Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

btn-right pop-ups in IE + some links redirect


  • This topic is locked This topic is locked
8 replies to this topic

#1 frickfrag

frickfrag

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 14 July 2012 - 04:32 PM

hi,

i'm getting popup ads on the bottom-right corner on Windows ps using IE browser. Happens on about half of the sites.
Also some (not all) web page links are getting redirected to fake search sites and ad sites.
Have AVG installed. No virus's detected.
When this first started happening, on boot up, a popup window was coming up and asking me to choose and app to run for (who knows what).
That startup popup has now stopped.

any help?

thanks.

DDS file below:
---------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Some Guy at 16:22:03 on 2012-07-14
.
============== Running Processes ===============
.
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
D:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
D:\downloads\_virus cleanup\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - D:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "D:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{40C83651-BF77-4915-A565-77A8F7F432E4} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{40C83651-BF77-4915-A565-77A8F7F432E4}\2377962756635313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{40C83651-BF77-4915-A565-77A8F7F432E4}\943562450275962756C6563737 : DhcpNameServer = 159.153.89.2
TCP: Interfaces\{40C83651-BF77-4915-A565-77A8F7F432E4}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{67252B3C-2BF3-4738-85E2-FFB9FB68B85A} : DhcpNameServer = 10.16.252.50 10.30.204.12 10.30.204.11
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "D:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 69.10.57.36 www.google-analytics.com.
Hosts: 69.10.57.36 ad-emea.doubleclick.net.
Hosts: 69.10.57.36 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Some Guy\AppData\Roaming\Mozilla\Firefox\Profiles\85gyue4w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN3&q=
FF - prefs.js: browser.startup.homepage - hxxp://publicgames.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN3&q=
FF - component: D:\Program Files (x86)\AVG\AVG2012\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Some Guy\AppData\Local\Roblox\Versions\version-ff6321df121e4477\nproblox.dll
FF - plugin: C:\Users\Some Guy\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: C:\Users\Some Guy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - D:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: AVG Do Not Track: {F53C93F1-07D5-430c-86D4-C9531B27DFAF} - D:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - D:\Program Files (x86)\AVG\AVG2012\Firefox
.
============= SERVICES / DRIVERS ===============
.
R? a2acc;a2acc
R? AMD External Events Utility;AMD External Events Utility
R? Asyomfemsm;Asyomfemsm
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Network Inspection
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver
R? silabser;Silicon Labs CP210x USB to UART Bridge Driver
R? SkypeUpdate;Skype Updater
R? TsUsbFlt;TsUsbFlt
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
S? a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service
S? A2DDA;A2 Direct Disk Access Support Driver
S? AERTFilters;Andrea RT Filters Service
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgwd;AVG WatchDog
S? btwl2cap;Bluetooth L2CAP Service
S? CtClsFlt;Creative Camera Class Upper Filter Driver
S? DockLoginService;Dock Login Service
S? HECIx64;Intel® Management Engine Interface
S? Impcd;Impcd
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? MpFilter;Microsoft Malware Protection Driver
S? PxHlpa64;PxHlpa64
S? RTL8167;Realtek 8167 NT Driver
S? Tomcat5;Apache Tomcat
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
.
=============== Created Last 30 ================
.
2012-07-14 17:24:50 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BBE21406-33AC-4FD1-92CC-39A394A35DE7}\mpengine.dll
2012-07-13 18:02:40 -------- d-----w- C:\Program Files\CCleaner
2012-07-13 15:44:37 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 06:46:56 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 14:32:19 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 14:31:52 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-07-06 17:52:37 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-07-06 03:07:57 -------- d-----w- C:\Users\Some Guy\AppData\Roaming\Reallusion
2012-07-06 02:59:15 -------- d-----r- C:\Program Files (x86)\Skype
2012-07-04 22:24:22 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-04 22:24:22 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD9E9AF5-1D0B-4F76-B59C-2A7B15E49CBB}\gapaengine.dll
2012-07-01 16:11:50 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-01 16:11:45 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-01 02:27:02 -------- d-----w- C:\Windows\rescache
2012-06-30 05:34:54 -------- d-----w- C:\Windows\System32\SPReview
2012-06-30 05:34:00 -------- d-----w- C:\Windows\System32\EventProviders
2012-06-21 04:26:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 04:25:37 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 04:24:57 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 04:24:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-18 03:48:47 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-18 03:48:47 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-18 03:48:47 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-18 03:48:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-18 03:48:44 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-18 03:48:44 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-18 03:48:36 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-17 23:32:28 -------- d-----w- C:\Users\Some Guy\AppData\Roaming\AVG2012
2012-06-17 23:31:43 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-06-17 23:30:59 -------- d--h--w- C:\$AVG
.
==================== Find3M ====================
.
2012-07-12 14:32:30 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 14:32:30 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-30 05:42:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-06-30 05:42:15 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-06 04:12:11 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 16:22:54.58 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 14 July 2012 - 11:50 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 frickfrag

frickfrag
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 15 July 2012 - 01:37 PM

Hi,

Below are the 2 output files.
I've just run IE again, and am not seeing popups at btm-right corner yet. Still testing.
What do I do now? & what may have been repaired?


======================================================================================
1st FILE (checkup.txt) ===============================================================
======================================================================================

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 24
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.5.7) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
_virus cleanup SecurityCheck.exe
Emsisoft Anti-Malware a2service.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````



======================================================================================
2nd FILE (log.txt) ===================================================================
======================================================================================


ComboFix 12-07-14.01 - Brett Butler 07/15/2012 12:53:50.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2324 [GMT -5:00]
Running from: d:\downloads\_virus cleanup\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brett Butler\g2mdlhlpx.exe
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 18:00 . 2012-07-15 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 06:41 . 2012-07-15 06:41 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC8B6AA6-CB5F-46C6-959B-3DD45840B4E7}\offreg.dll
2012-07-15 06:40 . 2012-05-31 02:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC8B6AA6-CB5F-46C6-959B-3DD45840B4E7}\mpengine.dll
2012-07-14 17:24 . 2012-05-31 02:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-13 18:02 . 2012-07-13 18:02 -------- d-----w- c:\program files\CCleaner
2012-07-12 06:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 14:32 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 14:31 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-07-06 17:52 . 2012-07-14 17:44 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-07-06 03:07 . 2012-07-06 03:07 -------- d-----w- c:\users\Brett Butler\AppData\Roaming\Reallusion
2012-07-06 02:59 . 2012-07-06 02:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-06 02:59 . 2012-07-06 02:59 -------- d-----r- c:\program files (x86)\Skype
2012-07-04 22:24 . 2012-07-01 16:14 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-04 22:24 . 2012-07-01 16:14 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD9E9AF5-1D0B-4F76-B59C-2A7B15E49CBB}\gapaengine.dll
2012-07-02 05:42 . 2012-07-02 05:42 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-07-01 16:11 . 2012-07-01 16:11 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-01 16:11 . 2012-07-01 16:11 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-01 02:27 . 2012-07-12 20:18 -------- d-----w- c:\windows\rescache
2012-06-30 05:34 . 2012-06-30 05:34 -------- d-----w- c:\windows\system32\SPReview
2012-06-30 05:34 . 2012-06-30 05:34 -------- d-----w- c:\windows\system32\EventProviders
2012-06-21 04:26 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 04:26 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 04:26 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 04:26 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 04:25 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 04:25 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 04:25 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 04:24 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 04:24 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 03:48 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-18 03:48 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-18 03:48 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-18 03:48 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-18 03:48 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-18 03:48 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-18 03:48 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-17 23:32 . 2012-06-17 23:32 -------- d-----w- c:\users\Brett Butler\AppData\Roaming\AVG2012
2012-06-17 23:31 . 2012-06-17 23:31 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-17 23:30 . 2012-06-17 23:30 -------- d-----w- C:\$AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 14:32 . 2012-04-01 16:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 14:32 . 2011-05-18 03:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2012-05-27 23:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 05:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-30 05:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-06 04:12 . 2012-04-14 04:12 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brett Butler\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brett Butler\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brett Butler\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"AVG_TRAY"="d:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0d:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;d:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 Tomcat5;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [2010-07-01 78336]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
R3 Asyomfemsm;Asyomfemsm;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2011-10-14 27336]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2011-10-14 71168]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1255736]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-06-17 3069752]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]
S2 avgwd;AVG WatchDog;d:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-01 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brett Butler\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brett Butler\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brett Butler\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brett Butler\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Brett Butler\AppData\Roaming\Mozilla\Firefox\Profiles\85gyue4w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN3&q=
FF - prefs.js: browser.startup.homepage - hxxp://publicgames.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN3&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: AVG Do Not Track: {F53C93F1-07D5-430c-86D4-C9531B27DFAF} - d:\program files (x86)\AVG\AVG2012\Firefox\DoNotTrack
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - d:\program files (x86)\AVG\AVG2012\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-Cisco Unified Presenter Add-in 6x5 - c:\users\Brett Butler\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\ciscounifiedaddin6x5\ciscounifiedaddin6x5 -uninstall
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-15 13:03:28
ComboFix-quarantined-files.txt 2012-07-15 18:03
.
Pre-Run: 2,819,670,016 bytes free
Post-Run: 3,146,498,048 bytes free
.
- - End Of File - - 1121FFE25644B26185AA5E8E96DAC9A9

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 15 July 2012 - 02:51 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 frickfrag

frickfrag
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 15 July 2012 - 03:22 PM

Hi,

Here's the 2 output files:

=================================================================================
file 1
=================================================================================

15:16:01.0202 1608 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
15:16:02.0419 1608 ============================================================
15:16:02.0419 1608 Current date / time: 2012/07/15 15:16:02.0419
15:16:02.0419 1608 SystemInfo:
15:16:02.0419 1608
15:16:02.0419 1608 OS Version: 6.1.7601 ServicePack: 1.0
15:16:02.0419 1608 Product type: Workstation
15:16:02.0419 1608 ComputerName: SomeGuy
15:16:02.0419 1608 UserName: Some Guy
15:16:02.0419 1608 Windows directory: C:\Windows
15:16:02.0419 1608 System windows directory: C:\Windows
15:16:02.0419 1608 Running under WOW64
15:16:02.0419 1608 Processor architecture: Intel x64
15:16:02.0419 1608 Number of processors: 4
15:16:02.0419 1608 Page size: 0x1000
15:16:02.0419 1608 Boot type: Normal boot
15:16:02.0419 1608 ============================================================
15:16:03.0838 1608 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:16:03.0932 1608 ============================================================
15:16:03.0932 1608 \Device\Harddisk0\DR0:
15:16:03.0932 1608 MBR partitions:
15:16:03.0932 1608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
15:16:03.0932 1608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
15:16:03.0963 1608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A9A800
15:16:03.0963 1608 ============================================================
15:16:03.0994 1608 C: <-> \Device\Harddisk0\DR0\Partition1
15:16:04.0041 1608 D: <-> \Device\Harddisk0\DR0\Partition2
15:16:04.0041 1608 ============================================================
15:16:04.0041 1608 Initialize success
15:16:04.0041 1608 ============================================================
15:16:07.0567 2812 ============================================================
15:16:07.0567 2812 Scan started
15:16:07.0567 2812 Mode: Manual;
15:16:07.0567 2812 ============================================================
15:16:08.0315 2812 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:16:08.0315 2812 1394ohci - ok
15:16:08.0393 2812 a2acc (2d6434e957f7cfa0035c20890f77bbc6) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
15:16:08.0393 2812 a2acc - ok
15:16:08.0627 2812 a2AntiMalware (8b75ba256bcada2b73ffa5bd77aa9e6c) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
15:16:08.0659 2812 a2AntiMalware - ok
15:16:08.0768 2812 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
15:16:08.0768 2812 A2DDA - ok
15:16:08.0955 2812 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:16:08.0955 2812 ACPI - ok
15:16:09.0002 2812 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:16:09.0002 2812 AcpiPmi - ok
15:16:09.0095 2812 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:16:09.0111 2812 Adobe LM Service - ok
15:16:09.0205 2812 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:16:09.0205 2812 adp94xx - ok
15:16:09.0267 2812 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:16:09.0267 2812 adpahci - ok
15:16:09.0361 2812 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:16:09.0361 2812 adpu320 - ok
15:16:09.0407 2812 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:16:09.0407 2812 AeLookupSvc - ok
15:16:09.0485 2812 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
15:16:09.0485 2812 AERTFilters - ok
15:16:09.0579 2812 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:16:09.0579 2812 AFD - ok
15:16:09.0626 2812 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:16:09.0626 2812 agp440 - ok
15:16:09.0657 2812 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:16:09.0657 2812 ALG - ok
15:16:09.0704 2812 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:16:09.0704 2812 aliide - ok
15:16:09.0766 2812 AMD External Events Utility (16d2883ea6296333435df0c8b7d164b8) C:\Windows\system32\atiesrxx.exe
15:16:09.0766 2812 AMD External Events Utility - ok
15:16:09.0766 2812 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:16:09.0766 2812 amdide - ok
15:16:09.0813 2812 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:16:09.0813 2812 AmdK8 - ok
15:16:09.0844 2812 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:16:09.0844 2812 AmdPPM - ok
15:16:09.0875 2812 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
15:16:09.0875 2812 amdsata - ok
15:16:09.0907 2812 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:16:09.0922 2812 amdsbs - ok
15:16:09.0938 2812 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
15:16:09.0938 2812 amdxata - ok
15:16:10.0016 2812 ApfiltrService (8b522286c8d6a20133d12225b7759596) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:16:10.0016 2812 ApfiltrService - ok
15:16:10.0063 2812 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:16:10.0078 2812 AppID - ok
15:16:10.0125 2812 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:16:10.0125 2812 AppIDSvc - ok
15:16:10.0187 2812 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:16:10.0187 2812 Appinfo - ok
15:16:10.0297 2812 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:16:10.0297 2812 Apple Mobile Device - ok
15:16:10.0359 2812 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:16:10.0359 2812 arc - ok
15:16:10.0375 2812 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:16:10.0390 2812 arcsas - ok
15:16:10.0406 2812 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:16:10.0406 2812 AsyncMac - ok
15:16:10.0468 2812 Asyomfemsm (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:16:10.0468 2812 Asyomfemsm - ok
15:16:10.0499 2812 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:16:10.0499 2812 atapi - ok
15:16:10.0546 2812 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
15:16:10.0546 2812 AtiHdmiService - ok
15:16:10.0967 2812 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys
15:16:11.0061 2812 atikmdag - ok
15:16:11.0966 2812 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:16:11.0981 2812 AudioEndpointBuilder - ok
15:16:11.0997 2812 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:16:11.0997 2812 AudioSrv - ok
15:16:12.0465 2812 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) D:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
15:16:12.0559 2812 AVGIDSAgent - ok
15:16:12.0917 2812 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:16:12.0933 2812 AVGIDSDriver - ok
15:16:12.0980 2812 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
15:16:12.0980 2812 AVGIDSFilter - ok
15:16:13.0027 2812 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
15:16:13.0027 2812 AVGIDSHA - ok
15:16:13.0089 2812 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
15:16:13.0105 2812 Avgldx64 - ok
15:16:13.0136 2812 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:16:13.0136 2812 Avgmfx64 - ok
15:16:13.0183 2812 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:16:13.0183 2812 Avgrkx64 - ok
15:16:13.0229 2812 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
15:16:13.0229 2812 Avgtdia - ok
15:16:13.0370 2812 avgwd (ea1145debcd508fd25bd1e95c4346929) D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:16:13.0370 2812 avgwd - ok
15:16:13.0432 2812 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:16:13.0432 2812 AxInstSV - ok
15:16:13.0510 2812 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:16:13.0526 2812 b06bdrv - ok
15:16:13.0573 2812 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:16:13.0573 2812 b57nd60a - ok
15:16:13.0619 2812 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
15:16:13.0619 2812 BCM42RLY - ok
15:16:13.0838 2812 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:16:13.0869 2812 BCM43XX - ok
15:16:14.0056 2812 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:16:14.0056 2812 BDESVC - ok
15:16:14.0119 2812 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:16:14.0119 2812 Beep - ok
15:16:14.0212 2812 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:16:14.0228 2812 BFE - ok
15:16:14.0337 2812 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:16:14.0353 2812 BITS - ok
15:16:14.0431 2812 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:16:14.0431 2812 blbdrive - ok
15:16:14.0587 2812 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:16:14.0587 2812 Bonjour Service - ok
15:16:14.0633 2812 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:16:14.0633 2812 bowser - ok
15:16:14.0665 2812 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:16:14.0665 2812 BrFiltLo - ok
15:16:14.0696 2812 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:16:14.0696 2812 BrFiltUp - ok
15:16:14.0727 2812 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:16:14.0727 2812 BridgeMP - ok
15:16:14.0789 2812 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:16:14.0789 2812 Browser - ok
15:16:14.0836 2812 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:16:14.0836 2812 Brserid - ok
15:16:14.0883 2812 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:16:14.0883 2812 BrSerWdm - ok
15:16:14.0914 2812 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:16:14.0930 2812 BrUsbMdm - ok
15:16:14.0945 2812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:16:14.0945 2812 BrUsbSer - ok
15:16:15.0008 2812 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:16:15.0008 2812 BthEnum - ok
15:16:15.0023 2812 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:16:15.0023 2812 BTHMODEM - ok
15:16:15.0055 2812 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:16:15.0055 2812 BthPan - ok
15:16:15.0117 2812 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
15:16:15.0133 2812 BTHPORT - ok
15:16:15.0179 2812 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:16:15.0179 2812 bthserv - ok
15:16:15.0226 2812 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
15:16:15.0226 2812 BTHUSB - ok
15:16:15.0273 2812 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
15:16:15.0273 2812 btwaudio - ok
15:16:15.0335 2812 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
15:16:15.0335 2812 btwavdt - ok
15:16:15.0476 2812 btwdins (d65aa164acd0f6706dbcfbbcc9731584) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:16:15.0491 2812 btwdins - ok
15:16:15.0523 2812 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:16:15.0523 2812 btwl2cap - ok
15:16:15.0538 2812 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
15:16:15.0538 2812 btwrchid - ok
15:16:15.0569 2812 catchme - ok
15:16:15.0616 2812 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:16:15.0616 2812 cdfs - ok
15:16:15.0663 2812 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:16:15.0679 2812 cdrom - ok
15:16:15.0710 2812 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:16:15.0725 2812 CertPropSvc - ok
15:16:15.0757 2812 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:16:15.0757 2812 circlass - ok
15:16:15.0819 2812 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:16:15.0819 2812 CLFS - ok
15:16:15.0897 2812 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:16:15.0897 2812 clr_optimization_v2.0.50727_32 - ok
15:16:15.0944 2812 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:16:15.0959 2812 clr_optimization_v2.0.50727_64 - ok
15:16:15.0991 2812 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:16:16.0006 2812 CmBatt - ok
15:16:16.0022 2812 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:16:16.0022 2812 cmdide - ok
15:16:16.0100 2812 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:16:16.0100 2812 CNG - ok
15:16:16.0131 2812 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:16:16.0131 2812 Compbatt - ok
15:16:16.0178 2812 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:16:16.0178 2812 CompositeBus - ok
15:16:16.0193 2812 COMSysApp - ok
15:16:16.0225 2812 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:16:16.0225 2812 crcdisk - ok
15:16:16.0287 2812 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:16:16.0287 2812 CryptSvc - ok
15:16:16.0334 2812 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:16:16.0349 2812 CtClsFlt - ok
15:16:16.0412 2812 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:16:16.0412 2812 DcomLaunch - ok
15:16:16.0474 2812 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:16:16.0490 2812 defragsvc - ok
15:16:16.0537 2812 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:16:16.0537 2812 DfsC - ok
15:16:16.0599 2812 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:16:16.0615 2812 Dhcp - ok
15:16:16.0646 2812 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:16:16.0646 2812 discache - ok
15:16:16.0693 2812 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:16:16.0693 2812 Disk - ok
15:16:16.0724 2812 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:16:16.0739 2812 Dnscache - ok
15:16:16.0849 2812 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
15:16:16.0849 2812 DockLoginService - ok
15:16:16.0895 2812 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:16:16.0911 2812 dot3svc - ok
15:16:16.0942 2812 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:16:16.0958 2812 DPS - ok
15:16:16.0989 2812 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:16:16.0989 2812 drmkaud - ok
15:16:17.0083 2812 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:16:17.0098 2812 DXGKrnl - ok
15:16:17.0145 2812 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:16:17.0145 2812 EapHost - ok
15:16:17.0395 2812 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:16:17.0426 2812 ebdrv - ok
15:16:17.0566 2812 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:16:17.0566 2812 EFS - ok
15:16:17.0660 2812 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:16:17.0675 2812 ehRecvr - ok
15:16:17.0722 2812 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:16:17.0738 2812 ehSched - ok
15:16:17.0831 2812 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:16:17.0847 2812 elxstor - ok
15:16:17.0863 2812 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:16:17.0863 2812 ErrDev - ok
15:16:17.0941 2812 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:16:17.0956 2812 EventSystem - ok
15:16:18.0003 2812 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:16:18.0003 2812 exfat - ok
15:16:18.0034 2812 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:16:18.0034 2812 fastfat - ok
15:16:18.0128 2812 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:16:18.0128 2812 Fax - ok
15:16:18.0159 2812 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:16:18.0175 2812 fdc - ok
15:16:18.0221 2812 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:16:18.0221 2812 fdPHost - ok
15:16:18.0221 2812 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:16:18.0237 2812 FDResPub - ok
15:16:18.0253 2812 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:16:18.0268 2812 FileInfo - ok
15:16:18.0284 2812 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:16:18.0284 2812 Filetrace - ok
15:16:18.0409 2812 FlipShare Service (f85761b8482a3af126210655186297bd) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
15:16:18.0424 2812 FlipShare Service - ok
15:16:18.0455 2812 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:16:18.0455 2812 flpydisk - ok
15:16:18.0518 2812 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:16:18.0518 2812 FltMgr - ok
15:16:18.0627 2812 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
15:16:18.0658 2812 FontCache - ok
15:16:18.0767 2812 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:16:18.0767 2812 FontCache3.0.0.0 - ok
15:16:18.0830 2812 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:16:18.0830 2812 FsDepends - ok
15:16:18.0877 2812 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:16:18.0877 2812 Fs_Rec - ok
15:16:18.0923 2812 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:16:18.0923 2812 fvevol - ok
15:16:18.0939 2812 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:16:18.0939 2812 gagp30kx - ok
15:16:18.0986 2812 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:16:18.0986 2812 GEARAspiWDM - ok
15:16:19.0064 2812 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
15:16:19.0064 2812 GoToAssist - ok
15:16:19.0157 2812 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:16:19.0173 2812 gpsvc - ok
15:16:19.0204 2812 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:16:19.0204 2812 hcw85cir - ok
15:16:19.0267 2812 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:16:19.0267 2812 HDAudBus - ok
15:16:19.0313 2812 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:16:19.0313 2812 HECIx64 - ok
15:16:19.0313 2812 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:16:19.0313 2812 HidBatt - ok
15:16:19.0345 2812 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:16:19.0345 2812 HidBth - ok
15:16:19.0376 2812 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:16:19.0376 2812 HidIr - ok
15:16:19.0407 2812 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:16:19.0407 2812 hidserv - ok
15:16:19.0454 2812 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:16:19.0454 2812 HidUsb - ok
15:16:19.0501 2812 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:16:19.0501 2812 hkmsvc - ok
15:16:19.0563 2812 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:16:19.0579 2812 HomeGroupListener - ok
15:16:19.0625 2812 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:16:19.0625 2812 HomeGroupProvider - ok
15:16:19.0672 2812 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:16:19.0672 2812 HpSAMD - ok
15:16:19.0766 2812 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:16:19.0766 2812 HTTP - ok
15:16:19.0813 2812 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:16:19.0813 2812 hwpolicy - ok
15:16:19.0859 2812 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:16:19.0859 2812 i8042prt - ok
15:16:19.0937 2812 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
15:16:19.0937 2812 iaStorV - ok
15:16:20.0109 2812 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:16:20.0125 2812 idsvc - ok
15:16:20.0156 2812 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:16:20.0156 2812 iirsp - ok
15:16:20.0265 2812 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:16:20.0281 2812 IKEEXT - ok
15:16:20.0312 2812 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
15:16:20.0312 2812 Impcd - ok
15:16:20.0483 2812 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys
15:16:20.0499 2812 IntcAzAudAddService - ok
15:16:20.0655 2812 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:16:20.0655 2812 intelide - ok
15:16:20.0686 2812 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:16:20.0702 2812 intelppm - ok
15:16:20.0749 2812 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:16:20.0749 2812 IPBusEnum - ok
15:16:20.0795 2812 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:16:20.0795 2812 IpFilterDriver - ok
15:16:20.0873 2812 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:16:20.0889 2812 iphlpsvc - ok
15:16:20.0920 2812 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:16:20.0920 2812 IPMIDRV - ok
15:16:20.0967 2812 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:16:20.0967 2812 IPNAT - ok
15:16:21.0139 2812 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
15:16:21.0154 2812 iPod Service - ok
15:16:21.0201 2812 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:16:21.0201 2812 IRENUM - ok
15:16:21.0217 2812 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:16:21.0232 2812 isapnp - ok
15:16:21.0263 2812 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:16:21.0263 2812 iScsiPrt - ok
15:16:21.0310 2812 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:16:21.0310 2812 kbdclass - ok
15:16:21.0341 2812 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:16:21.0341 2812 kbdhid - ok
15:16:21.0388 2812 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:16:21.0388 2812 KeyIso - ok
15:16:21.0419 2812 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:16:21.0419 2812 KSecDD - ok
15:16:21.0466 2812 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:16:21.0482 2812 KSecPkg - ok
15:16:21.0513 2812 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:16:21.0513 2812 ksthunk - ok
15:16:21.0560 2812 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:16:21.0575 2812 KtmRm - ok
15:16:21.0638 2812 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:16:21.0638 2812 LanmanServer - ok
15:16:21.0669 2812 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:16:21.0685 2812 LanmanWorkstation - ok
15:16:21.0731 2812 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:16:21.0731 2812 lltdio - ok
15:16:21.0778 2812 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:16:21.0794 2812 lltdsvc - ok
15:16:21.0825 2812 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:16:21.0825 2812 lmhosts - ok
15:16:21.0872 2812 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:16:21.0872 2812 LSI_FC - ok
15:16:21.0919 2812 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:16:21.0919 2812 LSI_SAS - ok
15:16:21.0934 2812 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:16:21.0934 2812 LSI_SAS2 - ok
15:16:21.0965 2812 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:16:21.0965 2812 LSI_SCSI - ok
15:16:21.0997 2812 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:16:21.0997 2812 luafv - ok
15:16:22.0075 2812 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
15:16:22.0075 2812 MBAMProtector - ok
15:16:22.0199 2812 MBAMService (43683e970f008c93c9429ef428147a54) d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:16:22.0215 2812 MBAMService - ok
15:16:22.0262 2812 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:16:22.0262 2812 Mcx2Svc - ok
15:16:22.0324 2812 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:16:22.0324 2812 megasas - ok
15:16:22.0371 2812 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:16:22.0371 2812 MegaSR - ok
15:16:22.0511 2812 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:16:22.0511 2812 Microsoft Office Groove Audit Service - ok
15:16:22.0636 2812 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:16:22.0636 2812 MMCSS - ok
15:16:22.0667 2812 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:16:22.0667 2812 Modem - ok
15:16:22.0699 2812 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:16:22.0699 2812 monitor - ok
15:16:22.0730 2812 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:16:22.0745 2812 mouclass - ok
15:16:22.0777 2812 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:16:22.0777 2812 mouhid - ok
15:16:22.0823 2812 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:16:22.0823 2812 mountmgr - ok
15:16:22.0886 2812 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
15:16:22.0886 2812 MpFilter - ok
15:16:22.0933 2812 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:16:22.0933 2812 mpio - ok
15:16:22.0964 2812 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:16:22.0964 2812 mpsdrv - ok
15:16:23.0057 2812 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:16:23.0073 2812 MpsSvc - ok
15:16:23.0104 2812 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:16:23.0104 2812 MRxDAV - ok
15:16:23.0135 2812 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:16:23.0135 2812 mrxsmb - ok
15:16:23.0198 2812 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:16:23.0198 2812 mrxsmb10 - ok
15:16:23.0229 2812 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:16:23.0229 2812 mrxsmb20 - ok
15:16:23.0276 2812 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:16:23.0276 2812 msahci - ok
15:16:23.0323 2812 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:16:23.0323 2812 msdsm - ok
15:16:23.0369 2812 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:16:23.0369 2812 MSDTC - ok
15:16:23.0401 2812 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:16:23.0401 2812 Msfs - ok
15:16:23.0416 2812 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:16:23.0416 2812 mshidkmdf - ok
15:16:23.0447 2812 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:16:23.0447 2812 msisadrv - ok
15:16:23.0494 2812 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:16:23.0494 2812 MSiSCSI - ok
15:16:23.0510 2812 msiserver - ok
15:16:23.0541 2812 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:16:23.0541 2812 MSKSSRV - ok
15:16:23.0650 2812 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
15:16:23.0650 2812 MsMpSvc - ok
15:16:23.0666 2812 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:16:23.0681 2812 MSPCLOCK - ok
15:16:23.0681 2812 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:16:23.0681 2812 MSPQM - ok
15:16:23.0744 2812 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:16:23.0744 2812 MsRPC - ok
15:16:23.0775 2812 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:16:23.0775 2812 mssmbios - ok
15:16:23.0806 2812 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:16:23.0806 2812 MSTEE - ok
15:16:24.0196 2812 msvsmon90 (0f4dd44765a7d23e0cd9965ee900558f) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
15:16:24.0259 2812 msvsmon90 - ok
15:16:24.0415 2812 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:16:24.0415 2812 MTConfig - ok
15:16:24.0430 2812 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:16:24.0430 2812 Mup - ok
15:16:24.0555 2812 MySQL - ok
15:16:24.0633 2812 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:16:24.0633 2812 napagent - ok
15:16:24.0711 2812 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:16:24.0711 2812 NativeWifiP - ok
15:16:24.0820 2812 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:16:24.0820 2812 NDIS - ok
15:16:24.0883 2812 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:16:24.0883 2812 NdisCap - ok
15:16:24.0929 2812 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:16:24.0929 2812 NdisTapi - ok
15:16:24.0961 2812 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:16:24.0961 2812 Ndisuio - ok
15:16:24.0992 2812 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:16:24.0992 2812 NdisWan - ok
15:16:25.0039 2812 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:16:25.0039 2812 NDProxy - ok
15:16:25.0085 2812 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:16:25.0085 2812 NetBIOS - ok
15:16:25.0132 2812 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:16:25.0148 2812 NetBT - ok
15:16:25.0179 2812 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:16:25.0179 2812 Netlogon - ok
15:16:25.0257 2812 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:16:25.0257 2812 Netman - ok
15:16:25.0304 2812 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:16:25.0304 2812 netprofm - ok
15:16:25.0413 2812 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:16:25.0413 2812 NetTcpPortSharing - ok
15:16:25.0444 2812 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:16:25.0444 2812 nfrd960 - ok
15:16:25.0507 2812 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:16:25.0507 2812 NisDrv - ok
15:16:25.0616 2812 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
15:16:25.0616 2812 NisSrv - ok
15:16:25.0678 2812 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:16:25.0678 2812 NlaSvc - ok
15:16:25.0694 2812 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:16:25.0709 2812 Npfs - ok
15:16:25.0741 2812 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:16:25.0756 2812 nsi - ok
15:16:25.0787 2812 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:16:25.0787 2812 nsiproxy - ok
15:16:25.0943 2812 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
15:16:25.0959 2812 Ntfs - ok
15:16:26.0115 2812 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:16:26.0115 2812 Null - ok
15:16:26.0177 2812 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
15:16:26.0177 2812 nvraid - ok
15:16:26.0193 2812 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
15:16:26.0193 2812 nvstor - ok
15:16:26.0255 2812 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:16:26.0255 2812 nv_agp - ok
15:16:26.0396 2812 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:16:26.0411 2812 odserv - ok
15:16:26.0427 2812 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:16:26.0427 2812 ohci1394 - ok
15:16:26.0474 2812 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:16:26.0489 2812 ose - ok
15:16:26.0552 2812 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:16:26.0567 2812 p2pimsvc - ok
15:16:26.0630 2812 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:16:26.0630 2812 p2psvc - ok
15:16:26.0677 2812 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:16:26.0692 2812 Parport - ok
15:16:26.0723 2812 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:16:26.0723 2812 partmgr - ok
15:16:26.0770 2812 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:16:26.0786 2812 PcaSvc - ok
15:16:26.0833 2812 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:16:26.0833 2812 pci - ok
15:16:26.0848 2812 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:16:26.0864 2812 pciide - ok
15:16:26.0895 2812 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:16:26.0895 2812 pcmcia - ok
15:16:26.0926 2812 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:16:26.0926 2812 pcw - ok
15:16:26.0989 2812 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:16:27.0004 2812 PEAUTH - ok
15:16:27.0113 2812 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:16:27.0113 2812 PerfHost - ok
15:16:27.0254 2812 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:16:27.0285 2812 pla - ok
15:16:27.0363 2812 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:16:27.0363 2812 PlugPlay - ok
15:16:27.0394 2812 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:16:27.0410 2812 PNRPAutoReg - ok
15:16:27.0441 2812 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:16:27.0441 2812 PNRPsvc - ok
15:16:27.0519 2812 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:16:27.0519 2812 PolicyAgent - ok
15:16:27.0581 2812 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:16:27.0581 2812 Power - ok
15:16:27.0659 2812 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:16:27.0675 2812 PptpMiniport - ok
15:16:27.0706 2812 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:16:27.0706 2812 Processor - ok
15:16:27.0769 2812 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:16:27.0784 2812 ProfSvc - ok
15:16:27.0800 2812 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:16:27.0800 2812 ProtectedStorage - ok
15:16:27.0862 2812 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:16:27.0862 2812 Psched - ok
15:16:27.0909 2812 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:16:27.0909 2812 PxHlpa64 - ok
15:16:28.0049 2812 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:16:28.0065 2812 ql2300 - ok
15:16:28.0237 2812 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:16:28.0237 2812 ql40xx - ok
15:16:28.0283 2812 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:16:28.0283 2812 QWAVE - ok
15:16:28.0299 2812 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:16:28.0299 2812 QWAVEdrv - ok
15:16:28.0330 2812 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:16:28.0330 2812 RasAcd - ok
15:16:28.0377 2812 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:16:28.0377 2812 RasAgileVpn - ok
15:16:28.0424 2812 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:16:28.0424 2812 RasAuto - ok
15:16:28.0471 2812 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:16:28.0471 2812 Rasl2tp - ok
15:16:28.0533 2812 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:16:28.0533 2812 RasMan - ok
15:16:28.0580 2812 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:16:28.0595 2812 RasPppoe - ok
15:16:28.0611 2812 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:16:28.0611 2812 RasSstp - ok
15:16:28.0673 2812 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:16:28.0673 2812 rdbss - ok
15:16:28.0689 2812 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:16:28.0689 2812 rdpbus - ok
15:16:28.0720 2812 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:16:28.0720 2812 RDPCDD - ok
15:16:28.0736 2812 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:16:28.0736 2812 RDPENCDD - ok
15:16:28.0751 2812 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:16:28.0751 2812 RDPREFMP - ok
15:16:28.0783 2812 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:16:28.0798 2812 RDPWD - ok
15:16:28.0861 2812 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:16:28.0861 2812 rdyboost - ok
15:16:28.0907 2812 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:16:28.0907 2812 RemoteAccess - ok
15:16:28.0954 2812 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:16:28.0954 2812 RemoteRegistry - ok
15:16:29.0001 2812 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:16:29.0001 2812 RFCOMM - ok
15:16:29.0048 2812 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:16:29.0063 2812 RpcEptMapper - ok
15:16:29.0095 2812 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:16:29.0095 2812 RpcLocator - ok
15:16:29.0157 2812 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:16:29.0173 2812 RpcSs - ok
15:16:29.0219 2812 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:16:29.0219 2812 rspndr - ok
15:16:29.0282 2812 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
15:16:29.0297 2812 RSUSBSTOR - ok
15:16:29.0344 2812 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:16:29.0344 2812 RTL8167 - ok
15:16:29.0375 2812 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:16:29.0375 2812 SamSs - ok
15:16:29.0422 2812 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:16:29.0422 2812 sbp2port - ok
15:16:29.0453 2812 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:16:29.0469 2812 SCardSvr - ok
15:16:29.0485 2812 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:16:29.0485 2812 scfilter - ok
15:16:29.0594 2812 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:16:29.0609 2812 Schedule - ok
15:16:29.0641 2812 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:16:29.0656 2812 SCPolicySvc - ok
15:16:29.0687 2812 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:16:29.0703 2812 SDRSVC - ok
15:16:29.0828 2812 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:16:29.0828 2812 SeaPort - ok
15:16:29.0906 2812 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:16:29.0906 2812 secdrv - ok
15:16:29.0921 2812 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:16:29.0937 2812 seclogon - ok
15:16:29.0968 2812 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:16:29.0984 2812 SENS - ok
15:16:30.0015 2812 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:16:30.0015 2812 SensrSvc - ok
15:16:30.0031 2812 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:16:30.0031 2812 Serenum - ok
15:16:30.0093 2812 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:16:30.0093 2812 Serial - ok
15:16:30.0140 2812 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:16:30.0140 2812 sermouse - ok
15:16:30.0187 2812 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:16:30.0187 2812 SessionEnv - ok
15:16:30.0218 2812 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:16:30.0218 2812 sffdisk - ok
15:16:30.0218 2812 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:16:30.0218 2812 sffp_mmc - ok
15:16:30.0233 2812 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:16:30.0233 2812 sffp_sd - ok
15:16:30.0265 2812 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:16:30.0265 2812 sfloppy - ok
15:16:30.0327 2812 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:16:30.0327 2812 SharedAccess - ok
15:16:30.0389 2812 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:16:30.0405 2812 ShellHWDetection - ok
15:16:30.0452 2812 silabenm (7799106fee728b907a86d9c9751e02d5) C:\Windows\system32\DRIVERS\silabenm.sys
15:16:30.0452 2812 silabenm - ok
15:16:30.0483 2812 silabser (4ad84f9b367b89b48a3338e0aeca06b9) C:\Windows\system32\DRIVERS\silabser.sys
15:16:30.0483 2812 silabser - ok
15:16:30.0499 2812 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:16:30.0514 2812 SiSRaid2 - ok
15:16:30.0530 2812 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:16:30.0530 2812 SiSRaid4 - ok
15:16:30.0623 2812 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:16:30.0623 2812 SkypeUpdate - ok
15:16:30.0655 2812 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:16:30.0670 2812 Smb - ok
15:16:30.0701 2812 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:16:30.0701 2812 SNMPTRAP - ok
15:16:30.0748 2812 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:16:30.0748 2812 spldr - ok
15:16:30.0826 2812 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:16:30.0826 2812 Spooler - ok
15:16:31.0107 2812 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:16:31.0169 2812 sppsvc - ok
15:16:31.0310 2812 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:16:31.0310 2812 sppuinotify - ok
15:16:31.0388 2812 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:16:31.0403 2812 srv - ok
15:16:31.0450 2812 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:16:31.0466 2812 srv2 - ok
15:16:31.0497 2812 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:16:31.0497 2812 srvnet - ok
15:16:31.0559 2812 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:16:31.0559 2812 SSDPSRV - ok
15:16:31.0575 2812 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:16:31.0575 2812 SstpSvc - ok
15:16:31.0622 2812 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:16:31.0622 2812 stexstor - ok
15:16:31.0684 2812 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:16:31.0700 2812 stisvc - ok
15:16:31.0747 2812 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:16:31.0747 2812 swenum - ok
15:16:31.0809 2812 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:16:31.0825 2812 swprv - ok
15:16:31.0981 2812 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:16:32.0012 2812 SysMain - ok
15:16:32.0152 2812 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:16:32.0168 2812 TabletInputService - ok
15:16:32.0199 2812 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:16:32.0215 2812 TapiSrv - ok
15:16:32.0246 2812 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:16:32.0261 2812 TBS - ok
15:16:32.0449 2812 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:16:32.0464 2812 Tcpip - ok
15:16:32.0761 2812 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:16:32.0776 2812 TCPIP6 - ok
15:16:32.0932 2812 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:16:32.0932 2812 tcpipreg - ok
15:16:32.0995 2812 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:16:32.0995 2812 TDPIPE - ok
15:16:33.0026 2812 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:16:33.0026 2812 TDTCP - ok
15:16:33.0073 2812 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:16:33.0073 2812 tdx - ok
15:16:33.0104 2812 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:16:33.0104 2812 TermDD - ok
15:16:33.0182 2812 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:16:33.0197 2812 TermService - ok
15:16:33.0244 2812 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:16:33.0244 2812 Themes - ok
15:16:33.0291 2812 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:16:33.0291 2812 THREADORDER - ok
15:16:33.0400 2812 Tomcat5 (adad1371f9d555c82258cc9f719e7647) C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe
15:16:33.0416 2812 Tomcat5 - ok
15:16:33.0431 2812 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:16:33.0431 2812 TrkWks - ok
15:16:33.0509 2812 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:16:33.0509 2812 TrustedInstaller - ok
15:16:33.0541 2812 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:16:33.0556 2812 tssecsrv - ok
15:16:33.0587 2812 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:16:33.0587 2812 TsUsbFlt - ok
15:16:33.0650 2812 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:16:33.0650 2812 tunnel - ok
15:16:33.0697 2812 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:16:33.0697 2812 uagp35 - ok
15:16:33.0759 2812 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:16:33.0759 2812 udfs - ok
15:16:33.0806 2812 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:16:33.0806 2812 UI0Detect - ok
15:16:33.0853 2812 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:16:33.0853 2812 uliagpkx - ok
15:16:33.0899 2812 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:16:33.0915 2812 umbus - ok
15:16:33.0962 2812 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:16:33.0962 2812 UmPass - ok
15:16:34.0009 2812 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:16:34.0009 2812 upnphost - ok
15:16:34.0055 2812 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:16:34.0087 2812 USBAAPL64 - ok
15:16:34.0133 2812 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
15:16:34.0149 2812 usbccgp - ok
15:16:34.0180 2812 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:16:34.0180 2812 usbcir - ok
15:16:34.0211 2812 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
15:16:34.0211 2812 usbehci - ok
15:16:34.0258 2812 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
15:16:34.0274 2812 usbhub - ok
15:16:34.0305 2812 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
15:16:34.0305 2812 usbohci - ok
15:16:34.0352 2812 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:16:34.0352 2812 usbprint - ok
15:16:34.0383 2812 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
15:16:34.0383 2812 USBSTOR - ok
15:16:34.0399 2812 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
15:16:34.0399 2812 usbuhci - ok
15:16:34.0445 2812 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:16:34.0445 2812 usbvideo - ok
15:16:34.0477 2812 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:16:34.0492 2812 UxSms - ok
15:16:34.0508 2812 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:16:34.0508 2812 VaultSvc - ok
15:16:34.0555 2812 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:16:34.0555 2812 vdrvroot - ok
15:16:34.0633 2812 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:16:34.0648 2812 vds - ok
15:16:34.0695 2812 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:16:34.0695 2812 vga - ok
15:16:34.0711 2812 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:16:34.0711 2812 VgaSave - ok
15:16:34.0773 2812 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:16:34.0773 2812 vhdmp - ok
15:16:34.0820 2812 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:16:34.0820 2812 viaide - ok
15:16:34.0851 2812 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:16:34.0851 2812 volmgr - ok
15:16:34.0913 2812 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:16:34.0913 2812 volmgrx - ok
15:16:34.0976 2812 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:16:34.0976 2812 volsnap - ok
15:16:35.0023 2812 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:16:35.0023 2812 vsmraid - ok
15:16:35.0163 2812 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:16:35.0179 2812 VSS - ok
15:16:35.0319 2812 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:16:35.0319 2812 vwifibus - ok
15:16:35.0350 2812 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:16:35.0366 2812 vwififlt - ok
15:16:35.0428 2812 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:16:35.0428 2812 vwifimp - ok
15:16:35.0491 2812 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:16:35.0491 2812 W32Time - ok
15:16:35.0537 2812 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:16:35.0537 2812 WacomPen - ok
15:16:35.0584 2812 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:16:35.0584 2812 WANARP - ok
15:16:35.0584 2812 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:16:35.0584 2812 Wanarpv6 - ok
15:16:35.0725 2812 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:16:35.0740 2812 WatAdminSvc - ok
15:16:35.0865 2812 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:16:35.0881 2812 wbengine - ok
15:16:36.0037 2812 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:16:36.0037 2812 WbioSrvc - ok
15:16:36.0099 2812 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:16:36.0099 2812 wcncsvc - ok
15:16:36.0130 2812 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:16:36.0130 2812 WcsPlugInService - ok
15:16:36.0193 2812 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:16:36.0193 2812 Wd - ok
15:16:36.0271 2812 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:16:36.0271 2812 Wdf01000 - ok
15:16:36.0302 2812 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:16:36.0302 2812 WdiServiceHost - ok
15:16:36.0317 2812 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:16:36.0317 2812 WdiSystemHost - ok
15:16:36.0364 2812 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:16:36.0364 2812 WebClient - ok
15:16:36.0427 2812 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:16:36.0427 2812 Wecsvc - ok
15:16:36.0458 2812 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:16:36.0458 2812 wercplsupport - ok
15:16:36.0505 2812 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:16:36.0505 2812 WerSvc - ok
15:16:36.0583 2812 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:16:36.0583 2812 WfpLwf - ok
15:16:36.0598 2812 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:16:36.0598 2812 WIMMount - ok
15:16:36.0676 2812 WinDefend - ok
15:16:36.0676 2812 WinHttpAutoProxySvc - ok
15:16:36.0770 2812 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:16:36.0770 2812 Winmgmt - ok
15:16:36.0941 2812 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:16:36.0973 2812 WinRM - ok
15:16:37.0144 2812 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:16:37.0144 2812 WinUsb - ok
15:16:37.0238 2812 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:16:37.0253 2812 Wlansvc - ok
15:16:37.0503 2812 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:16:37.0534 2812 wlidsvc - ok
15:16:37.0612 2812 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
15:16:37.0612 2812 wltrysvc - ok
15:16:37.0753 2812 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:16:37.0753 2812 WmiAcpi - ok
15:16:37.0815 2812 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:16:37.0815 2812 wmiApSrv - ok
15:16:37.0893 2812 WMPNetworkSvc - ok
15:16:37.0924 2812 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:16:37.0924 2812 WPCSvc - ok
15:16:37.0971 2812 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:16:37.0971 2812 WPDBusEnum - ok
15:16:38.0002 2812 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:16:38.0002 2812 ws2ifsl - ok
15:16:38.0049 2812 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:16:38.0049 2812 wscsvc - ok
15:16:38.0049 2812 WSearch - ok
15:16:38.0252 2812 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:16:38.0283 2812 wuauserv - ok
15:16:38.0439 2812 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:16:38.0439 2812 WudfPf - ok
15:16:38.0486 2812 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:16:38.0486 2812 WUDFRd - ok
15:16:38.0517 2812 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:16:38.0517 2812 wudfsvc - ok
15:16:38.0579 2812 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:16:38.0579 2812 WwanSvc - ok
15:16:38.0642 2812 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:16:38.0938 2812 \Device\Harddisk0\DR0 - ok
15:16:38.0954 2812 Boot (0x1200) (ce5930b5af712151cfbbdaa1e8996462) \Device\Harddisk0\DR0\Partition0
15:16:38.0954 2812 \Device\Harddisk0\DR0\Partition0 - ok
15:16:38.0969 2812 Boot (0x1200) (5fbeec304255b89f9f44bfbc42ea0a09) \Device\Harddisk0\DR0\Partition1
15:16:38.0969 2812 \Device\Harddisk0\DR0\Partition1 - ok
15:16:38.0985 2812 Boot (0x1200) (960e5d2d05eaeb4d7d0b8604b9a23368) \Device\Harddisk0\DR0\Partition2
15:16:38.0985 2812 \Device\Harddisk0\DR0\Partition2 - ok
15:16:38.0985 2812 ============================================================
15:16:38.0985 2812 Scan finished
15:16:38.0985 2812 ============================================================
15:16:39.0001 1356 Detected object count: 0
15:16:39.0001 1356 Actual detected object count: 0



=================================================================================
file 2
=================================================================================

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-15 15:19:12
-----------------------------
15:19:12.812 OS Version: Windows x64 6.1.7601 Service Pack 1
15:19:12.812 Number of processors: 4 586 0x2502
15:19:12.812 ComputerName: SomeGuy UserName:
15:19:13.795 Initialize success
15:19:23.536 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:19:23.551 Disk 0 Vendor: SAMSUNG_HM500JI 2AC101C4 Size: 476940MB BusType: 11
15:19:23.551 Disk 0 MBR read successfully
15:19:23.567 Disk 0 MBR scan
15:19:23.567 Disk 0 Windows 7 default MBR code
15:19:23.583 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
15:19:23.583 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848
15:19:23.598 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848
15:19:23.614 Disk 0 Partition - 00 0F Extended LBA 406838 MB offset 143566848
15:19:23.645 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 406837 MB offset 143568896
15:19:23.661 Disk 0 scanning C:\Windows\system32\drivers
15:19:31.041 Service scanning
15:19:48.701 Modules scanning
15:19:48.701 Disk 0 trace - called modules:
15:19:49.231 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:19:49.247 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be3060]
15:19:49.247 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004943060]
15:19:49.262 Scan finished successfully
15:20:15.985 Disk 0 MBR has been saved successfully to "D:\downloads\_virus cleanup\MBR.dat"
15:20:15.985 The log file has been saved successfully to "D:\downloads\_virus cleanup\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 15 July 2012 - 03:25 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 18 July 2012 - 12:51 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 20 July 2012 - 11:16 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 24 July 2012 - 11:38 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users