Ziante

Members
  • Content count

    16
  • Joined

  • Last visited

About Ziante

  • Rank
    New Member
  1. Thankyou for your help, the service that you provide is impeccable. i am increadibly greatful.
  2. Hi With regards to the ESET one i forgot to uncheck the remove infected files box with all the switching between windows, but have posted the log anyway. apologies Attach.zip DDS.txt ESET.txt
  3. ComboFix 12-03-10.02 - Ria 12/03/2012 12:08:57.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2047.1411 [GMT 0:00] Running from: c:\users\Ria\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 ))))))))))))))))))))))))))))))) . . 2012-03-12 12:15 . 2012-03-12 12:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-03 22:12 . 2012-03-12 12:15 -------- d-----w- c:\users\Ria\AppData\Local\temp 2012-03-03 21:51 . 2012-03-03 21:51 -------- d-----w- c:\program files\AVG 2012-02-29 21:53 . 2012-02-29 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-29 21:53 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-17 14:07 . 2012-02-17 14:07 -------- d-----w- C:\found.000 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-19 18:33 . 2012-01-19 18:33 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2012-01-01 21:06 . 2012-01-01 21:06 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-01-01 21:06 . 2012-01-01 21:06 161792 ----a-w- c:\windows\system32\msls31.dll 2012-01-01 21:06 . 2012-01-01 21:06 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-01-01 21:06 . 2012-01-01 21:06 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-01-01 21:06 . 2012-01-01 21:06 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-01-01 21:06 . 2012-01-01 21:06 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-01-01 21:06 . 2012-01-01 21:06 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-01-01 21:06 . 2012-01-01 21:06 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-01-01 21:06 . 2012-01-01 21:06 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-01-01 21:06 . 2012-01-01 21:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-01-01 21:06 . 2012-01-01 21:06 367104 ----a-w- c:\windows\system32\html.iec 2012-01-01 21:06 . 2012-01-01 21:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-01-01 21:06 . 2012-01-01 21:06 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-01-01 21:06 . 2012-01-01 21:06 152064 ----a-w- c:\windows\system32\wextract.exe 2012-01-01 21:06 . 2012-01-01 21:06 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-01-01 21:06 . 2012-01-01 21:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-01-01 21:06 . 2012-01-01 21:06 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-01-01 21:06 . 2012-01-01 21:06 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-01-01 21:06 . 2012-01-01 21:06 1798144 ----a-w- c:\windows\system32\jscript9.dll 2012-01-01 21:06 . 2012-01-01 21:06 11776 ----a-w- c:\windows\system32\mshta.exe 2012-01-01 21:06 . 2012-01-01 21:06 101888 ----a-w- c:\windows\system32\admparse.dll 2012-01-01 21:05 . 2012-01-01 21:05 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2012-01-01 21:05 . 2012-01-01 21:05 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2012-01-01 21:05 . 2012-01-01 21:05 107520 ----a-w- c:\windows\system32\cdd.dll 2012-02-17 09:41 . 2012-01-02 15:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-06 137536] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "Spotify"="c:\users\Ria\AppData\Roaming\Spotify\Spotify.exe" [2012-01-21 4027056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-09 1699328] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736] "QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" [2011-04-13 1000768] "SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2012\Inicio.exe" [2011-02-02 70464] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2010-03-24 12:55 55552 ----a-w- c:\windows\System32\avldr.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176] R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088] R3 MSICDSetup;MSICDSetup;D:\CDriver.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400] S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2010-06-22 26696] S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2011-02-21 37448] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2010-05-21 54344] S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2011-01-31 83528] S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2012-01-19 13880] S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2009-09-25 53256] S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2009-09-25 22024] S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2010-09-09 193864] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2009-09-25 14:54 159112] S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2010-05-06 163848] S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2012\PskSvc.exe [2010-08-16 28992] S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2009-09-25 46856] S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\DRIVERS\neti1644.sys [2010-09-01 201032] S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x] S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1086976] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . Contents of the 'Scheduled Tasks' folder . 2012-03-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2225925012-3545833670-1615589047-1000Core.job - c:\users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-06 20:55] . 2012-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2225925012-3545833670-1615589047-1000UA.job - c:\users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-06 20:55] . 2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 10:22] . 2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 10:22] . 2012-03-12 c:\windows\Tasks\ZSAWUIJTRR.job - c:\windows\system32\fdWSDU.dll [2011-12-27 12:20] . . ------- Supplementary Scan ------- . uLocal Page = \blank.htm uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab FF - ProfilePath - c:\users\Ria\AppData\Roaming\Mozilla\Firefox\Profiles\0ickz2ae.default\ FF - prefs.js: browser.search.selectedEngine - ALOT Search FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bdbc2833b-7422-4396-be4b-5f87d95e583a%7D&mid=8c20324c161c47d69bdb9128c0850950-a283189a6064e30ab3943c3860298fc9f4e03249&ds=AVG&v=9.0.0.23〈=en&pr=fr&d=2012-01-02%2015%3A56%3A38&sap=ku&q= FF - user.js: yahoo.homepage.dontask - true . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5652) c:\program files\Panda Security\Panda Internet Security 2012\pavoepl.dll . Completion time: 2012-03-12 12:16:53 ComboFix-quarantined-files.txt 2012-03-12 12:16 ComboFix2.txt 2012-03-03 22:12 . Pre-Run: 135,926,558,720 bytes free Post-Run: 135,510,441,984 bytes free . - - End Of File - - E77465AAAD7103CB871AF8A50D3811B4
  4. Still getting the stupid AVG anti virus message
  5. Just as an addition, my browser is no longer redirecting, but i understand that this doesnt necessarily mean my system is clean. Thanks
  6. these are my options
  7. Right i have pressed del after pressing the power button which has taken me to what i assume to be the bios menu. i looked through the options there and found the m-Flash one when i went in it says disabled with the options to select boot or something else, havent selected any yet as i wanted to make sure i was in the right place.
  8. Hi Again, I have managed to get a boot menu up by pressing F4, when i press F8 to go to advanced options i get the following choices Safe mode Safe mode with networking safe mode with command prompt Enable boot log Enable low resolution video Last known good configeration directory services res mode debugging mode diasble auto restart after system error Disable driver signature enforcement but no boot from usb Regards
  9. In which case i will have to go out and buy one which i wont be able to do until wednesday so i will be a little quiet for 2 days. Thanks for your help and understanding.
  10. i have followed your instructions up until the booting from USB, i am pressing F12 but it is having no effect, is it possible that it may not be working because my keyboard is wireless USB? Sorry if that is a really stupid question but i can't make sense of it. Thanks
  11. When running comboxfix as you have stated above it is still saying that AVG 2011 is running. i have run the removal tool and rebooted a number of times with no success, however the removal tool has generated a log. after i ran combofix and posted the log last time, my system was a little unstable and took a log time to reboot but this seems to have rectified itself now. The redirection continues to occur.
  12. I was alerted to the presence of AVG Anti-Virus Free Edition 2011 but could not find the program to disable it, as far as i was aware it had been uninstalled when i purchased Panda internet security 2012 ComboFix 12-03-03.01 - Ria 03/03/2012 22:02:14.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2047.952 [GMT 0:00] Running from: c:\users\Ria\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\oobe\audit.exe c:\windows\system32\oobe\msoobe.exe c:\windows\system32\oobe\oobeldr.exe c:\windows\system32\oobe\Setup.exe c:\windows\system32\oobe\setupsqm.exe c:\windows\system32\oobe\windeploy.exe c:\windows\system32\roboot.exe . . ((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 ))))))))))))))))))))))))))))))) . . 2012-03-03 22:09 . 2012-03-03 22:09 -------- d-----w- c:\users\Ria\AppData\Local\temp 2012-03-03 22:09 . 2012-03-03 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-03 21:51 . 2012-03-03 21:51 -------- d-----w- c:\program files\AVG 2012-02-29 21:53 . 2012-02-29 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-29 21:53 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-17 14:07 . 2012-02-17 14:07 -------- d-----w- C:\found.000 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-19 18:33 . 2012-01-19 18:33 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2012-01-01 21:06 . 2012-01-01 21:06 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-01-01 21:06 . 2012-01-01 21:06 161792 ----a-w- c:\windows\system32\msls31.dll 2012-01-01 21:06 . 2012-01-01 21:06 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-01-01 21:06 . 2012-01-01 21:06 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-01-01 21:06 . 2012-01-01 21:06 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-01-01 21:06 . 2012-01-01 21:06 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-01-01 21:06 . 2012-01-01 21:06 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-01-01 21:06 . 2012-01-01 21:06 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-01-01 21:06 . 2012-01-01 21:06 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-01-01 21:06 . 2012-01-01 21:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-01-01 21:06 . 2012-01-01 21:06 367104 ----a-w- c:\windows\system32\html.iec 2012-01-01 21:06 . 2012-01-01 21:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-01-01 21:06 . 2012-01-01 21:06 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-01-01 21:06 . 2012-01-01 21:06 152064 ----a-w- c:\windows\system32\wextract.exe 2012-01-01 21:06 . 2012-01-01 21:06 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-01-01 21:06 . 2012-01-01 21:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-01-01 21:06 . 2012-01-01 21:06 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-01-01 21:06 . 2012-01-01 21:06 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-01-01 21:06 . 2012-01-01 21:06 1798144 ----a-w- c:\windows\system32\jscript9.dll 2012-01-01 21:06 . 2012-01-01 21:06 11776 ----a-w- c:\windows\system32\mshta.exe 2012-01-01 21:06 . 2012-01-01 21:06 101888 ----a-w- c:\windows\system32\admparse.dll 2012-01-01 21:05 . 2012-01-01 21:05 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2012-01-01 21:05 . 2012-01-01 21:05 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2012-01-01 21:05 . 2012-01-01 21:05 107520 ----a-w- c:\windows\system32\cdd.dll 2012-02-17 09:41 . 2012-01-02 15:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-06 137536] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "Spotify"="c:\users\Ria\AppData\Roaming\Spotify\Spotify.exe" [2012-01-21 4027056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-09 1699328] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736] "QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" [2011-04-13 1000768] "SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2012\Inicio.exe" [2011-02-02 70464] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2010-03-24 12:55 55552 ----a-w- c:\windows\System32\avldr.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176] R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088] R3 MSICDSetup;MSICDSetup;D:\CDriver.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400] S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2010-06-22 26696] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2011-02-21 37448] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2010-05-21 54344] S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2011-01-31 83528] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2012-01-19 13880] S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2009-09-25 53256] S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2009-09-25 22024] S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2010-09-09 193864] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2009-09-25 14:54 159112] S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2010-05-06 163848] S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2012\PskSvc.exe [2010-08-16 28992] S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2009-09-25 46856] S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\DRIVERS\neti1644.sys [2010-09-01 201032] S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x] S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1086976] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x] S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - AVGIDSDRIVER *NewlyCreated* - AVGIDSFILTER *NewlyCreated* - AVGIDSSHIM *NewlyCreated* - AVGLDX86 *NewlyCreated* - AVGMFX86 *NewlyCreated* - AVGTDIX . Contents of the 'Scheduled Tasks' folder . 2012-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2225925012-3545833670-1615589047-1000Core.job - c:\users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-06 20:55] . 2012-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2225925012-3545833670-1615589047-1000UA.job - c:\users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-06 20:55] . 2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 10:22] . 2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 10:22] . 2012-03-03 c:\windows\Tasks\ZSAWUIJTRR.job - c:\windows\system32\fdWSDU.dll [2011-12-27 12:20] . . ------- Supplementary Scan ------- . uLocal Page = \blank.htm uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab FF - ProfilePath - c:\users\Ria\AppData\Roaming\Mozilla\Firefox\Profiles\0ickz2ae.default\ FF - prefs.js: browser.search.selectedEngine - ALOT Search FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bdbc2833b-7422-4396-be4b-5f87d95e583a%7D&mid=8c20324c161c47d69bdb9128c0850950-a283189a6064e30ab3943c3860298fc9f4e03249&ds=AVG&v=9.0.0.23〈=en&pr=fr&d=2012-01-02%2015%3A56%3A38&sap=ku&q= FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-BHR - c:\program files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-03-03 22:12:25 ComboFix-quarantined-files.txt 2012-03-03 22:12 . Pre-Run: 137,131,966,464 bytes free Post-Run: 137,158,283,264 bytes free . - - End Of File - - 83F4A763288A6B6338D4D0B68C2BED53
  13. 19:58:50.0255 4336 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07 19:58:50.0682 4336 ============================================================ 19:58:50.0682 4336 Current date / time: 2012/03/03 19:58:50.0682 19:58:50.0682 4336 SystemInfo: 19:58:50.0682 4336 19:58:50.0682 4336 OS Version: 6.1.7600 ServicePack: 0.0 19:58:50.0682 4336 Product type: Workstation 19:58:50.0683 4336 ComputerName: ZIANTE-PC 19:58:50.0683 4336 UserName: Ria 19:58:50.0683 4336 Windows directory: C:\Windows 19:58:50.0683 4336 System windows directory: C:\Windows 19:58:50.0683 4336 Processor architecture: Intel x86 19:58:50.0683 4336 Number of processors: 2 19:58:50.0683 4336 Page size: 0x1000 19:58:50.0683 4336 Boot type: Normal boot 19:58:50.0683 4336 ============================================================ 19:58:51.0611 4336 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 19:58:51.0631 4336 \Device\Harddisk0\DR0: 19:58:51.0631 4336 MBR used 19:58:51.0631 4336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 19:58:51.0631 4336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800 19:58:51.0651 4336 Initialize success 19:58:51.0651 4336 ============================================================ 19:58:53.0567 4948 ============================================================ 19:58:53.0567 4948 Scan started 19:58:53.0567 4948 Mode: Manual; 19:58:53.0567 4948 ============================================================ 19:58:54.0378 4948 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 19:58:54.0380 4948 1394ohci - ok 19:58:54.0435 4948 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 19:58:54.0438 4948 ACPI - ok 19:58:54.0527 4948 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 19:58:54.0527 4948 AcpiPmi - ok 19:58:54.0661 4948 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 19:58:54.0665 4948 adp94xx - ok 19:58:54.0770 4948 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 19:58:54.0774 4948 adpahci - ok 19:58:54.0800 4948 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 19:58:54.0802 4948 adpu320 - ok 19:58:54.0875 4948 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 19:58:54.0879 4948 AFD - ok 19:58:54.0920 4948 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 19:58:54.0921 4948 agp440 - ok 19:58:54.0997 4948 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 19:58:54.0999 4948 aic78xx - ok 19:58:55.0097 4948 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 19:58:55.0099 4948 aliide - ok 19:58:55.0124 4948 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 19:58:55.0126 4948 amdagp - ok 19:58:55.0140 4948 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 19:58:55.0141 4948 amdide - ok 19:58:55.0177 4948 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 19:58:55.0179 4948 AmdK8 - ok 19:58:55.0217 4948 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 19:58:55.0219 4948 AmdPPM - ok 19:58:55.0257 4948 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 19:58:55.0260 4948 amdsata - ok 19:58:55.0289 4948 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 19:58:55.0292 4948 amdsbs - ok 19:58:55.0328 4948 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 19:58:55.0330 4948 amdxata - ok 19:58:55.0380 4948 AmFSM (36b58a8bafe100de90c87a3c0e56a3f2) C:\Windows\system32\DRIVERS\amm8660.sys 19:58:55.0382 4948 AmFSM - ok 19:58:55.0500 4948 APPFLT (6b467e791ec470d010bd50e5e98bf467) C:\Windows\system32\Drivers\APPFLT.SYS 19:58:55.0502 4948 APPFLT - ok 19:58:55.0538 4948 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 19:58:55.0540 4948 AppID - ok 19:58:55.0648 4948 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 19:58:55.0651 4948 arc - ok 19:58:55.0676 4948 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 19:58:55.0678 4948 arcsas - ok 19:58:55.0727 4948 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 19:58:55.0728 4948 AsyncMac - ok 19:58:55.0741 4948 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 19:58:55.0741 4948 atapi - ok 19:58:55.0805 4948 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys 19:58:55.0830 4948 athr - ok 19:58:55.0948 4948 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys 19:58:55.0950 4948 AtiPcie - ok 19:58:56.0040 4948 AvFlt - ok 19:58:56.0097 4948 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 19:58:56.0102 4948 b06bdrv - ok 19:58:56.0233 4948 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 19:58:56.0236 4948 b57nd60x - ok 19:58:56.0307 4948 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 19:58:56.0308 4948 Beep - ok 19:58:56.0339 4948 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 19:58:56.0340 4948 blbdrive - ok 19:58:56.0471 4948 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 19:58:56.0473 4948 bowser - ok 19:58:56.0491 4948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:58:56.0495 4948 BrFiltLo - ok 19:58:56.0520 4948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:58:56.0520 4948 BrFiltUp - ok 19:58:56.0584 4948 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 19:58:56.0588 4948 Brserid - ok 19:58:56.0597 4948 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 19:58:56.0599 4948 BrSerWdm - ok 19:58:56.0616 4948 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:58:56.0618 4948 BrUsbMdm - ok 19:58:56.0661 4948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 19:58:56.0663 4948 BrUsbSer - ok 19:58:56.0678 4948 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 19:58:56.0679 4948 BTHMODEM - ok 19:58:56.0754 4948 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 19:58:56.0756 4948 cdfs - ok 19:58:56.0845 4948 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 19:58:56.0848 4948 cdrom - ok 19:58:56.0965 4948 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 19:58:56.0967 4948 circlass - ok 19:58:57.0001 4948 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 19:58:57.0005 4948 CLFS - ok 19:58:57.0162 4948 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 19:58:57.0163 4948 CmBatt - ok 19:58:57.0182 4948 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 19:58:57.0184 4948 cmdide - ok 19:58:57.0205 4948 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 19:58:57.0210 4948 CNG - ok 19:58:57.0370 4948 ComFiltr (d9c33e68f61f27d8206f65b0190dc5cf) C:\Windows\system32\DRIVERS\COMFiltr.sys 19:58:57.0371 4948 ComFiltr - ok 19:58:57.0405 4948 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 19:58:57.0407 4948 Compbatt - ok 19:58:57.0497 4948 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 19:58:57.0498 4948 CompositeBus - ok 19:58:57.0548 4948 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 19:58:57.0549 4948 crcdisk - ok 19:58:57.0645 4948 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 19:58:57.0647 4948 DfsC - ok 19:58:57.0668 4948 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 19:58:57.0669 4948 discache - ok 19:58:57.0731 4948 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 19:58:57.0732 4948 Disk - ok 19:58:57.0805 4948 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 19:58:57.0806 4948 drmkaud - ok 19:58:57.0892 4948 DSAFLT (5bb0f91ffd84057d094d106d9ff53298) C:\Windows\system32\Drivers\DSAFLT.SYS 19:58:57.0893 4948 DSAFLT - ok 19:58:57.0945 4948 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys 19:58:57.0963 4948 DXGKrnl - ok 19:58:58.0150 4948 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 19:58:58.0213 4948 ebdrv - ok 19:58:58.0290 4948 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 19:58:58.0295 4948 elxstor - ok 19:58:58.0316 4948 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 19:58:58.0316 4948 ErrDev - ok 19:58:58.0443 4948 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 19:58:58.0448 4948 exfat - ok 19:58:58.0478 4948 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 19:58:58.0480 4948 fastfat - ok 19:58:58.0593 4948 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 19:58:58.0596 4948 fdc - ok 19:58:58.0622 4948 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 19:58:58.0624 4948 FileInfo - ok 19:58:58.0635 4948 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 19:58:58.0636 4948 Filetrace - ok 19:58:58.0661 4948 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 19:58:58.0662 4948 flpydisk - ok 19:58:58.0694 4948 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 19:58:58.0697 4948 FltMgr - ok 19:58:58.0831 4948 FNETMON (a38b9ba7a4c17f7dce9ec4e8f7870026) C:\Windows\system32\Drivers\fnetmon.SYS 19:58:58.0832 4948 FNETMON - ok 19:58:58.0876 4948 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 19:58:58.0877 4948 FsDepends - ok 19:58:58.0897 4948 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 19:58:58.0898 4948 Fs_Rec - ok 19:58:58.0941 4948 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 19:58:58.0944 4948 fvevol - ok 19:58:59.0002 4948 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:58:59.0004 4948 gagp30kx - ok 19:58:59.0051 4948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:58:59.0052 4948 GEARAspiWDM - ok 19:58:59.0192 4948 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 19:58:59.0194 4948 hcw85cir - ok 19:58:59.0317 4948 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 19:58:59.0322 4948 HdAudAddService - ok 19:58:59.0447 4948 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 19:58:59.0451 4948 HDAudBus - ok 19:58:59.0480 4948 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 19:58:59.0482 4948 HidBatt - ok 19:58:59.0506 4948 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 19:58:59.0509 4948 HidBth - ok 19:58:59.0546 4948 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 19:58:59.0548 4948 HidIr - ok 19:58:59.0604 4948 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 19:58:59.0606 4948 HidUsb - ok 19:58:59.0643 4948 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 19:58:59.0645 4948 HpSAMD - ok 19:58:59.0768 4948 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 19:58:59.0775 4948 HTTP - ok 19:58:59.0793 4948 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 19:58:59.0794 4948 hwpolicy - ok 19:58:59.0872 4948 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 19:58:59.0874 4948 i8042prt - ok 19:58:59.0906 4948 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 19:58:59.0911 4948 iaStorV - ok 19:58:59.0982 4948 IDSFLT (c4e887cf7ba2d3624233231aecd34c9d) C:\Windows\system32\Drivers\IDSFLT.SYS 19:58:59.0985 4948 IDSFLT - ok 19:59:00.0105 4948 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 19:59:00.0108 4948 iirsp - ok 19:59:00.0144 4948 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 19:59:00.0145 4948 intelide - ok 19:59:00.0188 4948 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 19:59:00.0190 4948 intelppm - ok 19:59:00.0258 4948 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:59:00.0260 4948 IpFilterDriver - ok 19:59:00.0323 4948 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 19:59:00.0325 4948 IPMIDRV - ok 19:59:00.0357 4948 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 19:59:00.0359 4948 IPNAT - ok 19:59:00.0493 4948 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 19:59:00.0496 4948 IRENUM - ok 19:59:00.0531 4948 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 19:59:00.0534 4948 isapnp - ok 19:59:00.0565 4948 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 19:59:00.0568 4948 iScsiPrt - ok 19:59:00.0658 4948 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 19:59:00.0661 4948 kbdclass - ok 19:59:00.0785 4948 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 19:59:00.0788 4948 kbdhid - ok 19:59:00.0911 4948 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys 19:59:00.0914 4948 KMWDFILTERx86 - ok 19:59:00.0960 4948 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 19:59:00.0962 4948 KSecDD - ok 19:59:01.0000 4948 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 19:59:01.0002 4948 KSecPkg - ok 19:59:01.0051 4948 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\Windows\system32\DRIVERS\L1C62x86.sys 19:59:01.0053 4948 L1C - ok 19:59:01.0121 4948 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 19:59:01.0123 4948 lltdio - ok 19:59:01.0170 4948 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:59:01.0172 4948 LSI_FC - ok 19:59:01.0188 4948 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:59:01.0190 4948 LSI_SAS - ok 19:59:01.0214 4948 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:59:01.0216 4948 LSI_SAS2 - ok 19:59:01.0255 4948 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:59:01.0257 4948 LSI_SCSI - ok 19:59:01.0282 4948 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 19:59:01.0284 4948 luafv - ok 19:59:01.0388 4948 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 19:59:01.0390 4948 MBAMProtector - ok 19:59:01.0541 4948 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 19:59:01.0544 4948 megasas - ok 19:59:01.0673 4948 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 19:59:01.0677 4948 MegaSR - ok 19:59:01.0799 4948 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 19:59:01.0801 4948 Modem - ok 19:59:01.0853 4948 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 19:59:01.0854 4948 monitor - ok 19:59:01.0940 4948 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 19:59:01.0942 4948 mouclass - ok 19:59:02.0045 4948 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 19:59:02.0047 4948 mouhid - ok 19:59:02.0077 4948 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 19:59:02.0079 4948 mountmgr - ok 19:59:02.0117 4948 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 19:59:02.0119 4948 mpio - ok 19:59:02.0140 4948 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 19:59:02.0142 4948 mpsdrv - ok 19:59:02.0168 4948 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 19:59:02.0171 4948 MRxDAV - ok 19:59:02.0264 4948 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:59:02.0268 4948 mrxsmb - ok 19:59:02.0288 4948 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:59:02.0292 4948 mrxsmb10 - ok 19:59:02.0316 4948 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:59:02.0319 4948 mrxsmb20 - ok 19:59:02.0475 4948 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 19:59:02.0478 4948 msahci - ok 19:59:02.0617 4948 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 19:59:02.0620 4948 msdsm - ok 19:59:02.0751 4948 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 19:59:02.0757 4948 Msfs - ok 19:59:02.0794 4948 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 19:59:02.0796 4948 mshidkmdf - ok 19:59:02.0814 4948 MSICDSetup - ok 19:59:02.0884 4948 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 19:59:02.0885 4948 msisadrv - ok 19:59:03.0031 4948 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 19:59:03.0032 4948 MSKSSRV - ok 19:59:03.0078 4948 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 19:59:03.0078 4948 MSPCLOCK - ok 19:59:03.0092 4948 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 19:59:03.0092 4948 MSPQM - ok 19:59:03.0234 4948 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 19:59:03.0243 4948 MsRPC - ok 19:59:03.0332 4948 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 19:59:03.0334 4948 mssmbios - ok 19:59:03.0462 4948 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 19:59:03.0462 4948 MSTEE - ok 19:59:03.0490 4948 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 19:59:03.0491 4948 MTConfig - ok 19:59:03.0507 4948 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 19:59:03.0509 4948 Mup - ok 19:59:03.0622 4948 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 19:59:03.0626 4948 NativeWifiP - ok 19:59:03.0699 4948 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 19:59:03.0709 4948 NDIS - ok 19:59:03.0872 4948 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 19:59:03.0874 4948 NdisCap - ok 19:59:03.0901 4948 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 19:59:03.0902 4948 NdisTapi - ok 19:59:03.0943 4948 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 19:59:03.0945 4948 Ndisuio - ok 19:59:03.0964 4948 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 19:59:03.0967 4948 NdisWan - ok 19:59:03.0983 4948 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 19:59:03.0985 4948 NDProxy - ok 19:59:04.0030 4948 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 19:59:04.0031 4948 NetBIOS - ok 19:59:04.0048 4948 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 19:59:04.0050 4948 NetBT - ok 19:59:04.0174 4948 NETFLTDI (d8f44fc13db193c9379297973ee42272) C:\Windows\system32\Drivers\NETFLTDI.SYS 19:59:04.0177 4948 NETFLTDI - ok 19:59:04.0289 4948 NETIMFLT01060044 (9dee136c4863d5065437d07262bb5c40) C:\Windows\system32\DRIVERS\neti1644.sys 19:59:04.0292 4948 NETIMFLT01060044 - ok 19:59:04.0440 4948 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 19:59:04.0443 4948 nfrd960 - ok 19:59:04.0481 4948 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 19:59:04.0482 4948 Npfs - ok 19:59:04.0538 4948 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 19:59:04.0540 4948 nsiproxy - ok 19:59:04.0618 4948 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 19:59:04.0643 4948 Ntfs - ok 19:59:04.0683 4948 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 19:59:04.0684 4948 Null - ok 19:59:04.0974 4948 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys 19:59:05.0149 4948 nvlddmkm - ok 19:59:05.0217 4948 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 19:59:05.0221 4948 nvraid - ok 19:59:05.0243 4948 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 19:59:05.0247 4948 nvstor - ok 19:59:05.0338 4948 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 19:59:05.0341 4948 nv_agp - ok 19:59:05.0355 4948 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 19:59:05.0358 4948 ohci1394 - ok 19:59:05.0512 4948 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 19:59:05.0515 4948 Parport - ok 19:59:05.0541 4948 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 19:59:05.0543 4948 partmgr - ok 19:59:05.0556 4948 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 19:59:05.0557 4948 Parvdm - ok 19:59:05.0642 4948 pavboot (55d654258a9c509b671310c314bd30b4) C:\Windows\system32\Drivers\pavboot.sys 19:59:05.0643 4948 pavboot - ok 19:59:05.0732 4948 PavProc (a110035fdc4b8f8f0cd5e71d031274e1) C:\Windows\system32\DRIVERS\PavProc.sys 19:59:05.0737 4948 PavProc - ok 19:59:05.0803 4948 PavSRK.sys - ok 19:59:05.0843 4948 PavTPK.sys - ok 19:59:05.0908 4948 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 19:59:05.0911 4948 pci - ok 19:59:06.0016 4948 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 19:59:06.0017 4948 pciide - ok 19:59:06.0061 4948 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 19:59:06.0064 4948 pcmcia - ok 19:59:06.0160 4948 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 19:59:06.0162 4948 pcw - ok 19:59:06.0252 4948 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 19:59:06.0268 4948 PEAUTH - ok 19:59:06.0433 4948 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 19:59:06.0438 4948 PptpMiniport - ok 19:59:06.0488 4948 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 19:59:06.0493 4948 Processor - ok 19:59:06.0609 4948 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 19:59:06.0611 4948 Psched - ok 19:59:06.0781 4948 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 19:59:06.0803 4948 ql2300 - ok 19:59:06.0916 4948 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 19:59:06.0918 4948 ql40xx - ok 19:59:06.0946 4948 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 19:59:06.0948 4948 QWAVEdrv - ok 19:59:06.0967 4948 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 19:59:06.0967 4948 RasAcd - ok 19:59:07.0089 4948 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:59:07.0091 4948 RasAgileVpn - ok 19:59:07.0205 4948 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:59:07.0208 4948 Rasl2tp - ok 19:59:07.0337 4948 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 19:59:07.0343 4948 RasPppoe - ok 19:59:07.0465 4948 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 19:59:07.0469 4948 RasSstp - ok 19:59:07.0506 4948 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 19:59:07.0510 4948 rdbss - ok 19:59:07.0524 4948 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 19:59:07.0526 4948 rdpbus - ok 19:59:07.0610 4948 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:59:07.0610 4948 RDPCDD - ok 19:59:07.0725 4948 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 19:59:07.0726 4948 RDPENCDD - ok 19:59:07.0776 4948 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 19:59:07.0776 4948 RDPREFMP - ok 19:59:07.0827 4948 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 19:59:07.0829 4948 RDPWD - ok 19:59:07.0913 4948 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 19:59:07.0916 4948 rdyboost - ok 19:59:08.0039 4948 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys 19:59:08.0041 4948 RimUsb - ok 19:59:08.0125 4948 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 19:59:08.0127 4948 rspndr - ok 19:59:08.0217 4948 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 19:59:08.0219 4948 sbp2port - ok 19:59:08.0258 4948 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 19:59:08.0259 4948 scfilter - ok 19:59:08.0298 4948 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 19:59:08.0299 4948 secdrv - ok 19:59:08.0445 4948 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 19:59:08.0448 4948 Serenum - ok 19:59:08.0503 4948 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 19:59:08.0505 4948 Serial - ok 19:59:08.0523 4948 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 19:59:08.0525 4948 sermouse - ok 19:59:08.0562 4948 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 19:59:08.0563 4948 sffdisk - ok 19:59:08.0572 4948 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 19:59:08.0573 4948 sffp_mmc - ok 19:59:08.0608 4948 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 19:59:08.0609 4948 sffp_sd - ok 19:59:08.0626 4948 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 19:59:08.0628 4948 sfloppy - ok 19:59:08.0772 4948 ShldDrv (32d6f7632234f0354c79e915ca4613d4) C:\Windows\system32\DRIVERS\ShlDrv51.sys 19:59:08.0775 4948 ShldDrv - ok 19:59:08.0816 4948 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 19:59:08.0819 4948 sisagp - ok 19:59:08.0916 4948 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:59:08.0918 4948 SiSRaid2 - ok 19:59:08.0971 4948 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 19:59:08.0974 4948 SiSRaid4 - ok 19:59:09.0068 4948 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 19:59:09.0070 4948 Smb - ok 19:59:09.0202 4948 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 19:59:09.0204 4948 spldr - ok 19:59:09.0322 4948 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 19:59:09.0326 4948 srv - ok 19:59:09.0350 4948 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 19:59:09.0353 4948 srv2 - ok 19:59:09.0465 4948 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 19:59:09.0468 4948 srvnet - ok 19:59:09.0606 4948 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 19:59:09.0607 4948 stexstor - ok 19:59:09.0641 4948 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 19:59:09.0642 4948 swenum - ok 19:59:09.0810 4948 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 19:59:09.0837 4948 Tcpip - ok 19:59:09.0944 4948 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 19:59:09.0954 4948 TCPIP6 - ok 19:59:10.0078 4948 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 19:59:10.0080 4948 tcpipreg - ok 19:59:10.0199 4948 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 19:59:10.0201 4948 TDPIPE - ok 19:59:10.0236 4948 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 19:59:10.0237 4948 TDTCP - ok 19:59:10.0261 4948 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 19:59:10.0263 4948 tdx - ok 19:59:10.0303 4948 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 19:59:10.0304 4948 TermDD - ok 19:59:10.0403 4948 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:59:10.0404 4948 tssecsrv - ok 19:59:10.0533 4948 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 19:59:10.0537 4948 tunnel - ok 19:59:10.0624 4948 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 19:59:10.0627 4948 uagp35 - ok 19:59:10.0707 4948 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 19:59:10.0711 4948 udfs - ok 19:59:10.0764 4948 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 19:59:10.0766 4948 uliagpkx - ok 19:59:10.0902 4948 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 19:59:10.0903 4948 umbus - ok 19:59:10.0981 4948 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 19:59:10.0982 4948 UmPass - ok 19:59:11.0113 4948 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 19:59:11.0115 4948 USBAAPL - ok 19:59:11.0235 4948 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 19:59:11.0237 4948 usbaudio - ok 19:59:11.0277 4948 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 19:59:11.0279 4948 usbccgp - ok 19:59:11.0292 4948 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 19:59:11.0294 4948 usbcir - ok 19:59:11.0313 4948 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 19:59:11.0314 4948 usbehci - ok 19:59:11.0377 4948 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 19:59:11.0380 4948 usbhub - ok 19:59:11.0399 4948 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 19:59:11.0401 4948 usbohci - ok 19:59:11.0513 4948 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 19:59:11.0516 4948 usbprint - ok 19:59:11.0555 4948 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 19:59:11.0557 4948 usbscan - ok 19:59:11.0600 4948 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:59:11.0602 4948 USBSTOR - ok 19:59:11.0616 4948 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 19:59:11.0617 4948 usbuhci - ok 19:59:11.0652 4948 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 19:59:11.0653 4948 vdrvroot - ok 19:59:11.0795 4948 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 19:59:11.0798 4948 vga - ok 19:59:11.0879 4948 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 19:59:11.0881 4948 VgaSave - ok 19:59:11.0937 4948 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 19:59:11.0940 4948 vhdmp - ok 19:59:12.0042 4948 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 19:59:12.0044 4948 viaagp - ok 19:59:12.0072 4948 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 19:59:12.0074 4948 ViaC7 - ok 19:59:12.0177 4948 VIAHdAudAddService (f27c1d81ed7daca5b1a539745a4ef710) C:\Windows\system32\drivers\viahduaa.sys 19:59:12.0203 4948 VIAHdAudAddService - ok 19:59:12.0359 4948 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 19:59:12.0367 4948 viaide - ok 19:59:12.0474 4948 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 19:59:12.0478 4948 volmgr - ok 19:59:12.0509 4948 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 19:59:12.0514 4948 volmgrx - ok 19:59:12.0532 4948 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 19:59:12.0536 4948 volsnap - ok 19:59:12.0657 4948 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 19:59:12.0660 4948 vsmraid - ok 19:59:12.0683 4948 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 19:59:12.0685 4948 vwifibus - ok 19:59:12.0751 4948 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 19:59:12.0754 4948 vwififlt - ok 19:59:12.0777 4948 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 19:59:12.0779 4948 vwifimp - ok 19:59:12.0886 4948 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\Windows\system32\DRIVERS\VX1000.sys 19:59:12.0920 4948 VX1000 - ok 19:59:13.0000 4948 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 19:59:13.0002 4948 WacomPen - ok 19:59:13.0090 4948 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 19:59:13.0092 4948 WANARP - ok 19:59:13.0098 4948 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 19:59:13.0099 4948 Wanarpv6 - ok 19:59:13.0266 4948 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 19:59:13.0268 4948 Wd - ok 19:59:13.0296 4948 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 19:59:13.0301 4948 Wdf01000 - ok 19:59:13.0401 4948 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 19:59:13.0401 4948 WfpLwf - ok 19:59:13.0415 4948 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 19:59:13.0417 4948 WIMMount - ok 19:59:13.0531 4948 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 19:59:13.0533 4948 WinUsb - ok 19:59:13.0669 4948 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 19:59:13.0669 4948 WmiAcpi - ok 19:59:13.0722 4948 WNMFLT (0411d0433e8c48ad24b2ef32d7c97ae0) C:\Windows\system32\Drivers\WNMFLT.SYS 19:59:13.0724 4948 WNMFLT - ok 19:59:13.0806 4948 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 19:59:13.0807 4948 ws2ifsl - ok 19:59:13.0840 4948 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 19:59:13.0842 4948 WudfPf - ok 19:59:13.0859 4948 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:59:13.0861 4948 WUDFRd - ok 19:59:13.0938 4948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 19:59:13.0979 4948 \Device\Harddisk0\DR0 - ok 19:59:13.0987 4948 Boot (0x1200) (9af654fd54da4db02b5245b8a79ee96e) \Device\Harddisk0\DR0\Partition0 19:59:13.0989 4948 \Device\Harddisk0\DR0\Partition0 - ok 19:59:13.0999 4948 Boot (0x1200) (1cdf2e01b38ed29f2f777cb6b0b311f8) \Device\Harddisk0\DR0\Partition1 19:59:14.0000 4948 \Device\Harddisk0\DR0\Partition1 - ok 19:59:14.0004 4948 ============================================================ 19:59:14.0004 4948 Scan finished 19:59:14.0004 4948 ============================================================ 19:59:14.0012 4332 Detected object count: 0 19:59:14.0012 4332 Actual detected object count: 0 aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software Run date: 2012-03-03 19:44:49 ----------------------------- 19:44:49.851 OS Version: Windows 6.1.7600 19:44:49.851 Number of processors: 2 586 0x602 19:44:49.851 ComputerName: ZIANTE-PC UserName: Ria 19:45:04.281 Initialize success 19:45:09.195 AVAST engine defs: 12030300 19:45:15.825 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 19:45:15.840 Disk 0 Vendor: ST3250318AS CC38 Size: 238475MB BusType: 3 19:45:15.840 Disk 0 MBR read successfully 19:45:15.856 Disk 0 MBR scan 19:45:15.856 Disk 0 Windows 7 default MBR code 19:45:15.872 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 19:45:15.903 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848 19:45:15.918 Disk 0 scanning sectors +488394752 19:45:15.965 Disk 0 scanning C:\Windows\system32\drivers 19:45:25.419 Service scanning 19:45:35.078 Service MSICDSetup D:\CDriver.sys **LOCKED** 21 19:45:49.838 Modules scanning 19:46:04.299 Disk 0 trace - called modules: 19:46:04.315 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 19:46:04.330 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a27ac8] 19:46:04.330 3 CLASSPNP.SYS[8918d59e] -> nt!IofCallDriver -> [0x85a46918] 19:46:04.346 5 ACPI.sys[88b9d3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85a28030] 19:46:07.637 AVAST engine scan C:\Windows 19:46:09.946 AVAST engine scan C:\Windows\system32 19:46:30.679 File: C:\Windows\system32\fdWSDU.dll **INFECTED** Win32:Adware-YZ [Adw] 19:48:29.021 AVAST engine scan C:\Windows\system32\drivers 19:48:40.346 AVAST engine scan C:\Users\Ria 19:53:40.748 AVAST engine scan C:\ProgramData 19:54:31.197 Scan finished successfully 19:55:57.775 Disk 0 MBR has been saved successfully to "C:\Users\Ria\Desktop\MBR.dat" 19:55:57.782 The log file has been saved successfully to "C:\Users\Ria\Desktop\aswMBR.txt" MBR.zip
  14. Hi Daniel, Thank you for your help, much appreciated here is my GMER log. GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-03 10:12:25 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250318AS rev.CC38 Running: 4gb4ytk1.exe; Driver: C:\Users\Ria\AppData\Local\Temp\fwdiypog.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Windows\system32\DRIVERS\PavProc.sys ZwTerminateProcess [0x9EEFE73A] SSDT \??\C:\Windows\system32\PavSRK.sys ZwWriteVirtualMemory [0x9EEB5C30] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.) AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys AttachedDevice \Driver\tdx \Device\Tcp NETFLTDI.SYS Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp NETFLTDI.SYS Device cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B63135AE-BD94-4548-B391-C7C90277439E}\Connection@Name isatap.{74BBAD8C-54AD-4B8D-B2CB-A04B32A8FE3A} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{B63135AE-BD94-4548-B391-C7C90277439E}?\Device\{AF2A2C54-E64A-4BCC-A9BC-8813953D1EFD}?\Device\{2F52CD66-619E-427F-8342-CA8E6DEF152F}?\Device\{F6434A1E-B99E-4E4B-B15F-E623E8290E47}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{B63135AE-BD94-4548-B391-C7C90277439E}"?"{AF2A2C54-E64A-4BCC-A9BC-8813953D1EFD}"?"{2F52CD66-619E-427F-8342-CA8E6DEF152F}"?"{F6434A1E-B99E-4E4B-B15F-E623E8290E47}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{B63135AE-BD94-4548-B391-C7C90277439E}?\Device\TCPIP6TUNNEL_{AF2A2C54-E64A-4BCC-A9BC-8813953D1EFD}?\Device\TCPIP6TUNNEL_{2F52CD66-619E-427F-8342-CA8E6DEF152F}?\Device\TCPIP6TUNNEL_{F6434A1E-B99E-4E4B-B15F-E623E8290E47}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B63135AE-BD94-4548-B391-C7C90277439E}@InterfaceName isatap.{74BBAD8C-54AD-4B8D-B2CB-A04B32A8FE3A} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B63135AE-BD94-4548-B391-C7C90277439E}@ReusableType 0 ---- EOF - GMER 1.0.15 ---- Regards Ria
  15. sorry lol that would help i imagine! my google search keeps getting redirected to thealltimes.com thanks