Jump to content


Photo
- - - - -

Infected with Google Redirect Virus

google redirect

  • This topic is locked This topic is locked
13 replies to this topic

#1 snotbowst

snotbowst

    New Member

  • Members
  • Pip
  • 6 posts

Posted 15 February 2012 - 11:45 PM

I currently am infected with a Google redirect virus. Google sites are slow to load (my GMail refuses to load altogether) and links lead to bogus sites (I get gamblingpuma.com and gimmeanswers.com a lot). Malwarebytes and AdAware have failed to detect and remove the problem.

Here is the DDS and Attach files
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Steve at 23:35:28 on 2012-02-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12269.9378 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CD789F30-E439-421F-86B0-5581BB647305} : DhcpNameServer = 209.18.47.61 209.18.47.62
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-15 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-26 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-1-26 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-15 10:48:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\offreg.dll
2012-02-15 06:19:52 -------- d-----w- C:\Users\Steve\AppData\Roaming\Malwarebytes
2012-02-15 06:19:50 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-15 06:19:49 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-15 06:19:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-15 05:38:31 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-02-15 04:52:26 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 04:52:26 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 04:52:14 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 04:52:14 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 04:52:13 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 04:52:12 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 04:52:09 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 04:52:09 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 04:51:18 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\mpengine.dll
2012-02-11 16:31:16 -------- d-----w- C:\Program Files (x86)\Etron Technology
2012-02-11 06:19:39 -------- d--h--w- C:\Program Files (x86)\Temp
2012-02-11 06:06:25 -------- d-----w- C:\Users\Steve\AppData\Roaming\Logishrd
2012-02-11 05:59:02 -------- d-----w- C:\Users\Steve\AppData\Local\ElevatedDiagnostics
2012-02-07 05:57:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 00:55:41 -------- d-----w- C:\Program Files (x86)\Mumble(PR Edition)
2012-02-02 06:28:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\OpenOffice.org
2012-02-02 00:19:07 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-02-02 00:16:36 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-02 00:16:36 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-02 00:16:36 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-02-02 00:16:35 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-02-01 23:44:29 -------- d-----w- C:\Users\Steve\AppData\Local\PunkBuster
2012-02-01 04:04:21 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-01-31 05:51:27 14744 ----a-w- C:\Users\Steve\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2012-01-31 05:49:10 -------- d-sh--w- C:\ProgramData\SecuROM
2012-01-30 22:21:02 -------- d-----w- C:\Windows\System32\SPReview
2012-01-30 22:19:48 -------- d-----w- C:\Windows\System32\EventProviders
2012-01-30 22:18:39 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-01-30 22:18:38 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-01-30 22:18:38 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-01-30 22:18:38 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-01-30 22:18:38 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-01-30 22:18:29 -------- d-----w- C:\Users\Steve\AppData\Local\Rockstar Games
2012-01-29 16:08:04 -------- d-----w- C:\Windows\SysWow64\xlive
2012-01-29 16:08:04 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-01-28 20:04:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\Red Alert 3
2012-01-28 06:02:13 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-01-28 05:57:53 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-01-28 03:10:30 -------- d-----w- C:\Users\Steve\AppData\Roaming\SPORE
2012-01-27 22:53:38 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2012-01-27 19:01:14 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-01-27 19:01:14 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-01-27 19:01:14 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-01-27 19:01:14 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-01-27 19:01:14 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-01-27 19:01:13 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-01-27 19:01:12 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-01-27 19:01:07 -------- d-----w- C:\Users\Steve\AppData\Local\Oblivion
2012-01-27 09:22:25 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2012-01-27 09:22:21 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-01-27 09:20:59 488448 ----a-w- C:\Windows\System32\secproc.dll
2012-01-27 09:19:59 955904 ----a-w- C:\Windows\System32\localspl.dll
2012-01-27 09:18:59 40960 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-01-27 09:17:59 21760 ----a-w- C:\Windows\System32\drivers\VMBusHID.sys
2012-01-27 09:17:58 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2012-01-27 09:17:58 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2012-01-27 09:17:56 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2012-01-27 09:17:56 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2012-01-27 09:17:36 399872 ----a-w- C:\Windows\System32\dpx.dll
2012-01-27 09:17:36 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2012-01-27 09:17:33 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2012-01-27 09:17:31 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-01-27 09:17:31 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-01-27 09:17:31 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-01-27 09:17:01 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-01-27 09:17:01 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-01-27 09:16:59 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-01-27 08:47:33 -------- d-----w- C:\Windows\SysWow64\Wat
2012-01-27 08:47:33 -------- d-----w- C:\Windows\System32\Wat
2012-01-27 05:50:10 -------- d-----w- C:\Program Files (x86)\EA GAMES
2012-01-27 05:47:20 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-01-27 05:47:20 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-01-27 05:47:20 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-01-27 05:47:20 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-01-27 05:47:20 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-01-27 05:47:20 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-01-27 05:47:15 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-27 05:47:14 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-27 03:57:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-27 03:56:55 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-01-27 03:55:39 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-01-27 03:54:53 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-01-27 03:53:40 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2012-01-27 03:52:52 974336 ----a-w- C:\Windows\System32\WFS.exe
2012-01-27 00:40:51 -------- d-----w- C:\Users\Steve\AppData\Local\Skyrim
2012-01-27 00:33:27 -------- d-----w- C:\Users\Steve\AppData\Roaming\NVIDIA
2012-01-27 00:32:13 -------- d-----w- C:\Users\Steve\AppData\Roaming\.minecraft
2012-01-27 00:31:41 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-27 00:20:46 -------- d-----w- C:\NVIDIA
2012-01-26 23:49:12 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-01-26 23:40:24 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-26 23:39:52 -------- d-----w- C:\Users\Steve\AppData\Local\Google
2012-01-26 23:39:37 -------- d-----w- C:\Users\Steve\AppData\Local\Apps
2012-01-26 23:39:36 -------- d-----w- C:\Users\Steve\AppData\Local\Deployment
2012-01-26 23:37:39 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-01-26 23:37:39 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-01-26 23:37:39 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-01-26 23:37:35 -------- d-----w- C:\Program Files (x86)\Realtek
2012-01-26 23:03:19 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-01-26 23:03:18 -------- d-----w- C:\Program Files (x86)\Steam
2012-01-26 22:51:15 -------- d-sh--w- C:\Windows\Installer
2012-01-26 13:13:59 -------- d-----w- C:\Windows\Panther
2012-01-25 17:12:10 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-01-30 22:28:01 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-01-30 22:28:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-12-23 12:12:12 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 23:35:45.78 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/26/2012 5:48:26 PM
System Uptime: 2/15/2012 3:20:13 AM (20 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-970A-D3
Processor: AMD FX™-6100 Six-Core Processor | Socket M2 | 3300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 335.676 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP48: 2/15/2012 3:00:11 AM - Windows Update
.
==== Installed Programs ======================
.
Ad-Aware
Battlefield 2™
Battlefield 2: Special Forces
Cities XL 2011
Command & Conquer™ Red Alert™ 3
Etron USB3.0 Host Controller
Garry's Mod
Google Chrome
Grand Theft Auto IV
Half-Life 2
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 30
Just Cause 2
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mumble(PR edition) and Murmur(PR edition)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oblivion
OpenOffice.org 3.3
Project Reality: BF2
PunkBuster Services
Realtek Ethernet Controller Driver
S.T.A.L.K.E.R.: Shadow of Chernobyl
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SPORE™
Steam
Team Fortress 2
The Elder Scrolls V: Skyrim
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
WinRAR 4.10 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
2/15/2012 4:20:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
2/15/2012 4:20:18 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/15/2012 2:22:13 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

Attached Files



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 16 February 2012 - 08:20 AM

Hello snotbowst and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please disable your Ad-Aware and its protection module Ad-Watch:
http://www.bleepingc...post__p__649847

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


In your next post, please include:

  • Malwarebytes' Anti-Malware log
  • TDSSKiller log
  • a new fresh DDS log file

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 snotbowst

snotbowst

    New Member

  • Members
  • Pip
  • 6 posts

Posted 16 February 2012 - 08:45 AM

Thanks for the reply Maniac. Unfortunately neither of these tools detected anything.


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.16.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Steve :: STEVE-PC [administrator]

Protection: Enabled

2/16/2012 8:38:42 AM
mbam-log-2012-02-16 (08-38-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194543
Time elapsed: 1 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


08:40:27.0013 3788 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
08:40:27.0325 3788 ============================================================
08:40:27.0325 3788 Current date / time: 2012/02/16 08:40:27.0325
08:40:27.0325 3788 SystemInfo:
08:40:27.0325 3788
08:40:27.0325 3788 OS Version: 6.1.7601 ServicePack: 1.0
08:40:27.0325 3788 Product type: Workstation
08:40:27.0325 3788 ComputerName: STEVE-PC
08:40:27.0325 3788 UserName: Steve
08:40:27.0325 3788 Windows directory: C:\Windows
08:40:27.0325 3788 System windows directory: C:\Windows
08:40:27.0325 3788 Running under WOW64
08:40:27.0325 3788 Processor architecture: Intel x64
08:40:27.0325 3788 Number of processors: 6
08:40:27.0325 3788 Page size: 0x1000
08:40:27.0325 3788 Boot type: Normal boot
08:40:27.0325 3788 ============================================================
08:40:27.0886 3788 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
08:40:27.0902 3788 \Device\Harddisk0\DR0:
08:40:27.0902 3788 MBR used
08:40:27.0902 3788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:40:27.0902 3788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
08:40:27.0964 3788 Initialize success
08:40:27.0964 3788 ============================================================
08:40:42.0536 0876 ============================================================
08:40:42.0536 0876 Scan started
08:40:42.0536 0876 Mode: Manual; SigCheck; TDLFS;
08:40:42.0536 0876 ============================================================
08:40:43.0144 0876 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:40:43.0254 0876 1394ohci - ok
08:40:43.0300 0876 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:40:43.0316 0876 ACPI - ok
08:40:43.0332 0876 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:40:43.0394 0876 AcpiPmi - ok
08:40:43.0441 0876 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:40:43.0456 0876 adp94xx - ok
08:40:43.0472 0876 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:40:43.0488 0876 adpahci - ok
08:40:43.0503 0876 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:40:43.0519 0876 adpu320 - ok
08:40:43.0550 0876 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:40:43.0566 0876 AFD - ok
08:40:43.0597 0876 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:40:43.0612 0876 agp440 - ok
08:40:43.0644 0876 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:40:43.0659 0876 aliide - ok
08:40:43.0675 0876 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:40:43.0690 0876 amdide - ok
08:40:43.0722 0876 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:40:43.0768 0876 AmdK8 - ok
08:40:43.0784 0876 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:40:43.0815 0876 AmdPPM - ok
08:40:43.0846 0876 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:40:43.0862 0876 amdsata - ok
08:40:43.0878 0876 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:40:43.0878 0876 amdsbs - ok
08:40:43.0909 0876 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:40:43.0909 0876 amdxata - ok
08:40:43.0971 0876 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:40:44.0034 0876 AppID - ok
08:40:44.0065 0876 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:40:44.0080 0876 arc - ok
08:40:44.0080 0876 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:40:44.0096 0876 arcsas - ok
08:40:44.0112 0876 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:40:44.0221 0876 AsyncMac - ok
08:40:44.0236 0876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:40:44.0236 0876 atapi - ok
08:40:44.0314 0876 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:40:44.0361 0876 b06bdrv - ok
08:40:44.0392 0876 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:40:44.0408 0876 b57nd60a - ok
08:40:44.0439 0876 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:40:44.0455 0876 Beep - ok
08:40:44.0502 0876 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:40:44.0533 0876 blbdrive - ok
08:40:44.0564 0876 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:40:44.0580 0876 bowser - ok
08:40:44.0611 0876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:40:44.0673 0876 BrFiltLo - ok
08:40:44.0673 0876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:40:44.0689 0876 BrFiltUp - ok
08:40:44.0720 0876 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:40:44.0767 0876 Brserid - ok
08:40:44.0767 0876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:40:44.0814 0876 BrSerWdm - ok
08:40:44.0845 0876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:40:44.0860 0876 BrUsbMdm - ok
08:40:44.0876 0876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:40:44.0923 0876 BrUsbSer - ok
08:40:44.0970 0876 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:40:45.0001 0876 BTHMODEM - ok
08:40:45.0048 0876 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:40:45.0094 0876 cdfs - ok
08:40:45.0141 0876 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:40:45.0157 0876 cdrom - ok
08:40:45.0172 0876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:40:45.0188 0876 circlass - ok
08:40:45.0235 0876 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:40:45.0250 0876 CLFS - ok
08:40:45.0313 0876 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:40:45.0344 0876 CmBatt - ok
08:40:45.0375 0876 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:40:45.0375 0876 cmdide - ok
08:40:45.0422 0876 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:40:45.0438 0876 CNG - ok
08:40:45.0459 0876 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:40:45.0467 0876 Compbatt - ok
08:40:45.0495 0876 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:40:45.0526 0876 CompositeBus - ok
08:40:45.0568 0876 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:40:45.0576 0876 crcdisk - ok
08:40:45.0628 0876 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:40:45.0678 0876 CSC - ok
08:40:45.0728 0876 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:40:45.0774 0876 DfsC - ok
08:40:45.0800 0876 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:40:45.0875 0876 discache - ok
08:40:45.0895 0876 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:40:45.0904 0876 Disk - ok
08:40:45.0945 0876 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:40:45.0980 0876 drmkaud - ok
08:40:46.0023 0876 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:40:46.0047 0876 DXGKrnl - ok
08:40:46.0158 0876 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:40:46.0265 0876 ebdrv - ok
08:40:46.0307 0876 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:40:46.0323 0876 elxstor - ok
08:40:46.0363 0876 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:40:46.0388 0876 ErrDev - ok
08:40:46.0428 0876 EtronHub3 (d182c5a0d436c8fd8c08a5424a3448fa) C:\Windows\system32\Drivers\EtronHub3.sys
08:40:46.0474 0876 EtronHub3 - ok
08:40:46.0505 0876 EtronXHCI (cad747aceb8e693b3d92613655602219) C:\Windows\system32\Drivers\EtronXHCI.sys
08:40:46.0536 0876 EtronXHCI - ok
08:40:46.0580 0876 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:40:46.0629 0876 exfat - ok
08:40:46.0651 0876 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:40:46.0712 0876 fastfat - ok
08:40:46.0733 0876 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:40:46.0743 0876 fdc - ok
08:40:46.0760 0876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:40:46.0768 0876 FileInfo - ok
08:40:46.0782 0876 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:40:46.0829 0876 Filetrace - ok
08:40:46.0836 0876 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:40:46.0845 0876 flpydisk - ok
08:40:46.0895 0876 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:40:46.0907 0876 FltMgr - ok
08:40:46.0920 0876 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:40:46.0924 0876 FsDepends - ok
08:40:46.0940 0876 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:40:46.0940 0876 Fs_Rec - ok
08:40:47.0002 0876 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:40:47.0002 0876 fvevol - ok
08:40:47.0033 0876 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:40:47.0033 0876 gagp30kx - ok
08:40:47.0049 0876 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:40:47.0096 0876 hcw85cir - ok
08:40:47.0127 0876 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:40:47.0143 0876 HdAudAddService - ok
08:40:47.0205 0876 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:40:47.0236 0876 HDAudBus - ok
08:40:47.0283 0876 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:40:47.0314 0876 HidBatt - ok
08:40:47.0314 0876 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:40:47.0345 0876 HidBth - ok
08:40:47.0345 0876 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:40:47.0392 0876 HidIr - ok
08:40:47.0455 0876 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:40:47.0517 0876 HidUsb - ok
08:40:47.0548 0876 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:40:47.0564 0876 HpSAMD - ok
08:40:47.0611 0876 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:40:47.0673 0876 HTTP - ok
08:40:47.0704 0876 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:40:47.0720 0876 hwpolicy - ok
08:40:47.0767 0876 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:40:47.0782 0876 i8042prt - ok
08:40:47.0813 0876 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:40:47.0829 0876 iaStorV - ok
08:40:47.0845 0876 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:40:47.0860 0876 iirsp - ok
08:40:47.0876 0876 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:40:47.0891 0876 intelide - ok
08:40:47.0923 0876 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:40:47.0923 0876 intelppm - ok
08:40:47.0969 0876 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:40:48.0016 0876 IpFilterDriver - ok
08:40:48.0032 0876 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:40:48.0063 0876 IPMIDRV - ok
08:40:48.0094 0876 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:40:48.0141 0876 IPNAT - ok
08:40:48.0172 0876 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:40:48.0250 0876 IRENUM - ok
08:40:48.0266 0876 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:40:48.0266 0876 isapnp - ok
08:40:48.0281 0876 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:40:48.0297 0876 iScsiPrt - ok
08:40:48.0328 0876 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:40:48.0328 0876 kbdclass - ok
08:40:48.0359 0876 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:40:48.0375 0876 kbdhid - ok
08:40:48.0422 0876 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:40:48.0437 0876 KSecDD - ok
08:40:48.0453 0876 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:40:48.0453 0876 KSecPkg - ok
08:40:48.0484 0876 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:40:48.0531 0876 ksthunk - ok
08:40:48.0562 0876 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
08:40:48.0609 0876 Lbd - ok
08:40:48.0640 0876 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:40:48.0671 0876 lltdio - ok
08:40:48.0718 0876 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:40:48.0718 0876 LSI_FC - ok
08:40:48.0734 0876 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:40:48.0749 0876 LSI_SAS - ok
08:40:48.0765 0876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:40:48.0765 0876 LSI_SAS2 - ok
08:40:48.0796 0876 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:40:48.0796 0876 LSI_SCSI - ok
08:40:48.0827 0876 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:40:48.0859 0876 luafv - ok
08:40:48.0890 0876 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
08:40:48.0890 0876 MBAMProtector - ok
08:40:48.0921 0876 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:40:48.0921 0876 megasas - ok
08:40:48.0937 0876 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:40:48.0952 0876 MegaSR - ok
08:40:48.0968 0876 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:40:49.0015 0876 Modem - ok
08:40:49.0046 0876 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:40:49.0077 0876 monitor - ok
08:40:49.0124 0876 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:40:49.0139 0876 mouclass - ok
08:40:49.0155 0876 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:40:49.0186 0876 mouhid - ok
08:40:49.0217 0876 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:40:49.0233 0876 mountmgr - ok
08:40:49.0264 0876 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:40:49.0264 0876 mpio - ok
08:40:49.0295 0876 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:40:49.0342 0876 mpsdrv - ok
08:40:49.0373 0876 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:40:49.0405 0876 MRxDAV - ok
08:40:49.0436 0876 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:40:49.0483 0876 mrxsmb - ok
08:40:49.0529 0876 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:40:49.0529 0876 mrxsmb10 - ok
08:40:49.0545 0876 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:40:49.0576 0876 mrxsmb20 - ok
08:40:49.0607 0876 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:40:49.0626 0876 msahci - ok
08:40:49.0649 0876 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:40:49.0659 0876 msdsm - ok
08:40:49.0689 0876 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:40:49.0717 0876 Msfs - ok
08:40:49.0731 0876 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:40:49.0778 0876 mshidkmdf - ok
08:40:49.0813 0876 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:40:49.0822 0876 msisadrv - ok
08:40:49.0855 0876 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:40:49.0899 0876 MSKSSRV - ok
08:40:49.0926 0876 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:40:49.0970 0876 MSPCLOCK - ok
08:40:49.0976 0876 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:40:50.0005 0876 MSPQM - ok
08:40:50.0047 0876 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:40:50.0060 0876 MsRPC - ok
08:40:50.0085 0876 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:40:50.0092 0876 mssmbios - ok
08:40:50.0110 0876 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:40:50.0162 0876 MSTEE - ok
08:40:50.0169 0876 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:40:50.0181 0876 MTConfig - ok
08:40:50.0217 0876 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:40:50.0225 0876 Mup - ok
08:40:50.0250 0876 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:40:50.0289 0876 NativeWifiP - ok
08:40:50.0356 0876 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:40:50.0380 0876 NDIS - ok
08:40:50.0417 0876 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:40:50.0466 0876 NdisCap - ok
08:40:50.0492 0876 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:40:50.0521 0876 NdisTapi - ok
08:40:50.0553 0876 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:40:50.0582 0876 Ndisuio - ok
08:40:50.0615 0876 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:40:50.0660 0876 NdisWan - ok
08:40:50.0691 0876 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:40:50.0723 0876 NDProxy - ok
08:40:50.0785 0876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:40:50.0832 0876 NetBIOS - ok
08:40:50.0910 0876 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:40:50.0957 0876 NetBT - ok
08:40:50.0988 0876 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:40:51.0003 0876 nfrd960 - ok
08:40:51.0019 0876 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:40:51.0066 0876 Npfs - ok
08:40:51.0097 0876 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:40:51.0128 0876 nsiproxy - ok
08:40:51.0175 0876 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:40:51.0222 0876 Ntfs - ok
08:40:51.0242 0876 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:40:51.0271 0876 Null - ok
08:40:51.0309 0876 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
08:40:51.0318 0876 NVHDA - ok
08:40:51.0517 0876 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:40:51.0813 0876 nvlddmkm - ok
08:40:51.0849 0876 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:40:51.0858 0876 nvraid - ok
08:40:51.0869 0876 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:40:51.0879 0876 nvstor - ok
08:40:51.0914 0876 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:40:51.0924 0876 nv_agp - ok
08:40:51.0955 0876 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:40:51.0992 0876 ohci1394 - ok
08:40:52.0035 0876 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:40:52.0046 0876 Parport - ok
08:40:52.0082 0876 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:40:52.0090 0876 partmgr - ok
08:40:52.0110 0876 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:40:52.0121 0876 pci - ok
08:40:52.0144 0876 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:40:52.0152 0876 pciide - ok
08:40:52.0169 0876 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:40:52.0179 0876 pcmcia - ok
08:40:52.0193 0876 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:40:52.0200 0876 pcw - ok
08:40:52.0233 0876 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:40:52.0290 0876 PEAUTH - ok
08:40:52.0361 0876 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:40:52.0408 0876 PptpMiniport - ok
08:40:52.0439 0876 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:40:52.0470 0876 Processor - ok
08:40:52.0533 0876 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:40:52.0579 0876 Psched - ok
08:40:52.0626 0876 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:40:52.0673 0876 ql2300 - ok
08:40:52.0673 0876 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:40:52.0689 0876 ql40xx - ok
08:40:52.0704 0876 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:40:52.0720 0876 QWAVEdrv - ok
08:40:52.0735 0876 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:40:52.0767 0876 RasAcd - ok
08:40:52.0782 0876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:40:52.0813 0876 RasAgileVpn - ok
08:40:52.0845 0876 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:40:52.0891 0876 Rasl2tp - ok
08:40:52.0923 0876 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:40:52.0969 0876 RasPppoe - ok
08:40:52.0985 0876 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:40:53.0016 0876 RasSstp - ok
08:40:53.0063 0876 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:40:53.0110 0876 rdbss - ok
08:40:53.0125 0876 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:40:53.0157 0876 rdpbus - ok
08:40:53.0188 0876 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:40:53.0219 0876 RDPCDD - ok
08:40:53.0266 0876 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:40:53.0281 0876 RDPDR - ok
08:40:53.0313 0876 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:40:53.0359 0876 RDPENCDD - ok
08:40:53.0391 0876 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:40:53.0406 0876 RDPREFMP - ok
08:40:53.0453 0876 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:40:53.0500 0876 RDPWD - ok
08:40:53.0562 0876 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:40:53.0578 0876 rdyboost - ok
08:40:53.0609 0876 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:40:53.0656 0876 rspndr - ok
08:40:53.0702 0876 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:40:53.0718 0876 RTL8167 - ok
08:40:53.0755 0876 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:40:53.0773 0876 s3cap - ok
08:40:53.0789 0876 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:40:53.0799 0876 sbp2port - ok
08:40:53.0842 0876 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:40:53.0886 0876 scfilter - ok
08:40:53.0927 0876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:40:53.0979 0876 secdrv - ok
08:40:54.0005 0876 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:40:54.0038 0876 Serenum - ok
08:40:54.0066 0876 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:40:54.0077 0876 Serial - ok
08:40:54.0163 0876 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:40:54.0193 0876 sermouse - ok
08:40:54.0224 0876 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:40:54.0275 0876 sffdisk - ok
08:40:54.0289 0876 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:40:54.0298 0876 sffp_mmc - ok
08:40:54.0309 0876 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:40:54.0339 0876 sffp_sd - ok
08:40:54.0374 0876 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:40:54.0384 0876 sfloppy - ok
08:40:54.0408 0876 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:40:54.0417 0876 SiSRaid2 - ok
08:40:54.0433 0876 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:40:54.0442 0876 SiSRaid4 - ok
08:40:54.0470 0876 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:40:54.0500 0876 Smb - ok
08:40:54.0542 0876 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:40:54.0549 0876 spldr - ok
08:40:54.0589 0876 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:40:54.0643 0876 srv - ok
08:40:54.0659 0876 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:40:54.0690 0876 srv2 - ok
08:40:54.0737 0876 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:40:54.0753 0876 srvnet - ok
08:40:54.0815 0876 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:40:54.0815 0876 stexstor - ok
08:40:54.0846 0876 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:40:54.0862 0876 storflt - ok
08:40:54.0877 0876 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:40:54.0893 0876 storvsc - ok
08:40:54.0909 0876 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:40:54.0909 0876 swenum - ok
08:40:54.0971 0876 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:40:55.0033 0876 Tcpip - ok
08:40:55.0065 0876 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:40:55.0096 0876 TCPIP6 - ok
08:40:55.0143 0876 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:40:55.0174 0876 tcpipreg - ok
08:40:55.0189 0876 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:40:55.0221 0876 TDPIPE - ok
08:40:55.0221 0876 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:40:55.0252 0876 TDTCP - ok
08:40:55.0299 0876 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:40:55.0330 0876 tdx - ok
08:40:55.0345 0876 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:40:55.0361 0876 TermDD - ok
08:40:55.0408 0876 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:40:55.0455 0876 tssecsrv - ok
08:40:55.0517 0876 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:40:55.0548 0876 TsUsbFlt - ok
08:40:55.0595 0876 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:40:55.0642 0876 tunnel - ok
08:40:55.0673 0876 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:40:55.0695 0876 uagp35 - ok
08:40:55.0719 0876 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:40:55.0751 0876 udfs - ok
08:40:55.0791 0876 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:40:55.0800 0876 uliagpkx - ok
08:40:55.0863 0876 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:40:55.0910 0876 umbus - ok
08:40:55.0992 0876 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:40:56.0017 0876 UmPass - ok
08:40:56.0051 0876 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:40:56.0077 0876 usbccgp - ok
08:40:56.0116 0876 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:40:56.0146 0876 usbcir - ok
08:40:56.0170 0876 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:40:56.0196 0876 usbehci - ok
08:40:56.0236 0876 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:40:56.0265 0876 usbhub - ok
08:40:56.0290 0876 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:40:56.0321 0876 usbohci - ok
08:40:56.0365 0876 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:40:56.0401 0876 usbprint - ok
08:40:56.0423 0876 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
08:40:56.0467 0876 USBSTOR - ok
08:40:56.0481 0876 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:40:56.0509 0876 usbuhci - ok
08:40:56.0546 0876 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:40:56.0554 0876 vdrvroot - ok
08:40:56.0583 0876 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:40:56.0595 0876 vga - ok
08:40:56.0620 0876 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:40:56.0661 0876 VgaSave - ok
08:40:56.0707 0876 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:40:56.0723 0876 vhdmp - ok
08:40:56.0739 0876 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:40:56.0754 0876 viaide - ok
08:40:56.0770 0876 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:40:56.0785 0876 vmbus - ok
08:40:56.0817 0876 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:40:56.0848 0876 VMBusHID - ok
08:40:56.0879 0876 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:40:56.0879 0876 volmgr - ok
08:40:56.0926 0876 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:40:56.0941 0876 volmgrx - ok
08:40:56.0957 0876 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:40:56.0957 0876 volsnap - ok
08:40:56.0988 0876 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:40:56.0988 0876 vsmraid - ok
08:40:57.0004 0876 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:40:57.0035 0876 vwifibus - ok
08:40:57.0066 0876 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:40:57.0113 0876 WacomPen - ok
08:40:57.0160 0876 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:40:57.0191 0876 WANARP - ok
08:40:57.0191 0876 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:40:57.0222 0876 Wanarpv6 - ok
08:40:57.0238 0876 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:40:57.0238 0876 Wd - ok
08:40:57.0269 0876 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:40:57.0285 0876 Wdf01000 - ok
08:40:57.0331 0876 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:40:57.0347 0876 WfpLwf - ok
08:40:57.0363 0876 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:40:57.0378 0876 WIMMount - ok
08:40:57.0425 0876 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:40:57.0456 0876 WmiAcpi - ok
08:40:57.0487 0876 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:40:57.0519 0876 ws2ifsl - ok
08:40:57.0550 0876 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:40:57.0597 0876 WudfPf - ok
08:40:57.0643 0876 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:40:57.0675 0876 WUDFRd - ok
08:40:57.0709 0876 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:40:57.0846 0876 \Device\Harddisk0\DR0 - ok
08:40:57.0848 0876 Boot (0x1200) (69f80c526140b7943a9e7132e1f1b587) \Device\Harddisk0\DR0\Partition0
08:40:57.0849 0876 \Device\Harddisk0\DR0\Partition0 - ok
08:40:57.0877 0876 Boot (0x1200) (eeaaf19d1c99eb5d720b710fa3a87f28) \Device\Harddisk0\DR0\Partition1
08:40:57.0879 0876 \Device\Harddisk0\DR0\Partition1 - ok
08:40:57.0880 0876 ============================================================
08:40:57.0880 0876 Scan finished
08:40:57.0880 0876 ============================================================
08:40:57.0888 3892 Detected object count: 0
08:40:57.0888 3892 Actual detected object count: 0


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Steve at 8:44:14 on 2012-02-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12269.9481 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Users\Steve\Downloads\tdsskiller.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CD789F30-E439-421F-86B0-5581BB647305} : DhcpNameServer = 209.18.47.61 209.18.47.62
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-15 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-26 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-15 10:48:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\offreg.dll
2012-02-15 06:19:52 -------- d-----w- C:\Users\Steve\AppData\Roaming\Malwarebytes
2012-02-15 06:19:50 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-15 06:19:49 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-15 06:19:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-15 05:38:31 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-02-15 04:52:26 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 04:52:26 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 04:52:14 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 04:52:14 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 04:52:13 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 04:52:12 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 04:52:09 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 04:52:09 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 04:51:18 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\mpengine.dll
2012-02-11 16:31:16 -------- d-----w- C:\Program Files (x86)\Etron Technology
2012-02-11 06:19:39 -------- d--h--w- C:\Program Files (x86)\Temp
2012-02-11 06:06:25 -------- d-----w- C:\Users\Steve\AppData\Roaming\Logishrd
2012-02-11 05:59:02 -------- d-----w- C:\Users\Steve\AppData\Local\ElevatedDiagnostics
2012-02-07 05:57:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 00:55:41 -------- d-----w- C:\Program Files (x86)\Mumble(PR Edition)
2012-02-02 06:28:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\OpenOffice.org
2012-02-02 00:19:07 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-02-02 00:16:36 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-02 00:16:36 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-02 00:16:36 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-02-02 00:16:35 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-02-01 23:44:29 -------- d-----w- C:\Users\Steve\AppData\Local\PunkBuster
2012-02-01 04:04:21 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-01-31 05:51:27 14744 ----a-w- C:\Users\Steve\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2012-01-31 05:49:10 -------- d-sh--w- C:\ProgramData\SecuROM
2012-01-30 22:21:02 -------- d-----w- C:\Windows\System32\SPReview
2012-01-30 22:19:48 -------- d-----w- C:\Windows\System32\EventProviders
2012-01-30 22:18:39 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-01-30 22:18:38 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-01-30 22:18:38 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-01-30 22:18:38 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-01-30 22:18:38 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-01-30 22:18:29 -------- d-----w- C:\Users\Steve\AppData\Local\Rockstar Games
2012-01-29 16:08:04 -------- d-----w- C:\Windows\SysWow64\xlive
2012-01-29 16:08:04 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-01-28 20:04:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\Red Alert 3
2012-01-28 06:02:13 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-01-28 05:57:53 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-01-28 03:10:30 -------- d-----w- C:\Users\Steve\AppData\Roaming\SPORE
2012-01-27 22:53:38 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2012-01-27 19:01:14 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-01-27 19:01:14 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-01-27 19:01:14 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-01-27 19:01:14 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-01-27 19:01:14 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-01-27 19:01:13 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-01-27 19:01:12 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-01-27 19:01:07 -------- d-----w- C:\Users\Steve\AppData\Local\Oblivion
2012-01-27 09:22:25 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2012-01-27 09:22:21 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-01-27 09:20:59 488448 ----a-w- C:\Windows\System32\secproc.dll
2012-01-27 09:19:59 955904 ----a-w- C:\Windows\System32\localspl.dll
2012-01-27 09:18:59 40960 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-01-27 09:17:59 21760 ----a-w- C:\Windows\System32\drivers\VMBusHID.sys
2012-01-27 09:17:58 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2012-01-27 09:17:58 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2012-01-27 09:17:56 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2012-01-27 09:17:56 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2012-01-27 09:17:36 399872 ----a-w- C:\Windows\System32\dpx.dll
2012-01-27 09:17:36 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2012-01-27 09:17:33 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2012-01-27 09:17:31 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-01-27 09:17:31 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-01-27 09:17:31 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-01-27 09:17:01 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-01-27 09:17:01 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-01-27 09:16:59 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-01-27 08:47:33 -------- d-----w- C:\Windows\SysWow64\Wat
2012-01-27 08:47:33 -------- d-----w- C:\Windows\System32\Wat
2012-01-27 05:50:10 -------- d-----w- C:\Program Files (x86)\EA GAMES
2012-01-27 05:47:20 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-01-27 05:47:20 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-01-27 05:47:20 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-01-27 05:47:20 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-01-27 05:47:20 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-01-27 05:47:20 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-01-27 05:47:15 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-27 05:47:14 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-27 03:57:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-27 03:56:55 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-01-27 03:55:39 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-01-27 03:54:53 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-01-27 03:53:40 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2012-01-27 03:52:52 974336 ----a-w- C:\Windows\System32\WFS.exe
2012-01-27 00:40:51 -------- d-----w- C:\Users\Steve\AppData\Local\Skyrim
2012-01-27 00:33:27 -------- d-----w- C:\Users\Steve\AppData\Roaming\NVIDIA
2012-01-27 00:32:13 -------- d-----w- C:\Users\Steve\AppData\Roaming\.minecraft
2012-01-27 00:31:41 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-27 00:20:46 -------- d-----w- C:\NVIDIA
2012-01-26 23:49:12 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-01-26 23:40:24 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-26 23:39:52 -------- d-----w- C:\Users\Steve\AppData\Local\Google
2012-01-26 23:39:37 -------- d-----w- C:\Users\Steve\AppData\Local\Apps
2012-01-26 23:39:36 -------- d-----w- C:\Users\Steve\AppData\Local\Deployment
2012-01-26 23:37:39 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-01-26 23:37:39 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-01-26 23:37:39 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-01-26 23:37:35 -------- d-----w- C:\Program Files (x86)\Realtek
2012-01-26 23:03:19 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-01-26 23:03:18 -------- d-----w- C:\Program Files (x86)\Steam
2012-01-26 22:51:15 -------- d-sh--w- C:\Windows\Installer
2012-01-26 13:13:59 -------- d-----w- C:\Windows\Panther
2012-01-25 17:12:10 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-01-30 22:28:01 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-01-30 22:28:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-12-23 12:12:12 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 8:44:29.90 ===============

Attached Files



#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 16 February 2012 - 08:55 AM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 snotbowst

snotbowst

    New Member

  • Members
  • Pip
  • 6 posts

Posted 16 February 2012 - 08:07 PM

Well, that may have fixed the problem, hopefully.


ComboFix 12-02-16.02 - Steve 02/16/2012 19:52:47.1.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12269.9772 [GMT -5:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 00:56 . 2012-02-17 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-15 06:19 . 2012-02-15 06:19 -------- d-----w- c:\programdata\Malwarebytes
2012-02-15 06:19 . 2012-02-15 06:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-15 06:19 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 05:38 . 2012-01-26 23:49 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-15 04:52 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 04:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 04:52 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 04:52 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 04:52 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 04:52 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 04:52 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 04:52 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 04:51 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\mpengine.dll
2012-02-11 16:31 . 2012-02-11 16:31 -------- d-----w- c:\program files (x86)\Etron Technology
2012-02-11 06:49 . 2012-02-11 06:49 -------- d-----w- c:\program files\Logitech
2012-02-11 06:19 . 2012-02-11 06:20 -------- d--h--w- c:\program files (x86)\Temp
2012-02-11 06:07 . 2012-02-11 06:49 -------- d-----w- c:\programdata\Logishrd
2012-02-11 06:07 . 2012-02-11 06:49 -------- d-----w- c:\program files\Common Files\Logishrd
2012-02-07 05:57 . 2012-02-07 05:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-07 05:57 . 2012-02-07 05:57 -------- d-----w- c:\windows\system32\Macromed
2012-02-03 00:55 . 2012-02-03 00:55 -------- d-----w- c:\program files (x86)\Mumble(PR Edition)
2012-02-02 00:19 . 2012-02-03 01:04 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-02 00:16 . 2012-02-03 01:04 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-02 00:16 . 2012-02-03 00:56 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-02 00:16 . 2012-02-02 00:23 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-02 00:16 . 2012-02-03 00:56 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-02-01 04:04 . 2012-02-01 04:04 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-01-31 05:49 . 2012-01-31 05:49 -------- d-sh--w- c:\programdata\SecuROM
2012-01-30 22:21 . 2012-01-30 22:21 -------- d-----w- c:\windows\system32\SPReview
2012-01-30 22:19 . 2012-01-30 22:19 -------- d-----w- c:\windows\system32\EventProviders
2012-01-30 22:18 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-01-30 22:18 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-01-30 22:18 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-01-30 22:18 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-01-30 22:18 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-01-29 16:08 . 2012-01-29 16:08 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-01-29 16:08 . 2012-01-29 16:08 -------- d-----w- c:\windows\SysWow64\xlive
2012-01-28 06:51 . 2012-01-28 06:51 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-01-28 05:57 . 2012-01-28 05:57 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-01-27 22:53 . 2012-01-27 22:53 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2012-01-27 09:22 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-01-27 09:22 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-01-27 09:20 . 2010-11-20 13:27 3008000 ----a-w- c:\windows\system32\xpsservices.dll
2012-01-27 09:19 . 2010-11-20 13:27 299520 ----a-w- c:\windows\system32\tsmf.dll
2012-01-27 09:18 . 2010-11-20 13:27 40960 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-01-27 09:17 . 2010-11-20 09:57 21760 ----a-w- c:\windows\system32\drivers\VMBusHID.sys
2012-01-27 09:17 . 2010-11-20 13:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-01-27 09:17 . 2010-11-20 12:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-01-27 09:17 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-01-27 09:17 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-01-27 09:17 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-01-27 09:17 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-01-27 09:17 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-01-27 09:17 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-01-27 09:17 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-01-27 09:17 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-01-27 09:17 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-01-27 09:17 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-01-27 09:16 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-01-27 08:47 . 2012-01-27 08:47 -------- d-----w- c:\windows\SysWow64\Wat
2012-01-27 08:47 . 2012-01-27 08:47 -------- d-----w- c:\windows\system32\Wat
2012-01-27 05:59 . 2012-01-27 05:59 -------- d-----w- c:\windows\SysWow64\Macromed
2012-01-27 05:50 . 2012-01-28 19:48 -------- d-----w- c:\program files (x86)\EA GAMES
2012-01-27 05:47 . 2012-01-27 05:47 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-01-27 03:57 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-27 03:56 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-27 03:55 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-01-27 03:54 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-27 03:53 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-01-27 03:52 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-01-27 00:40 . 2010-02-04 15:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-01-27 00:31 . 2012-01-27 00:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-27 00:31 . 2012-01-27 00:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-27 00:31 . 2012-02-01 04:03 -------- d-----w- c:\program files (x86)\Java
2012-01-27 00:20 . 2012-01-27 00:20 -------- d-----w- C:\NVIDIA
2012-01-26 23:49 . 2012-01-26 23:49 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-26 23:40 . 2012-01-27 05:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-26 23:37 . 2011-08-23 13:57 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-01-26 23:37 . 2011-08-23 13:57 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-01-26 23:37 . 2011-08-23 13:57 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-01-26 23:37 . 2012-02-11 16:31 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-01-26 23:37 . 2012-01-26 23:37 -------- d-----w- c:\program files (x86)\Realtek
2012-01-26 23:03 . 2012-02-16 04:34 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-01-26 23:03 . 2012-02-16 04:52 -------- d-----w- c:\program files (x86)\Steam
2012-01-26 22:51 . 2012-02-15 08:04 -------- d-sh--w- c:\windows\Installer
2012-01-26 22:48 . 2012-02-11 16:18 -------- d-----w- c:\users\Steve
2012-01-26 13:13 . 2012-01-26 22:48 -------- d-----w- c:\windows\Panther
2012-01-25 17:12 . 2012-01-26 22:48 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 05:58 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-01-31 05:58 . 2009-08-18 16:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-30 22:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-30 22:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-01-26 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-01-26 2152152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654888537-392952013-908355606-1000Core.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 23:39]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654888537-392952013-908355606-1000UA.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 23:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 85.195.91.34
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1654888537-392952013-908355606-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b8,c9,1e,f3,3b,55,b2,07,64,fc,e1,36,42,62,48,ce,64,59,29,01,0e,8c,cb,
58,e7,18,73,5d,51,c2,04,57,87,1b,ee,8a,57,e7,dd,d8,07,89,19,bd,16,d6,b6,13,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1654888537-392952013-908355606-1000\Software\SecuROM\License information*]
"datasecu"=hex:ac,f8,3c,2a,43,ba,08,22,91,94,e0,80,2a,46,e1,86,63,e4,98,ea,8c,
5a,f7,05,86,52,31,78,31,45,a5,0d,87,c0,6a,be,81,a7,dc,b9,0a,94,61,f3,b6,ba,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-02-16 20:00:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-17 01:00
.
Pre-Run: 360,173,694,976 bytes free
Post-Run: 360,320,483,328 bytes free
.
- - End Of File - - ECD0B0BCB06D125DA58738AAAB78B8C4

Attached Files



#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 February 2012 - 02:58 AM

Step 1

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.


Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


In your next post, please include:

  • MBRCheck log
  • Farbar Service Scanner log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 snotbowst

snotbowst

    New Member

  • Members
  • Pip
  • 6 posts

Posted 20 February 2012 - 11:08 PM

Sorry for the lateness, thanks for the replay, and here's all the reports. Looks clean.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-970A-D3
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 151):
0x02E0E000 \SystemRoot\system32\ntoskrnl.exe
0x033F7000 \SystemRoot\system32\hal.dll
0x00B9A000 \SystemRoot\system32\kdcom.dll
0x00C34000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C41000 \SystemRoot\system32\PSHED.dll
0x00C55000 \SystemRoot\system32\CLFS.SYS
0x00CB3000 \SystemRoot\system32\CI.dll
0x00E13000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EB7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC6000 \SystemRoot\system32\drivers\ACPI.sys
0x00F1D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F26000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F30000 \SystemRoot\system32\drivers\pci.sys
0x00F63000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F70000 \SystemRoot\System32\drivers\partmgr.sys
0x00F85000 \SystemRoot\system32\drivers\volmgr.sys
0x00F9A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FF6000 \SystemRoot\system32\drivers\pciide.sys
0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00D73000 \SystemRoot\System32\drivers\mountmgr.sys
0x00D8D000 \SystemRoot\system32\drivers\vmbus.sys
0x00DC9000 \SystemRoot\system32\drivers\winhv.sys
0x00DDD000 \SystemRoot\system32\drivers\atapi.sys
0x00C00000 \SystemRoot\system32\drivers\ataport.SYS
0x00DE6000 \SystemRoot\system32\drivers\amdxata.sys
0x01035000 \SystemRoot\system32\drivers\fltmgr.sys
0x01081000 \SystemRoot\system32\drivers\fileinfo.sys
0x01095000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01229000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010AA000 \SystemRoot\System32\Drivers\msrpc.sys
0x013CC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01108000 \SystemRoot\System32\Drivers\cng.sys
0x013E7000 \SystemRoot\System32\drivers\pcw.sys
0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014BC000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016E0000 \SystemRoot\System32\drivers\tcpip.sys
0x018E4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0192E000 \SystemRoot\system32\drivers\vmstorfl.sys
0x0193E000 \SystemRoot\system32\drivers\volsnap.sys
0x0198A000 \SystemRoot\System32\Drivers\spldr.sys
0x01992000 \SystemRoot\System32\drivers\rdyboost.sys
0x019CC000 \SystemRoot\System32\Drivers\mup.sys
0x019DE000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0163A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01650000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x016B6000 \SystemRoot\system32\drivers\cdrom.sys
0x019E7000 \SystemRoot\System32\Drivers\Null.SYS
0x019F0000 \SystemRoot\System32\Drivers\Beep.SYS
0x0148B000 \SystemRoot\System32\drivers\vga.sys
0x015AF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015D4000 \SystemRoot\System32\drivers\watchdog.sys
0x019F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015E4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015ED000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01499000 \SystemRoot\System32\Drivers\Msfs.SYS
0x014A4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0117A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0120A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04210000 \SystemRoot\system32\drivers\afd.sys
0x04299000 \SystemRoot\System32\DRIVERS\netbt.sys
0x042DE000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x042E9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x042F2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04318000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04327000 \SystemRoot\system32\DRIVERS\serial.sys
0x04344000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0435F000 \SystemRoot\system32\drivers\termdd.sys
0x04373000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x043C4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x043D0000 \SystemRoot\system32\drivers\mssmbios.sys
0x043DB000 \SystemRoot\System32\drivers\discache.sys
0x040B0000 \SystemRoot\system32\drivers\csc.sys
0x04133000 \SystemRoot\System32\Drivers\dfsc.sys
0x04151000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04162000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04188000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x0419D000 \SystemRoot\system32\drivers\wmiacpi.sys
0x130F6000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x13D6D000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x13000000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x13D72000 \SystemRoot\System32\drivers\dxgmms1.sys
0x13DB8000 \SystemRoot\system32\drivers\HDAudBus.sys
0x13DDC000 \SystemRoot\System32\Drivers\EtronXHCI.sys
0x04000000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x13DF0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x041A6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0408D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0409E000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0119C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x043EA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04200000 \SystemRoot\system32\drivers\CompositeBus.sys
0x011BA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x011D0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x01217000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x01000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0488E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x048A9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x048CA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x048E4000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x048EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x048FE000 \SystemRoot\system32\drivers\swenum.sys
0x04900000 \SystemRoot\system32\drivers\ks.sys
0x04943000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04955000 \SystemRoot\System32\Drivers\EtronHub3.sys
0x04963000 \SystemRoot\System32\Drivers\USBD.SYS
0x04965000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x049BF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04800000 \SystemRoot\system32\drivers\nvhda64v.sys
0x0482D000 \SystemRoot\system32\drivers\portcls.sys
0x0486A000 \SystemRoot\system32\drivers\drmk.sys
0x049D4000 \SystemRoot\system32\drivers\ksthunk.sys
0x05ED2000 \SystemRoot\system32\drivers\HdAudio.sys
0x05F2E000 \SystemRoot\system32\DRIVERS\udfs.sys
0x05F83000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05F91000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05F9D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05FA6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05FB9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x05FD6000 \SystemRoot\System32\drivers\Dxapi.sys
0x05FE2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05E00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05E19000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05E22000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05E30000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05E3D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x05E4B000 \SystemRoot\system32\drivers\luafv.sys
0x05E6E000 \SystemRoot\system32\drivers\WudfPf.sys
0x05E8F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05EA4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x064D8000 \SystemRoot\system32\drivers\HTTP.sys
0x065A1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x065BF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0642D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0647B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06660000 \SystemRoot\system32\drivers\peauth.sys
0x06706000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06711000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06742000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06754000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06AB7000 \SystemRoot\System32\DRIVERS\srv.sys
0x06B4F000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
0x77820000 \Windows\System32\ntdll.dll
0x47950000 \Windows\System32\smss.exe
0xFFB40000 \Windows\System32\apisetschema.dll

Processes (total 59):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
412 csrss.exe
468 C:\Windows\System32\wininit.exe
492 csrss.exe
532 C:\Windows\System32\services.exe
552 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
596 C:\Windows\System32\winlogon.exe
704 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\nvvsvc.exe
792 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
836 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
420 C:\Windows\System32\audiodg.exe
1028 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1188 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1200 C:\Windows\System32\nvvsvc.exe
1336 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
1584 C:\Windows\System32\spoolsv.exe
1612 C:\Windows\System32\svchost.exe
1744 C:\Windows\SysWOW64\PnkBstrA.exe
1796 C:\Windows\System32\svchost.exe
1820 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1288 C:\Windows\System32\SearchIndexer.exe
2196 unsecapp.exe
2264 WmiPrvSE.exe
2300 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2484 dllhost.exe
2664 C:\Windows\System32\SearchProtocolHost.exe
2684 C:\Windows\System32\SearchFilterHost.exe
2588 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
2608 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
2224 C:\Windows\System32\taskhost.exe
2556 C:\Windows\System32\dwm.exe
2800 C:\Windows\explorer.exe
2984 C:\Program Files (x86)\Steam\steam.exe
3060 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
2388 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2244 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
2828 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3104 C:\Windows\System32\svchost.exe
3208 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3300 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
3448 WmiPrvSE.exe
3736 C:\Program Files\Windows Media Player\wmpnetwk.exe
3572 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
3192 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
1320 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
3400 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
2512 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
2436 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
2316 C:\Users\Steve\Downloads\MBRCheck.exe
696 C:\Windows\System32\conhost.exe
3904 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST500DM002-1BD142, Rev: KC45

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Farbar Service Scanner Version: 14-02-2012
Ran by Steve (administrator) on 20-02-2012 at 23:04:29
Running from "C:\Users\Steve\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-14 23:52] - [2011-12-27 22:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 21 February 2012 - 07:24 AM

Please visit www.virustotal.com and upload the following file:
C:\Windows\System32\drivers\afd.sys

Wait until scan finished and then copy/paste the URL in your next reply here.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 snotbowst

snotbowst

    New Member

  • Members
  • Pip
  • 6 posts

Posted 21 February 2012 - 07:53 PM

For some reason, I can not select that file to be uploaded in the dialogue box offered on the website. The file is definitely there, just not selectable for scanning.

#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 22 February 2012 - 08:58 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 snotbowst

snotbowst

    New Member

  • Members
  • Pip
  • 6 posts

Posted 24 February 2012 - 01:55 PM

<p> </p>
<div>ESETSmartInstaller@High as CAB hook log:</div>
<div>OnlineScanner64.ocx - registred OK</div>
<div>OnlineScanner.ocx - registred OK</div>
<div> </div>
<div> </div>
<div>This is log.txt</div>


#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 25 February 2012 - 06:17 AM

Please manually delete your TDSSKiller, download a new fresh copy and run it again. Post the log file in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 27 February 2012 - 12:32 PM

TCP: DhcpNameServer = 85.195.91.34


Reset your router.

  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 01 March 2012 - 05:20 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users