.0803 1608 MBR (0x1B8) (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0
18:12:21.0972 1608 \Device\Harddisk0\DR0 - ok
18:12:21.0987 1608 Boot (0x1200) (b438f8f32acb302b71fe67b1de8fcb66) \Device\Harddisk0\DR0\Partition0
18:12:22.0019 1608 \Device\Harddisk0\DR0\Partition0 - ok
18:12:22.0065 1608 Boot (0x1200) (3575627323bc9d38334fea72be559dfe) \Device\Harddisk0\DR0\Partition1
18:12:22.0097 1608 \Device\Harddisk0\DR0\Partition1 - ok
18:12:22.0143 1608 Boot (0x1200) (dc55040dcbbd59abed3a8ab296db4c4d) \Device\Harddisk0\DR0\Partition2
18:12:22.0175 1608 \Device\Harddisk0\DR0\Partition2 - ok
18:12:22.0190 1608 ============================================================
18:12:22.0190 1608 Scan finished
18:12:22.0190 1608 ============================================================
18:12:22.0190 4688 Detected object count: 1
18:12:22.0190 4688 Actual detected object count: 1
18:12:27.0323 4688 C:\Windows\system32\ZD1211BU(ZyDAS).dll - copied to quarantine
18:12:27.0323 4688 HKLM\SYSTEM\ControlSet001\services\infrastructure - will be deleted on reboot
18:12:27.0385 4688 HKLM\SYSTEM\ControlSet002\services\infrastructure - will be deleted on reboot
18:12:27.0494 4688 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
18:12:27.0557 4688 C:\Windows\system32\ZD1211BU(ZyDAS).dll - will be deleted on reboot
18:12:27.0557 4688 infrastructure ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
18:12:33.0687 4388 Deinitialize success


aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-25 18:17:03
-----------------------------
18:17:03.327 OS Version: Windows x64 6.1.7600
18:17:03.327 Number of processors: 3 586 0x502
18:17:03.327 ComputerName: TJ-PC UserName: Tj
18:17:06.806 Initialize success
18:17:41.253 AVAST engine defs: 12042500
18:17:49.365 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000073
18:17:49.365 Disk 0 Vendor: ST332041 CC44 Size: 305245MB BusType: 3
18:17:49.381 Disk 0 MBR read successfully
18:17:49.381 Disk 0 MBR scan
18:17:49.381 Disk 0 unknown MBR code
18:17:49.397 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
18:17:49.412 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
18:17:49.412 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 146382 MB offset 25372672
18:17:49.443 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 146473 MB offset 325163008
18:17:49.475 Disk 0 scanning C:\Windows\system32\drivers
18:18:03.281 Service scanning
18:18:23.451 Service SPService c:\windows\SysWow64\config\systemprofile\appdata\roaming\adobe\sp.dll **INFECTED** Win32:Malware-gen
18:18:31.643 Modules scanning
18:18:31.653 Disk 0 trace - called modules:
18:18:31.663 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll nvstor64.sys
18:18:31.663 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002e4e060]
18:18:31.673 3 CLASSPNP.SYS[fffff88001a7643f] -> nt!IofCallDriver -> \Device\00000073[0xfffffa8002bd2060]
18:18:34.231 AVAST engine scan C:\Windows
18:18:38.996 AVAST engine scan C:\Windows\system32
18:18:52.394 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
18:20:19.827 File: C:\Windows\system32\nmap.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:21:33.136 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
18:21:35.589 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
18:22:59.629 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
18:22:59.703 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
18:23:04.122 AVAST engine scan C:\Windows\system32\drivers
18:23:21.164 AVAST engine scan C:\Users\Tj
18:25:56.833 Disk 0 MBR has been saved successfully to "C:\Users\Tj\Desktop\MBR.dat"
18:25:56.844 The log file has been saved successfully to "C:\Users\Tj\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 25 April 2012 - 12:39 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Windows\assembly\temp\U
c:\users\Tj\AppData\Roaming\Efca
c:\users\Tj\AppData\Roaming\Gysuc
c:\users\Tj\AppData\Roaming\Ymirzo
c:\users\Tj\AppData\Roaming\Iqagiw
C:\users\Tj\AppData\Roaming\Idgi
c:\users\Tj\AppData\Roaming\Tific
c:\program files (x86)\SweetIM

File::
C:\Windows\system32\consrv.dl
C:\Windows\system32\nmap.dll
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini 
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\wuyn.exe
c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ylqit.exe
c:\users\Tj\AppData\Roaming\Efca\ginyd.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 27 April 2012 - 11:09 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 30 April 2012 - 11:22 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 03 May 2012 - 11:18 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users