snotbowst

Infected with Google Redirect Virus

14 posts in this topic

I currently am infected with a Google redirect virus. Google sites are slow to load (my GMail refuses to load altogether) and links lead to bogus sites (I get gamblingpuma.com and gimmeanswers.com a lot). Malwarebytes and AdAware have failed to detect and remove the problem.

Here is the DDS and Attach files

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Steve at 23:35:28 on 2012-02-15

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12269.9378 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Google Update] "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{CD789F30-E439-421F-86B0-5581BB647305} : DhcpNameServer = 209.18.47.61 209.18.47.62

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-15 652360]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-26 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-1-26 17152]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-15 10:48:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\offreg.dll

2012-02-15 06:19:52 -------- d-----w- C:\Users\Steve\AppData\Roaming\Malwarebytes

2012-02-15 06:19:50 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-15 06:19:49 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-15 06:19:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-15 05:38:31 16432 ----a-w- C:\Windows\System32\lsdelete.exe

2012-02-15 04:52:26 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-15 04:52:26 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-15 04:52:14 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-15 04:52:14 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-15 04:52:13 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-15 04:52:12 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-15 04:52:09 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-15 04:52:09 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-15 04:51:18 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\mpengine.dll

2012-02-11 16:31:16 -------- d-----w- C:\Program Files (x86)\Etron Technology

2012-02-11 06:19:39 -------- d--h--w- C:\Program Files (x86)\Temp

2012-02-11 06:06:25 -------- d-----w- C:\Users\Steve\AppData\Roaming\Logishrd

2012-02-11 05:59:02 -------- d-----w- C:\Users\Steve\AppData\Local\ElevatedDiagnostics

2012-02-07 05:57:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-03 00:55:41 -------- d-----w- C:\Program Files (x86)\Mumble(PR Edition)

2012-02-02 06:28:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\OpenOffice.org

2012-02-02 00:19:07 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-02-02 00:16:36 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-02-02 00:16:36 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-02-02 00:16:36 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-02-02 00:16:35 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2012-02-01 23:44:29 -------- d-----w- C:\Users\Steve\AppData\Local\PunkBuster

2012-02-01 04:04:21 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2012-01-31 05:51:27 14744 ----a-w- C:\Users\Steve\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll

2012-01-31 05:49:10 -------- d-sh--w- C:\ProgramData\SecuROM

2012-01-30 22:21:02 -------- d-----w- C:\Windows\System32\SPReview

2012-01-30 22:19:48 -------- d-----w- C:\Windows\System32\EventProviders

2012-01-30 22:18:39 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-01-30 22:18:38 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-01-30 22:18:38 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-01-30 22:18:38 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-01-30 22:18:38 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-01-30 22:18:29 -------- d-----w- C:\Users\Steve\AppData\Local\Rockstar Games

2012-01-29 16:08:04 -------- d-----w- C:\Windows\SysWow64\xlive

2012-01-29 16:08:04 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2012-01-28 20:04:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\Red Alert 3

2012-01-28 06:02:13 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2012-01-28 05:57:53 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2012-01-28 03:10:30 -------- d-----w- C:\Users\Steve\AppData\Roaming\SPORE

2012-01-27 22:53:38 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks

2012-01-27 19:01:14 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2012-01-27 19:01:14 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2012-01-27 19:01:14 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2012-01-27 19:01:14 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2012-01-27 19:01:14 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2012-01-27 19:01:13 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2012-01-27 19:01:12 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2012-01-27 19:01:07 -------- d-----w- C:\Users\Steve\AppData\Local\Oblivion

2012-01-27 09:22:25 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2012-01-27 09:22:21 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2012-01-27 09:20:59 488448 ----a-w- C:\Windows\System32\secproc.dll

2012-01-27 09:19:59 955904 ----a-w- C:\Windows\System32\localspl.dll

2012-01-27 09:18:59 40960 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll

2012-01-27 09:17:59 21760 ----a-w- C:\Windows\System32\drivers\VMBusHID.sys

2012-01-27 09:17:58 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui

2012-01-27 09:17:58 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui

2012-01-27 09:17:56 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui

2012-01-27 09:17:56 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui

2012-01-27 09:17:36 399872 ----a-w- C:\Windows\System32\dpx.dll

2012-01-27 09:17:36 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll

2012-01-27 09:17:33 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll

2012-01-27 09:17:31 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2012-01-27 09:17:31 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2012-01-27 09:17:31 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll

2012-01-27 09:17:01 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2012-01-27 09:17:01 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2012-01-27 09:16:59 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2012-01-27 08:47:33 -------- d-----w- C:\Windows\SysWow64\Wat

2012-01-27 08:47:33 -------- d-----w- C:\Windows\System32\Wat

2012-01-27 05:50:10 -------- d-----w- C:\Program Files (x86)\EA GAMES

2012-01-27 05:47:20 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2012-01-27 05:47:20 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2012-01-27 05:47:20 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2012-01-27 05:47:20 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-01-27 05:47:20 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2012-01-27 05:47:20 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2012-01-27 05:47:15 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2012-01-27 05:47:14 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2012-01-27 03:57:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-27 03:56:55 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-01-27 03:55:39 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2012-01-27 03:54:53 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2012-01-27 03:53:40 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2012-01-27 03:52:52 974336 ----a-w- C:\Windows\System32\WFS.exe

2012-01-27 00:40:51 -------- d-----w- C:\Users\Steve\AppData\Local\Skyrim

2012-01-27 00:33:27 -------- d-----w- C:\Users\Steve\AppData\Roaming\NVIDIA

2012-01-27 00:32:13 -------- d-----w- C:\Users\Steve\AppData\Roaming\.minecraft

2012-01-27 00:31:41 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-27 00:20:46 -------- d-----w- C:\NVIDIA

2012-01-26 23:49:12 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2012-01-26 23:40:24 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-26 23:39:52 -------- d-----w- C:\Users\Steve\AppData\Local\Google

2012-01-26 23:39:37 -------- d-----w- C:\Users\Steve\AppData\Local\Apps

2012-01-26 23:39:36 -------- d-----w- C:\Users\Steve\AppData\Local\Deployment

2012-01-26 23:37:39 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2012-01-26 23:37:39 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2012-01-26 23:37:39 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2012-01-26 23:37:35 -------- d-----w- C:\Program Files (x86)\Realtek

2012-01-26 23:03:19 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-01-26 23:03:18 -------- d-----w- C:\Program Files (x86)\Steam

2012-01-26 22:51:15 -------- d-sh--w- C:\Windows\Installer

2012-01-26 13:13:59 -------- d-----w- C:\Windows\Panther

2012-01-25 17:12:10 -------- d-sh--w- C:\Recovery

.

==================== Find3M ====================

.

2012-01-30 22:28:01 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-01-30 22:28:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-12-23 12:12:12 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll

2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll

.

============= FINISH: 23:35:45.78 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/26/2012 5:48:26 PM

System Uptime: 2/15/2012 3:20:13 AM (20 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-970A-D3

Processor: AMD FX-6100 Six-Core Processor | Socket M2 | 3300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 335.676 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP48: 2/15/2012 3:00:11 AM - Windows Update

.

==== Installed Programs ======================

.

Ad-Aware

Battlefield 2

Battlefield 2: Special Forces

Cities XL 2011

Command & Conquer™ Red Alert™ 3

Etron USB3.0 Host Controller

Garry's Mod

Google Chrome

Grand Theft Auto IV

Half-Life 2

Java Auto Updater

Java 6 Update 22

Java 6 Update 30

Just Cause 2

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mumble(PR edition) and Murmur(PR edition)

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Oblivion

OpenOffice.org 3.3

Project Reality: BF2

PunkBuster Services

Realtek Ethernet Controller Driver

S.T.A.L.K.E.R.: Shadow of Chernobyl

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

SPORE™

Steam

Team Fortress 2

The Elder Scrolls V: Skyrim

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

WinRAR 4.10 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

2/15/2012 4:20:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

2/15/2012 4:20:18 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/15/2012 2:22:13 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

DDS.txt

Attach.txt

Share this post


Link to post
Share on other sites

Hello snotbowst and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please disable your Ad-Aware and its protection module Ad-Watch:

http://www.bleepingcomputer.com/forums/topic114351.html/page__view__findpost__p__649847

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

In your next post, please include:

  • Malwarebytes' Anti-Malware log
  • TDSSKiller log
  • a new fresh DDS log file

Share this post


Link to post
Share on other sites

Thanks for the reply Maniac. Unfortunately neither of these tools detected anything.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.16.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Steve :: STEVE-PC [administrator]

Protection: Enabled

2/16/2012 8:38:42 AM

mbam-log-2012-02-16 (08-38-42).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194543

Time elapsed: 1 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

08:40:27.0013 3788 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

08:40:27.0325 3788 ============================================================

08:40:27.0325 3788 Current date / time: 2012/02/16 08:40:27.0325

08:40:27.0325 3788 SystemInfo:

08:40:27.0325 3788

08:40:27.0325 3788 OS Version: 6.1.7601 ServicePack: 1.0

08:40:27.0325 3788 Product type: Workstation

08:40:27.0325 3788 ComputerName: STEVE-PC

08:40:27.0325 3788 UserName: Steve

08:40:27.0325 3788 Windows directory: C:\Windows

08:40:27.0325 3788 System windows directory: C:\Windows

08:40:27.0325 3788 Running under WOW64

08:40:27.0325 3788 Processor architecture: Intel x64

08:40:27.0325 3788 Number of processors: 6

08:40:27.0325 3788 Page size: 0x1000

08:40:27.0325 3788 Boot type: Normal boot

08:40:27.0325 3788 ============================================================

08:40:27.0886 3788 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

08:40:27.0902 3788 \Device\Harddisk0\DR0:

08:40:27.0902 3788 MBR used

08:40:27.0902 3788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

08:40:27.0902 3788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

08:40:27.0964 3788 Initialize success

08:40:27.0964 3788 ============================================================

08:40:42.0536 0876 ============================================================

08:40:42.0536 0876 Scan started

08:40:42.0536 0876 Mode: Manual; SigCheck; TDLFS;

08:40:42.0536 0876 ============================================================

08:40:43.0144 0876 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

08:40:43.0254 0876 1394ohci - ok

08:40:43.0300 0876 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

08:40:43.0316 0876 ACPI - ok

08:40:43.0332 0876 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

08:40:43.0394 0876 AcpiPmi - ok

08:40:43.0441 0876 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

08:40:43.0456 0876 adp94xx - ok

08:40:43.0472 0876 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

08:40:43.0488 0876 adpahci - ok

08:40:43.0503 0876 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

08:40:43.0519 0876 adpu320 - ok

08:40:43.0550 0876 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

08:40:43.0566 0876 AFD - ok

08:40:43.0597 0876 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

08:40:43.0612 0876 agp440 - ok

08:40:43.0644 0876 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

08:40:43.0659 0876 aliide - ok

08:40:43.0675 0876 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

08:40:43.0690 0876 amdide - ok

08:40:43.0722 0876 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

08:40:43.0768 0876 AmdK8 - ok

08:40:43.0784 0876 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

08:40:43.0815 0876 AmdPPM - ok

08:40:43.0846 0876 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

08:40:43.0862 0876 amdsata - ok

08:40:43.0878 0876 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

08:40:43.0878 0876 amdsbs - ok

08:40:43.0909 0876 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

08:40:43.0909 0876 amdxata - ok

08:40:43.0971 0876 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

08:40:44.0034 0876 AppID - ok

08:40:44.0065 0876 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

08:40:44.0080 0876 arc - ok

08:40:44.0080 0876 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

08:40:44.0096 0876 arcsas - ok

08:40:44.0112 0876 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

08:40:44.0221 0876 AsyncMac - ok

08:40:44.0236 0876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

08:40:44.0236 0876 atapi - ok

08:40:44.0314 0876 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

08:40:44.0361 0876 b06bdrv - ok

08:40:44.0392 0876 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

08:40:44.0408 0876 b57nd60a - ok

08:40:44.0439 0876 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

08:40:44.0455 0876 Beep - ok

08:40:44.0502 0876 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

08:40:44.0533 0876 blbdrive - ok

08:40:44.0564 0876 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

08:40:44.0580 0876 bowser - ok

08:40:44.0611 0876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

08:40:44.0673 0876 BrFiltLo - ok

08:40:44.0673 0876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

08:40:44.0689 0876 BrFiltUp - ok

08:40:44.0720 0876 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

08:40:44.0767 0876 Brserid - ok

08:40:44.0767 0876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

08:40:44.0814 0876 BrSerWdm - ok

08:40:44.0845 0876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

08:40:44.0860 0876 BrUsbMdm - ok

08:40:44.0876 0876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

08:40:44.0923 0876 BrUsbSer - ok

08:40:44.0970 0876 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

08:40:45.0001 0876 BTHMODEM - ok

08:40:45.0048 0876 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

08:40:45.0094 0876 cdfs - ok

08:40:45.0141 0876 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

08:40:45.0157 0876 cdrom - ok

08:40:45.0172 0876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

08:40:45.0188 0876 circlass - ok

08:40:45.0235 0876 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

08:40:45.0250 0876 CLFS - ok

08:40:45.0313 0876 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

08:40:45.0344 0876 CmBatt - ok

08:40:45.0375 0876 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

08:40:45.0375 0876 cmdide - ok

08:40:45.0422 0876 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

08:40:45.0438 0876 CNG - ok

08:40:45.0459 0876 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

08:40:45.0467 0876 Compbatt - ok

08:40:45.0495 0876 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

08:40:45.0526 0876 CompositeBus - ok

08:40:45.0568 0876 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

08:40:45.0576 0876 crcdisk - ok

08:40:45.0628 0876 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

08:40:45.0678 0876 CSC - ok

08:40:45.0728 0876 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

08:40:45.0774 0876 DfsC - ok

08:40:45.0800 0876 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

08:40:45.0875 0876 discache - ok

08:40:45.0895 0876 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

08:40:45.0904 0876 Disk - ok

08:40:45.0945 0876 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

08:40:45.0980 0876 drmkaud - ok

08:40:46.0023 0876 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

08:40:46.0047 0876 DXGKrnl - ok

08:40:46.0158 0876 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

08:40:46.0265 0876 ebdrv - ok

08:40:46.0307 0876 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

08:40:46.0323 0876 elxstor - ok

08:40:46.0363 0876 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

08:40:46.0388 0876 ErrDev - ok

08:40:46.0428 0876 EtronHub3 (d182c5a0d436c8fd8c08a5424a3448fa) C:\Windows\system32\Drivers\EtronHub3.sys

08:40:46.0474 0876 EtronHub3 - ok

08:40:46.0505 0876 EtronXHCI (cad747aceb8e693b3d92613655602219) C:\Windows\system32\Drivers\EtronXHCI.sys

08:40:46.0536 0876 EtronXHCI - ok

08:40:46.0580 0876 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

08:40:46.0629 0876 exfat - ok

08:40:46.0651 0876 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

08:40:46.0712 0876 fastfat - ok

08:40:46.0733 0876 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

08:40:46.0743 0876 fdc - ok

08:40:46.0760 0876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

08:40:46.0768 0876 FileInfo - ok

08:40:46.0782 0876 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

08:40:46.0829 0876 Filetrace - ok

08:40:46.0836 0876 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

08:40:46.0845 0876 flpydisk - ok

08:40:46.0895 0876 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

08:40:46.0907 0876 FltMgr - ok

08:40:46.0920 0876 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

08:40:46.0924 0876 FsDepends - ok

08:40:46.0940 0876 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

08:40:46.0940 0876 Fs_Rec - ok

08:40:47.0002 0876 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

08:40:47.0002 0876 fvevol - ok

08:40:47.0033 0876 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

08:40:47.0033 0876 gagp30kx - ok

08:40:47.0049 0876 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

08:40:47.0096 0876 hcw85cir - ok

08:40:47.0127 0876 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

08:40:47.0143 0876 HdAudAddService - ok

08:40:47.0205 0876 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

08:40:47.0236 0876 HDAudBus - ok

08:40:47.0283 0876 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

08:40:47.0314 0876 HidBatt - ok

08:40:47.0314 0876 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

08:40:47.0345 0876 HidBth - ok

08:40:47.0345 0876 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

08:40:47.0392 0876 HidIr - ok

08:40:47.0455 0876 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

08:40:47.0517 0876 HidUsb - ok

08:40:47.0548 0876 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

08:40:47.0564 0876 HpSAMD - ok

08:40:47.0611 0876 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

08:40:47.0673 0876 HTTP - ok

08:40:47.0704 0876 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

08:40:47.0720 0876 hwpolicy - ok

08:40:47.0767 0876 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

08:40:47.0782 0876 i8042prt - ok

08:40:47.0813 0876 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

08:40:47.0829 0876 iaStorV - ok

08:40:47.0845 0876 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

08:40:47.0860 0876 iirsp - ok

08:40:47.0876 0876 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

08:40:47.0891 0876 intelide - ok

08:40:47.0923 0876 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

08:40:47.0923 0876 intelppm - ok

08:40:47.0969 0876 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:40:48.0016 0876 IpFilterDriver - ok

08:40:48.0032 0876 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

08:40:48.0063 0876 IPMIDRV - ok

08:40:48.0094 0876 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

08:40:48.0141 0876 IPNAT - ok

08:40:48.0172 0876 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

08:40:48.0250 0876 IRENUM - ok

08:40:48.0266 0876 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

08:40:48.0266 0876 isapnp - ok

08:40:48.0281 0876 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

08:40:48.0297 0876 iScsiPrt - ok

08:40:48.0328 0876 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

08:40:48.0328 0876 kbdclass - ok

08:40:48.0359 0876 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

08:40:48.0375 0876 kbdhid - ok

08:40:48.0422 0876 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

08:40:48.0437 0876 KSecDD - ok

08:40:48.0453 0876 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

08:40:48.0453 0876 KSecPkg - ok

08:40:48.0484 0876 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

08:40:48.0531 0876 ksthunk - ok

08:40:48.0562 0876 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys

08:40:48.0609 0876 Lbd - ok

08:40:48.0640 0876 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

08:40:48.0671 0876 lltdio - ok

08:40:48.0718 0876 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

08:40:48.0718 0876 LSI_FC - ok

08:40:48.0734 0876 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

08:40:48.0749 0876 LSI_SAS - ok

08:40:48.0765 0876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

08:40:48.0765 0876 LSI_SAS2 - ok

08:40:48.0796 0876 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

08:40:48.0796 0876 LSI_SCSI - ok

08:40:48.0827 0876 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

08:40:48.0859 0876 luafv - ok

08:40:48.0890 0876 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

08:40:48.0890 0876 MBAMProtector - ok

08:40:48.0921 0876 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

08:40:48.0921 0876 megasas - ok

08:40:48.0937 0876 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

08:40:48.0952 0876 MegaSR - ok

08:40:48.0968 0876 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

08:40:49.0015 0876 Modem - ok

08:40:49.0046 0876 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

08:40:49.0077 0876 monitor - ok

08:40:49.0124 0876 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

08:40:49.0139 0876 mouclass - ok

08:40:49.0155 0876 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

08:40:49.0186 0876 mouhid - ok

08:40:49.0217 0876 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

08:40:49.0233 0876 mountmgr - ok

08:40:49.0264 0876 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

08:40:49.0264 0876 mpio - ok

08:40:49.0295 0876 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

08:40:49.0342 0876 mpsdrv - ok

08:40:49.0373 0876 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

08:40:49.0405 0876 MRxDAV - ok

08:40:49.0436 0876 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:40:49.0483 0876 mrxsmb - ok

08:40:49.0529 0876 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:40:49.0529 0876 mrxsmb10 - ok

08:40:49.0545 0876 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:40:49.0576 0876 mrxsmb20 - ok

08:40:49.0607 0876 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

08:40:49.0626 0876 msahci - ok

08:40:49.0649 0876 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

08:40:49.0659 0876 msdsm - ok

08:40:49.0689 0876 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

08:40:49.0717 0876 Msfs - ok

08:40:49.0731 0876 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

08:40:49.0778 0876 mshidkmdf - ok

08:40:49.0813 0876 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

08:40:49.0822 0876 msisadrv - ok

08:40:49.0855 0876 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

08:40:49.0899 0876 MSKSSRV - ok

08:40:49.0926 0876 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

08:40:49.0970 0876 MSPCLOCK - ok

08:40:49.0976 0876 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

08:40:50.0005 0876 MSPQM - ok

08:40:50.0047 0876 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

08:40:50.0060 0876 MsRPC - ok

08:40:50.0085 0876 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

08:40:50.0092 0876 mssmbios - ok

08:40:50.0110 0876 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

08:40:50.0162 0876 MSTEE - ok

08:40:50.0169 0876 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

08:40:50.0181 0876 MTConfig - ok

08:40:50.0217 0876 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

08:40:50.0225 0876 Mup - ok

08:40:50.0250 0876 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

08:40:50.0289 0876 NativeWifiP - ok

08:40:50.0356 0876 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

08:40:50.0380 0876 NDIS - ok

08:40:50.0417 0876 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

08:40:50.0466 0876 NdisCap - ok

08:40:50.0492 0876 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

08:40:50.0521 0876 NdisTapi - ok

08:40:50.0553 0876 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

08:40:50.0582 0876 Ndisuio - ok

08:40:50.0615 0876 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

08:40:50.0660 0876 NdisWan - ok

08:40:50.0691 0876 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

08:40:50.0723 0876 NDProxy - ok

08:40:50.0785 0876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

08:40:50.0832 0876 NetBIOS - ok

08:40:50.0910 0876 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

08:40:50.0957 0876 NetBT - ok

08:40:50.0988 0876 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

08:40:51.0003 0876 nfrd960 - ok

08:40:51.0019 0876 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

08:40:51.0066 0876 Npfs - ok

08:40:51.0097 0876 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

08:40:51.0128 0876 nsiproxy - ok

08:40:51.0175 0876 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

08:40:51.0222 0876 Ntfs - ok

08:40:51.0242 0876 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

08:40:51.0271 0876 Null - ok

08:40:51.0309 0876 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

08:40:51.0318 0876 NVHDA - ok

08:40:51.0517 0876 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

08:40:51.0813 0876 nvlddmkm - ok

08:40:51.0849 0876 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

08:40:51.0858 0876 nvraid - ok

08:40:51.0869 0876 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

08:40:51.0879 0876 nvstor - ok

08:40:51.0914 0876 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

08:40:51.0924 0876 nv_agp - ok

08:40:51.0955 0876 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

08:40:51.0992 0876 ohci1394 - ok

08:40:52.0035 0876 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

08:40:52.0046 0876 Parport - ok

08:40:52.0082 0876 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

08:40:52.0090 0876 partmgr - ok

08:40:52.0110 0876 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

08:40:52.0121 0876 pci - ok

08:40:52.0144 0876 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

08:40:52.0152 0876 pciide - ok

08:40:52.0169 0876 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

08:40:52.0179 0876 pcmcia - ok

08:40:52.0193 0876 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

08:40:52.0200 0876 pcw - ok

08:40:52.0233 0876 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

08:40:52.0290 0876 PEAUTH - ok

08:40:52.0361 0876 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

08:40:52.0408 0876 PptpMiniport - ok

08:40:52.0439 0876 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

08:40:52.0470 0876 Processor - ok

08:40:52.0533 0876 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

08:40:52.0579 0876 Psched - ok

08:40:52.0626 0876 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

08:40:52.0673 0876 ql2300 - ok

08:40:52.0673 0876 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

08:40:52.0689 0876 ql40xx - ok

08:40:52.0704 0876 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

08:40:52.0720 0876 QWAVEdrv - ok

08:40:52.0735 0876 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

08:40:52.0767 0876 RasAcd - ok

08:40:52.0782 0876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

08:40:52.0813 0876 RasAgileVpn - ok

08:40:52.0845 0876 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:40:52.0891 0876 Rasl2tp - ok

08:40:52.0923 0876 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

08:40:52.0969 0876 RasPppoe - ok

08:40:52.0985 0876 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

08:40:53.0016 0876 RasSstp - ok

08:40:53.0063 0876 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

08:40:53.0110 0876 rdbss - ok

08:40:53.0125 0876 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

08:40:53.0157 0876 rdpbus - ok

08:40:53.0188 0876 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:40:53.0219 0876 RDPCDD - ok

08:40:53.0266 0876 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

08:40:53.0281 0876 RDPDR - ok

08:40:53.0313 0876 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

08:40:53.0359 0876 RDPENCDD - ok

08:40:53.0391 0876 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

08:40:53.0406 0876 RDPREFMP - ok

08:40:53.0453 0876 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

08:40:53.0500 0876 RDPWD - ok

08:40:53.0562 0876 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

08:40:53.0578 0876 rdyboost - ok

08:40:53.0609 0876 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

08:40:53.0656 0876 rspndr - ok

08:40:53.0702 0876 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys

08:40:53.0718 0876 RTL8167 - ok

08:40:53.0755 0876 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

08:40:53.0773 0876 s3cap - ok

08:40:53.0789 0876 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

08:40:53.0799 0876 sbp2port - ok

08:40:53.0842 0876 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

08:40:53.0886 0876 scfilter - ok

08:40:53.0927 0876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

08:40:53.0979 0876 secdrv - ok

08:40:54.0005 0876 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

08:40:54.0038 0876 Serenum - ok

08:40:54.0066 0876 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

08:40:54.0077 0876 Serial - ok

08:40:54.0163 0876 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

08:40:54.0193 0876 sermouse - ok

08:40:54.0224 0876 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

08:40:54.0275 0876 sffdisk - ok

08:40:54.0289 0876 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

08:40:54.0298 0876 sffp_mmc - ok

08:40:54.0309 0876 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

08:40:54.0339 0876 sffp_sd - ok

08:40:54.0374 0876 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

08:40:54.0384 0876 sfloppy - ok

08:40:54.0408 0876 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

08:40:54.0417 0876 SiSRaid2 - ok

08:40:54.0433 0876 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

08:40:54.0442 0876 SiSRaid4 - ok

08:40:54.0470 0876 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

08:40:54.0500 0876 Smb - ok

08:40:54.0542 0876 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

08:40:54.0549 0876 spldr - ok

08:40:54.0589 0876 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

08:40:54.0643 0876 srv - ok

08:40:54.0659 0876 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

08:40:54.0690 0876 srv2 - ok

08:40:54.0737 0876 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

08:40:54.0753 0876 srvnet - ok

08:40:54.0815 0876 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

08:40:54.0815 0876 stexstor - ok

08:40:54.0846 0876 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

08:40:54.0862 0876 storflt - ok

08:40:54.0877 0876 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

08:40:54.0893 0876 storvsc - ok

08:40:54.0909 0876 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

08:40:54.0909 0876 swenum - ok

08:40:54.0971 0876 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

08:40:55.0033 0876 Tcpip - ok

08:40:55.0065 0876 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

08:40:55.0096 0876 TCPIP6 - ok

08:40:55.0143 0876 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

08:40:55.0174 0876 tcpipreg - ok

08:40:55.0189 0876 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

08:40:55.0221 0876 TDPIPE - ok

08:40:55.0221 0876 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

08:40:55.0252 0876 TDTCP - ok

08:40:55.0299 0876 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

08:40:55.0330 0876 tdx - ok

08:40:55.0345 0876 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

08:40:55.0361 0876 TermDD - ok

08:40:55.0408 0876 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:40:55.0455 0876 tssecsrv - ok

08:40:55.0517 0876 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

08:40:55.0548 0876 TsUsbFlt - ok

08:40:55.0595 0876 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

08:40:55.0642 0876 tunnel - ok

08:40:55.0673 0876 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

08:40:55.0695 0876 uagp35 - ok

08:40:55.0719 0876 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

08:40:55.0751 0876 udfs - ok

08:40:55.0791 0876 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

08:40:55.0800 0876 uliagpkx - ok

08:40:55.0863 0876 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

08:40:55.0910 0876 umbus - ok

08:40:55.0992 0876 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

08:40:56.0017 0876 UmPass - ok

08:40:56.0051 0876 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

08:40:56.0077 0876 usbccgp - ok

08:40:56.0116 0876 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

08:40:56.0146 0876 usbcir - ok

08:40:56.0170 0876 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

08:40:56.0196 0876 usbehci - ok

08:40:56.0236 0876 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

08:40:56.0265 0876 usbhub - ok

08:40:56.0290 0876 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

08:40:56.0321 0876 usbohci - ok

08:40:56.0365 0876 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

08:40:56.0401 0876 usbprint - ok

08:40:56.0423 0876 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

08:40:56.0467 0876 USBSTOR - ok

08:40:56.0481 0876 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

08:40:56.0509 0876 usbuhci - ok

08:40:56.0546 0876 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

08:40:56.0554 0876 vdrvroot - ok

08:40:56.0583 0876 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

08:40:56.0595 0876 vga - ok

08:40:56.0620 0876 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

08:40:56.0661 0876 VgaSave - ok

08:40:56.0707 0876 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

08:40:56.0723 0876 vhdmp - ok

08:40:56.0739 0876 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

08:40:56.0754 0876 viaide - ok

08:40:56.0770 0876 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

08:40:56.0785 0876 vmbus - ok

08:40:56.0817 0876 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

08:40:56.0848 0876 VMBusHID - ok

08:40:56.0879 0876 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

08:40:56.0879 0876 volmgr - ok

08:40:56.0926 0876 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

08:40:56.0941 0876 volmgrx - ok

08:40:56.0957 0876 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

08:40:56.0957 0876 volsnap - ok

08:40:56.0988 0876 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

08:40:56.0988 0876 vsmraid - ok

08:40:57.0004 0876 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

08:40:57.0035 0876 vwifibus - ok

08:40:57.0066 0876 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

08:40:57.0113 0876 WacomPen - ok

08:40:57.0160 0876 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:40:57.0191 0876 WANARP - ok

08:40:57.0191 0876 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:40:57.0222 0876 Wanarpv6 - ok

08:40:57.0238 0876 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

08:40:57.0238 0876 Wd - ok

08:40:57.0269 0876 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

08:40:57.0285 0876 Wdf01000 - ok

08:40:57.0331 0876 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

08:40:57.0347 0876 WfpLwf - ok

08:40:57.0363 0876 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

08:40:57.0378 0876 WIMMount - ok

08:40:57.0425 0876 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

08:40:57.0456 0876 WmiAcpi - ok

08:40:57.0487 0876 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

08:40:57.0519 0876 ws2ifsl - ok

08:40:57.0550 0876 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

08:40:57.0597 0876 WudfPf - ok

08:40:57.0643 0876 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:40:57.0675 0876 WUDFRd - ok

08:40:57.0709 0876 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

08:40:57.0846 0876 \Device\Harddisk0\DR0 - ok

08:40:57.0848 0876 Boot (0x1200) (69f80c526140b7943a9e7132e1f1b587) \Device\Harddisk0\DR0\Partition0

08:40:57.0849 0876 \Device\Harddisk0\DR0\Partition0 - ok

08:40:57.0877 0876 Boot (0x1200) (eeaaf19d1c99eb5d720b710fa3a87f28) \Device\Harddisk0\DR0\Partition1

08:40:57.0879 0876 \Device\Harddisk0\DR0\Partition1 - ok

08:40:57.0880 0876 ============================================================

08:40:57.0880 0876 Scan finished

08:40:57.0880 0876 ============================================================

08:40:57.0888 3892 Detected object count: 0

08:40:57.0888 3892 Actual detected object count: 0

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Steve at 8:44:14 on 2012-02-16

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12269.9481 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\notepad.exe

C:\Users\Steve\Downloads\tdsskiller.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Google Update] "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{CD789F30-E439-421F-86B0-5581BB647305} : DhcpNameServer = 209.18.47.61 209.18.47.62

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-15 652360]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-26 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-15 10:48:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\offreg.dll

2012-02-15 06:19:52 -------- d-----w- C:\Users\Steve\AppData\Roaming\Malwarebytes

2012-02-15 06:19:50 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-15 06:19:49 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-15 06:19:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-15 05:38:31 16432 ----a-w- C:\Windows\System32\lsdelete.exe

2012-02-15 04:52:26 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-15 04:52:26 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-15 04:52:14 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-15 04:52:14 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-15 04:52:13 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-15 04:52:12 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-15 04:52:09 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-15 04:52:09 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-15 04:51:18 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\mpengine.dll

2012-02-11 16:31:16 -------- d-----w- C:\Program Files (x86)\Etron Technology

2012-02-11 06:19:39 -------- d--h--w- C:\Program Files (x86)\Temp

2012-02-11 06:06:25 -------- d-----w- C:\Users\Steve\AppData\Roaming\Logishrd

2012-02-11 05:59:02 -------- d-----w- C:\Users\Steve\AppData\Local\ElevatedDiagnostics

2012-02-07 05:57:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-03 00:55:41 -------- d-----w- C:\Program Files (x86)\Mumble(PR Edition)

2012-02-02 06:28:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\OpenOffice.org

2012-02-02 00:19:07 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-02-02 00:16:36 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-02-02 00:16:36 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-02-02 00:16:36 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-02-02 00:16:35 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2012-02-01 23:44:29 -------- d-----w- C:\Users\Steve\AppData\Local\PunkBuster

2012-02-01 04:04:21 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2012-01-31 05:51:27 14744 ----a-w- C:\Users\Steve\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll

2012-01-31 05:49:10 -------- d-sh--w- C:\ProgramData\SecuROM

2012-01-30 22:21:02 -------- d-----w- C:\Windows\System32\SPReview

2012-01-30 22:19:48 -------- d-----w- C:\Windows\System32\EventProviders

2012-01-30 22:18:39 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-01-30 22:18:38 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-01-30 22:18:38 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-01-30 22:18:38 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-01-30 22:18:38 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-01-30 22:18:29 -------- d-----w- C:\Users\Steve\AppData\Local\Rockstar Games

2012-01-29 16:08:04 -------- d-----w- C:\Windows\SysWow64\xlive

2012-01-29 16:08:04 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2012-01-28 20:04:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\Red Alert 3

2012-01-28 06:02:13 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2012-01-28 05:57:53 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2012-01-28 03:10:30 -------- d-----w- C:\Users\Steve\AppData\Roaming\SPORE

2012-01-27 22:53:38 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks

2012-01-27 19:01:14 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2012-01-27 19:01:14 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2012-01-27 19:01:14 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2012-01-27 19:01:14 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2012-01-27 19:01:14 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2012-01-27 19:01:13 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2012-01-27 19:01:12 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2012-01-27 19:01:07 -------- d-----w- C:\Users\Steve\AppData\Local\Oblivion

2012-01-27 09:22:25 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2012-01-27 09:22:21 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2012-01-27 09:20:59 488448 ----a-w- C:\Windows\System32\secproc.dll

2012-01-27 09:19:59 955904 ----a-w- C:\Windows\System32\localspl.dll

2012-01-27 09:18:59 40960 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll

2012-01-27 09:17:59 21760 ----a-w- C:\Windows\System32\drivers\VMBusHID.sys

2012-01-27 09:17:58 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui

2012-01-27 09:17:58 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui

2012-01-27 09:17:56 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui

2012-01-27 09:17:56 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui

2012-01-27 09:17:36 399872 ----a-w- C:\Windows\System32\dpx.dll

2012-01-27 09:17:36 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll

2012-01-27 09:17:33 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll

2012-01-27 09:17:31 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2012-01-27 09:17:31 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2012-01-27 09:17:31 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll

2012-01-27 09:17:01 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2012-01-27 09:17:01 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2012-01-27 09:16:59 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2012-01-27 08:47:33 -------- d-----w- C:\Windows\SysWow64\Wat

2012-01-27 08:47:33 -------- d-----w- C:\Windows\System32\Wat

2012-01-27 05:50:10 -------- d-----w- C:\Program Files (x86)\EA GAMES

2012-01-27 05:47:20 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2012-01-27 05:47:20 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2012-01-27 05:47:20 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2012-01-27 05:47:20 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-01-27 05:47:20 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2012-01-27 05:47:20 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2012-01-27 05:47:15 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2012-01-27 05:47:14 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2012-01-27 03:57:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-27 03:56:55 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-01-27 03:55:39 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2012-01-27 03:54:53 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2012-01-27 03:53:40 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2012-01-27 03:52:52 974336 ----a-w- C:\Windows\System32\WFS.exe

2012-01-27 00:40:51 -------- d-----w- C:\Users\Steve\AppData\Local\Skyrim

2012-01-27 00:33:27 -------- d-----w- C:\Users\Steve\AppData\Roaming\NVIDIA

2012-01-27 00:32:13 -------- d-----w- C:\Users\Steve\AppData\Roaming\.minecraft

2012-01-27 00:31:41 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-27 00:20:46 -------- d-----w- C:\NVIDIA

2012-01-26 23:49:12 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2012-01-26 23:40:24 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-26 23:39:52 -------- d-----w- C:\Users\Steve\AppData\Local\Google

2012-01-26 23:39:37 -------- d-----w- C:\Users\Steve\AppData\Local\Apps

2012-01-26 23:39:36 -------- d-----w- C:\Users\Steve\AppData\Local\Deployment

2012-01-26 23:37:39 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2012-01-26 23:37:39 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2012-01-26 23:37:39 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2012-01-26 23:37:35 -------- d-----w- C:\Program Files (x86)\Realtek

2012-01-26 23:03:19 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-01-26 23:03:18 -------- d-----w- C:\Program Files (x86)\Steam

2012-01-26 22:51:15 -------- d-sh--w- C:\Windows\Installer

2012-01-26 13:13:59 -------- d-----w- C:\Windows\Panther

2012-01-25 17:12:10 -------- d-sh--w- C:\Recovery

.

==================== Find3M ====================

.

2012-01-30 22:28:01 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-01-30 22:28:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-12-23 12:12:12 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll

2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll

.

============= FINISH: 8:44:29.90 ===============

DDS.txt

TDSSKiller.2.7.13.0_16.02.2012_08.40.26_log.txt

Share this post


Link to post
Share on other sites

Well, that may have fixed the problem, hopefully.

ComboFix 12-02-16.02 - Steve 02/16/2012 19:52:47.1.6 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12269.9772 [GMT -5:00]

Running from: c:\users\Steve\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))

.

.

2012-02-17 00:56 . 2012-02-17 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-15 06:19 . 2012-02-15 06:19 -------- d-----w- c:\programdata\Malwarebytes

2012-02-15 06:19 . 2012-02-15 06:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-15 06:19 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-15 05:38 . 2012-01-26 23:49 16432 ----a-w- c:\windows\system32\lsdelete.exe

2012-02-15 04:52 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 04:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-15 04:52 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 04:52 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-15 04:52 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-15 04:52 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-15 04:52 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 04:52 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-15 04:51 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\mpengine.dll

2012-02-11 16:31 . 2012-02-11 16:31 -------- d-----w- c:\program files (x86)\Etron Technology

2012-02-11 06:49 . 2012-02-11 06:49 -------- d-----w- c:\program files\Logitech

2012-02-11 06:19 . 2012-02-11 06:20 -------- d--h--w- c:\program files (x86)\Temp

2012-02-11 06:07 . 2012-02-11 06:49 -------- d-----w- c:\programdata\Logishrd

2012-02-11 06:07 . 2012-02-11 06:49 -------- d-----w- c:\program files\Common Files\Logishrd

2012-02-07 05:57 . 2012-02-07 05:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-07 05:57 . 2012-02-07 05:57 -------- d-----w- c:\windows\system32\Macromed

2012-02-03 00:55 . 2012-02-03 00:55 -------- d-----w- c:\program files (x86)\Mumble(PR Edition)

2012-02-02 00:19 . 2012-02-03 01:04 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-02-02 00:16 . 2012-02-03 01:04 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-02-02 00:16 . 2012-02-03 00:56 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-02-02 00:16 . 2012-02-02 00:23 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-02-02 00:16 . 2012-02-03 00:56 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-02-01 04:04 . 2012-02-01 04:04 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2012-01-31 05:49 . 2012-01-31 05:49 -------- d-sh--w- c:\programdata\SecuROM

2012-01-30 22:21 . 2012-01-30 22:21 -------- d-----w- c:\windows\system32\SPReview

2012-01-30 22:19 . 2012-01-30 22:19 -------- d-----w- c:\windows\system32\EventProviders

2012-01-30 22:18 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-01-30 22:18 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-01-30 22:18 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-01-30 22:18 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-01-30 22:18 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-01-29 16:08 . 2012-01-29 16:08 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2012-01-29 16:08 . 2012-01-29 16:08 -------- d-----w- c:\windows\SysWow64\xlive

2012-01-28 06:51 . 2012-01-28 06:51 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-01-28 05:57 . 2012-01-28 05:57 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

2012-01-27 22:53 . 2012-01-27 22:53 -------- d-----w- c:\program files (x86)\Bethesda Softworks

2012-01-27 09:22 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2012-01-27 09:22 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-01-27 09:20 . 2010-11-20 13:27 3008000 ----a-w- c:\windows\system32\xpsservices.dll

2012-01-27 09:19 . 2010-11-20 13:27 299520 ----a-w- c:\windows\system32\tsmf.dll

2012-01-27 09:18 . 2010-11-20 13:27 40960 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll

2012-01-27 09:17 . 2010-11-20 09:57 21760 ----a-w- c:\windows\system32\drivers\VMBusHID.sys

2012-01-27 09:17 . 2010-11-20 13:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui

2012-01-27 09:17 . 2010-11-20 12:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui

2012-01-27 09:17 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui

2012-01-27 09:17 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui

2012-01-27 09:17 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2012-01-27 09:17 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll

2012-01-27 09:17 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll

2012-01-27 09:17 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2012-01-27 09:17 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll

2012-01-27 09:17 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2012-01-27 09:17 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2012-01-27 09:17 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2012-01-27 09:16 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2012-01-27 08:47 . 2012-01-27 08:47 -------- d-----w- c:\windows\SysWow64\Wat

2012-01-27 08:47 . 2012-01-27 08:47 -------- d-----w- c:\windows\system32\Wat

2012-01-27 05:59 . 2012-01-27 05:59 -------- d-----w- c:\windows\SysWow64\Macromed

2012-01-27 05:50 . 2012-01-28 19:48 -------- d-----w- c:\program files (x86)\EA GAMES

2012-01-27 05:47 . 2012-01-27 05:47 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2012-01-27 03:57 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-27 03:56 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-01-27 03:55 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-01-27 03:54 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2012-01-27 03:53 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-01-27 03:52 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

2012-01-27 00:40 . 2010-02-04 15:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2012-01-27 00:31 . 2012-01-27 00:31 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-01-27 00:31 . 2012-01-27 00:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-01-27 00:31 . 2012-02-01 04:03 -------- d-----w- c:\program files (x86)\Java

2012-01-27 00:20 . 2012-01-27 00:20 -------- d-----w- C:\NVIDIA

2012-01-26 23:49 . 2012-01-26 23:49 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-01-26 23:40 . 2012-01-27 05:52 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-26 23:37 . 2011-08-23 13:57 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2012-01-26 23:37 . 2011-08-23 13:57 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2012-01-26 23:37 . 2011-08-23 13:57 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2012-01-26 23:37 . 2012-02-11 16:31 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

2012-01-26 23:37 . 2012-01-26 23:37 -------- d-----w- c:\program files (x86)\Realtek

2012-01-26 23:03 . 2012-02-16 04:34 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-01-26 23:03 . 2012-02-16 04:52 -------- d-----w- c:\program files (x86)\Steam

2012-01-26 22:51 . 2012-02-15 08:04 -------- d-sh--w- c:\windows\Installer

2012-01-26 22:48 . 2012-02-11 16:18 -------- d-----w- c:\users\Steve

2012-01-26 13:13 . 2012-01-26 22:48 -------- d-----w- c:\windows\Panther

2012-01-25 17:12 . 2012-01-26 22:48 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-31 05:58 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2012-01-31 05:58 . 2009-08-18 16:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-01-30 22:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-01-30 22:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-01-26 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-01-26 2152152]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654888537-392952013-908355606-1000Core.job

- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 23:39]

.

2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654888537-392952013-908355606-1000UA.job

- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 23:39]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 85.195.91.34

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1654888537-392952013-908355606-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:b8,c9,1e,f3,3b,55,b2,07,64,fc,e1,36,42,62,48,ce,64,59,29,01,0e,8c,cb,

58,e7,18,73,5d,51,c2,04,57,87,1b,ee,8a,57,e7,dd,d8,07,89,19,bd,16,d6,b6,13,\

"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

.

[HKEY_USERS\S-1-5-21-1654888537-392952013-908355606-1000\Software\SecuROM\License information*]

"datasecu"=hex:ac,f8,3c,2a,43,ba,08,22,91,94,e0,80,2a,46,e1,86,63,e4,98,ea,8c,

5a,f7,05,86,52,31,78,31,45,a5,0d,87,c0,6a,be,81,a7,dc,b9,0a,94,61,f3,b6,ba,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2012-02-16 20:00:28 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-17 01:00

.

Pre-Run: 360,173,694,976 bytes free

Post-Run: 360,320,483,328 bytes free

.

- - End Of File - - ECD0B0BCB06D125DA58738AAAB78B8C4

ComboFix.txt

Share this post


Link to post
Share on other sites

Step 1

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

In your next post, please include:

  • MBRCheck log
  • Farbar Service Scanner log

Share this post


Link to post
Share on other sites

Sorry for the lateness, thanks for the replay, and here's all the reports. Looks clean.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Gigabyte Technology Co., Ltd.

BIOS Manufacturer: Award Software International, Inc.

System Manufacturer: Gigabyte Technology Co., Ltd.

System Product Name: GA-970A-D3

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 151):

0x02E0E000 \SystemRoot\system32\ntoskrnl.exe

0x033F7000 \SystemRoot\system32\hal.dll

0x00B9A000 \SystemRoot\system32\kdcom.dll

0x00C34000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

0x00C41000 \SystemRoot\system32\PSHED.dll

0x00C55000 \SystemRoot\system32\CLFS.SYS

0x00CB3000 \SystemRoot\system32\CI.dll

0x00E13000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EB7000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00EC6000 \SystemRoot\system32\drivers\ACPI.sys

0x00F1D000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00F26000 \SystemRoot\system32\drivers\msisadrv.sys

0x00F30000 \SystemRoot\system32\drivers\pci.sys

0x00F63000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00F70000 \SystemRoot\System32\drivers\partmgr.sys

0x00F85000 \SystemRoot\system32\drivers\volmgr.sys

0x00F9A000 \SystemRoot\System32\drivers\volmgrx.sys

0x00FF6000 \SystemRoot\system32\drivers\pciide.sys

0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x00D73000 \SystemRoot\System32\drivers\mountmgr.sys

0x00D8D000 \SystemRoot\system32\drivers\vmbus.sys

0x00DC9000 \SystemRoot\system32\drivers\winhv.sys

0x00DDD000 \SystemRoot\system32\drivers\atapi.sys

0x00C00000 \SystemRoot\system32\drivers\ataport.SYS

0x00DE6000 \SystemRoot\system32\drivers\amdxata.sys

0x01035000 \SystemRoot\system32\drivers\fltmgr.sys

0x01081000 \SystemRoot\system32\drivers\fileinfo.sys

0x01095000 \SystemRoot\system32\DRIVERS\Lbd.sys

0x01229000 \SystemRoot\System32\Drivers\Ntfs.sys

0x010AA000 \SystemRoot\System32\Drivers\msrpc.sys

0x013CC000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01108000 \SystemRoot\System32\Drivers\cng.sys

0x013E7000 \SystemRoot\System32\drivers\pcw.sys

0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x014BC000 \SystemRoot\system32\drivers\ndis.sys

0x01400000 \SystemRoot\system32\drivers\NETIO.SYS

0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x016E0000 \SystemRoot\System32\drivers\tcpip.sys

0x018E4000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x0192E000 \SystemRoot\system32\drivers\vmstorfl.sys

0x0193E000 \SystemRoot\system32\drivers\volsnap.sys

0x0198A000 \SystemRoot\System32\Drivers\spldr.sys

0x01992000 \SystemRoot\System32\drivers\rdyboost.sys

0x019CC000 \SystemRoot\System32\Drivers\mup.sys

0x019DE000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x0163A000 \SystemRoot\system32\DRIVERS\disk.sys

0x01650000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x016B6000 \SystemRoot\system32\drivers\cdrom.sys

0x019E7000 \SystemRoot\System32\Drivers\Null.SYS

0x019F0000 \SystemRoot\System32\Drivers\Beep.SYS

0x0148B000 \SystemRoot\System32\drivers\vga.sys

0x015AF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x015D4000 \SystemRoot\System32\drivers\watchdog.sys

0x019F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x015E4000 \SystemRoot\system32\drivers\rdpencdd.sys

0x015ED000 \SystemRoot\system32\drivers\rdprefmp.sys

0x01499000 \SystemRoot\System32\Drivers\Msfs.SYS

0x014A4000 \SystemRoot\System32\Drivers\Npfs.SYS

0x0117A000 \SystemRoot\system32\DRIVERS\tdx.sys

0x0120A000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x04210000 \SystemRoot\system32\drivers\afd.sys

0x04299000 \SystemRoot\System32\DRIVERS\netbt.sys

0x042DE000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x042E9000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x042F2000 \SystemRoot\system32\DRIVERS\pacer.sys

0x04318000 \SystemRoot\system32\DRIVERS\netbios.sys

0x04327000 \SystemRoot\system32\DRIVERS\serial.sys

0x04344000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x0435F000 \SystemRoot\system32\drivers\termdd.sys

0x04373000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x043C4000 \SystemRoot\system32\drivers\nsiproxy.sys

0x043D0000 \SystemRoot\system32\drivers\mssmbios.sys

0x043DB000 \SystemRoot\System32\drivers\discache.sys

0x040B0000 \SystemRoot\system32\drivers\csc.sys

0x04133000 \SystemRoot\System32\Drivers\dfsc.sys

0x04151000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x04162000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x04188000 \SystemRoot\system32\DRIVERS\amdppm.sys

0x0419D000 \SystemRoot\system32\drivers\wmiacpi.sys

0x130F6000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x13D6D000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x13000000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x13D72000 \SystemRoot\System32\drivers\dxgmms1.sys

0x13DB8000 \SystemRoot\system32\drivers\HDAudBus.sys

0x13DDC000 \SystemRoot\System32\Drivers\EtronXHCI.sys

0x04000000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x13DF0000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x041A6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x0408D000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x0409E000 \SystemRoot\system32\DRIVERS\serenum.sys

0x0119C000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x043EA000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x04200000 \SystemRoot\system32\drivers\CompositeBus.sys

0x011BA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x011D0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x01217000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x01000000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x0488E000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x048A9000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x048CA000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x048E4000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x048EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x048FE000 \SystemRoot\system32\drivers\swenum.sys

0x04900000 \SystemRoot\system32\drivers\ks.sys

0x04943000 \SystemRoot\system32\DRIVERS\umbus.sys

0x04955000 \SystemRoot\System32\Drivers\EtronHub3.sys

0x04963000 \SystemRoot\System32\Drivers\USBD.SYS

0x04965000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x049BF000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04800000 \SystemRoot\system32\drivers\nvhda64v.sys

0x0482D000 \SystemRoot\system32\drivers\portcls.sys

0x0486A000 \SystemRoot\system32\drivers\drmk.sys

0x049D4000 \SystemRoot\system32\drivers\ksthunk.sys

0x05ED2000 \SystemRoot\system32\drivers\HdAudio.sys

0x05F2E000 \SystemRoot\system32\DRIVERS\udfs.sys

0x05F83000 \SystemRoot\System32\Drivers\crashdmp.sys

0x05F91000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x05F9D000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x05FA6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x05FB9000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x000E0000 \SystemRoot\System32\win32k.sys

0x05FD6000 \SystemRoot\System32\drivers\Dxapi.sys

0x05FE2000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x05E00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x05E19000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x05E22000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x05E30000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x05E3D000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00500000 \SystemRoot\System32\TSDDD.dll

0x00790000 \SystemRoot\System32\cdd.dll

0x05E4B000 \SystemRoot\system32\drivers\luafv.sys

0x05E6E000 \SystemRoot\system32\drivers\WudfPf.sys

0x05E8F000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x05EA4000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x064D8000 \SystemRoot\system32\drivers\HTTP.sys

0x065A1000 \SystemRoot\system32\DRIVERS\bowser.sys

0x065BF000 \SystemRoot\System32\drivers\mpsdrv.sys

0x06400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0642D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0647B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x06660000 \SystemRoot\system32\drivers\peauth.sys

0x06706000 \SystemRoot\System32\Drivers\secdrv.SYS

0x06711000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x06742000 \SystemRoot\System32\drivers\tcpipreg.sys

0x06754000 \SystemRoot\System32\DRIVERS\srv2.sys

0x06AB7000 \SystemRoot\System32\DRIVERS\srv.sys

0x06B4F000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

0x77820000 \Windows\System32\ntdll.dll

0x47950000 \Windows\System32\smss.exe

0xFFB40000 \Windows\System32\apisetschema.dll

Processes (total 59):

0 System Idle Process

4 System

292 C:\Windows\System32\smss.exe

412 csrss.exe

468 C:\Windows\System32\wininit.exe

492 csrss.exe

532 C:\Windows\System32\services.exe

552 C:\Windows\System32\lsass.exe

560 C:\Windows\System32\lsm.exe

596 C:\Windows\System32\winlogon.exe

704 C:\Windows\System32\svchost.exe

768 C:\Windows\System32\nvvsvc.exe

792 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

836 C:\Windows\System32\svchost.exe

936 C:\Windows\System32\svchost.exe

972 C:\Windows\System32\svchost.exe

1000 C:\Windows\System32\svchost.exe

420 C:\Windows\System32\audiodg.exe

1028 C:\Windows\System32\svchost.exe

1156 C:\Windows\System32\svchost.exe

1188 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

1200 C:\Windows\System32\nvvsvc.exe

1336 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

1584 C:\Windows\System32\spoolsv.exe

1612 C:\Windows\System32\svchost.exe

1744 C:\Windows\SysWOW64\PnkBstrA.exe

1796 C:\Windows\System32\svchost.exe

1820 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

1288 C:\Windows\System32\SearchIndexer.exe

2196 unsecapp.exe

2264 WmiPrvSE.exe

2300 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2484 dllhost.exe

2664 C:\Windows\System32\SearchProtocolHost.exe

2684 C:\Windows\System32\SearchFilterHost.exe

2588 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

2608 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

2224 C:\Windows\System32\taskhost.exe

2556 C:\Windows\System32\dwm.exe

2800 C:\Windows\explorer.exe

2984 C:\Program Files (x86)\Steam\steam.exe

3060 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

2388 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

2244 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

2828 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

3104 C:\Windows\System32\svchost.exe

3208 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

3300 C:\Program Files (x86)\Common Files\Steam\SteamService.exe

3448 WmiPrvSE.exe

3736 C:\Program Files\Windows Media Player\wmpnetwk.exe

3572 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

3192 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

1320 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

3400 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

2512 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

2436 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

2316 C:\Users\Steve\Downloads\MBRCheck.exe

696 C:\Windows\System32\conhost.exe

3904 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST500DM002-1BD142, Rev: KC45

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Farbar Service Scanner Version: 14-02-2012

Ran by Steve (administrator) on 20-02-2012 at 23:04:29

Running from "C:\Users\Steve\Downloads"

Microsoft Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys

[2012-02-14 23:52] - [2011-12-27 22:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Share this post


Link to post
Share on other sites

Please visit www.virustotal.com and upload the following file:

C:\Windows\System32\drivers\afd.sys

Wait until scan finished and then copy/paste the URL in your next reply here.

Share this post


Link to post
Share on other sites

For some reason, I can not select that file to be uploaded in the dialogue box offered on the website. The file is definitely there, just not selectable for scanning.

Share this post


Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

<p> </p>

<div>ESETSmartInstaller@High as CAB hook log:</div>

<div>OnlineScanner64.ocx - registred OK</div>

<div>OnlineScanner.ocx - registred OK</div>

<div> </div>

<div> </div>

<div>This is log.txt</div>

Share this post


Link to post
Share on other sites

Please manually delete your TDSSKiller, download a new fresh copy and run it again. Post the log file in your next reply.

Share this post


Link to post
Share on other sites

TCP: DhcpNameServer = 85.195.91.34

Reset your router.

  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.