Jump to content

Recommended Posts

I'm having a similar problem to several others here.

I'd had a malware problem crop up, MBAM seems to have gotten rid of it, and now I have PING.exe showing up in my task manager eating up all my CPU. Terminating the process gets rid of it for awhile, but it always comes back. Well, here's the DDS logs, thanks for any help.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23

Run by sam at 19:10:38 on 2011-12-01

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3583.2539 [GMT -6:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\UI0Detect.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

uRun: [sRSHDAudioLab] "c:\program files\srs labs\srs hd audio lab\HDAL.exe" auto

uRun: [AIM] c:\program files\aim95\aim.exe -cnetwait.odl

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

mRun: [MCEJOY]

mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start

StartupFolder: c:\users\sam\appdata\roaming\micros~1\windows\startm~1\programs\startup\irotate.lnk - c:\program files\irotate\iRotate.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{52EFCD62-C676-49C1-AFE7-D03CD9FD9124} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{52EFCD62-C676-49C1-AFE7-D03CD9FD9124}\053494D2D4E4 : DhcpNameServer = 68.87.77.130 68.87.72.130 68.87.77.134

TCP: Interfaces\{52EFCD62-C676-49C1-AFE7-D03CD9FD9124}\2427F6E6A756350727573656D27657563747 : DhcpNameServer = 68.87.77.134 68.87.72.134

TCP: Interfaces\{52EFCD62-C676-49C1-AFE7-D03CD9FD9124}\7457563747 : DhcpNameServer = 207.171.71.71 199.17.241.241 156.98.1.1

TCP: Interfaces\{52EFCD62-C676-49C1-AFE7-D03CD9FD9124}\C696E6B6379737 : DhcpNameServer = 68.87.77.134 68.87.72.134

TCP: Interfaces\{52EFCD62-C676-49C1-AFE7-D03CD9FD9124}\E6164696E656D6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{53483C65-8250-4320-AC3E-A4918B8AB62C} : DhcpNameServer = 7.254.254.254

TCP: Interfaces\{8F816106-149C-4D5C-907E-077E173C2A0E} : DhcpNameServer = 192.168.1.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\sam\appdata\roaming\mozilla\firefox\profiles\vsc1750n.default\

FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Main_Page

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-2-10 122984]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-10-20 27136]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-6 136176]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288]

S2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-10-20 745832]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-6 136176]

S3 IF;IF;c:\users\sam\appdata\local\temp\IF.exe [2011-12-1 535424]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-1-12 81168]

S3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2010-10-27 384752]

S3 USXDEBEYB;USXDEBEYB;c:\users\sam\appdata\local\temp\USXDEBEYB.exe [2011-12-1 392064]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-10 1343400]

S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\common files\srs labs\srs hd audio lab service\SRSAudioLabService.exe [2010-9-13 12592]

S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]

.

=============== Created Last 30 ================

.

2011-11-30 21:13:54 -------- d-----w- c:\users\sam\appdata\local\PassMark

2011-11-30 21:13:44 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2011-11-30 21:13:44 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2011-11-30 21:13:43 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2011-11-30 21:13:21 -------- d-----w- c:\programdata\PassMark

2011-11-29 23:13:49 -------- d-sh--w- c:\programdata\DSS

2011-11-17 00:27:32 -------- d-----w- c:\programdata\Electronic Arts

2011-11-16 19:10:43 -------- d-----w- c:\program files\Microsoft WSE

2011-11-16 01:45:32 -------- d-----w- c:\users\sam\appdata\roaming\SPORE

2011-11-15 12:33:01 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-11-15 12:33:01 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-11-15 12:33:01 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-11-15 12:33:01 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-11-15 12:33:01 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-11-15 12:33:01 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-11-15 12:33:01 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-11-15 12:33:01 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-11-15 12:33:01 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-11-15 12:33:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-11-10 20:19:35 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2011-11-10 20:19:34 238936 ----a-w- c:\windows\system32\xactengine3_5.dll

2011-11-10 20:19:33 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2011-11-10 20:19:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll

2011-11-10 20:19:28 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2011-11-10 20:19:25 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll

2011-11-10 20:19:25 514384 ----a-w- c:\windows\system32\XAudio2_3.dll

2011-11-10 20:19:25 235856 ----a-w- c:\windows\system32\xactengine3_3.dll

2011-11-10 20:19:25 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll

2011-11-10 20:19:24 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll

2011-11-10 20:19:24 509448 ----a-w- c:\windows\system32\XAudio2_2.dll

2011-11-10 20:19:24 238088 ----a-w- c:\windows\system32\xactengine3_2.dll

2011-11-06 18:34:09 -------- d-----w- c:\users\sam\wurm

.

==================== Find3M ====================

.

2011-09-13 00:32:58 249856 ------w- c:\windows\Setup1.exe

2011-09-13 00:32:56 73216 ----a-w- c:\windows\ST6UNST.EXE

.

============= FINISH: 19:10:50.91 ===============

Attach.txt

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

I made a small mistake here, and on the first scan I didn't change the parameters like you said, so when I realized my mistake I ran a second scan, with the changed parameters.

It definitely found something, and PING.exe hasn't made a reappearance, though I certainly know there are likely other issues.

17:48:58.0947 0308 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

17:48:59.0075 0308 ============================================================

17:48:59.0075 0308 Current date / time: 2011/12/06 17:48:59.0075

17:48:59.0075 0308 SystemInfo:

17:48:59.0076 0308

17:48:59.0076 0308 OS Version: 6.1.7600 ServicePack: 0.0

17:48:59.0076 0308 Product type: Workstation

17:48:59.0076 0308 ComputerName: SAM-PC

17:48:59.0076 0308 UserName: sam

17:48:59.0076 0308 Windows directory: C:\Windows

17:48:59.0076 0308 System windows directory: C:\Windows

17:48:59.0076 0308 Processor architecture: Intel x86

17:48:59.0076 0308 Number of processors: 2

17:48:59.0076 0308 Page size: 0x1000

17:48:59.0076 0308 Boot type: Normal boot

17:48:59.0076 0308 ============================================================

17:49:00.0026 0308 Initialize success

17:49:22.0694 5248 ============================================================

17:49:22.0694 5248 Scan started

17:49:22.0694 5248 Mode: Manual; SigCheck; TDLFS;

17:49:22.0694 5248 ============================================================

17:49:23.0903 5248 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

17:49:24.0051 5248 1394ohci - ok

17:49:24.0089 5248 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

17:49:24.0103 5248 ACPI - ok

17:49:24.0139 5248 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

17:49:24.0253 5248 AcpiPmi - ok

17:49:24.0292 5248 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

17:49:24.0317 5248 adp94xx - ok

17:49:24.0346 5248 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

17:49:24.0361 5248 adpahci - ok

17:49:24.0383 5248 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

17:49:24.0394 5248 adpu320 - ok

17:49:24.0447 5248 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

17:49:24.0581 5248 AFD - ok

17:49:24.0613 5248 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

17:49:24.0626 5248 agp440 - ok

17:49:24.0660 5248 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

17:49:24.0674 5248 aic78xx - ok

17:49:24.0715 5248 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

17:49:24.0728 5248 aliide - ok

17:49:24.0742 5248 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

17:49:24.0755 5248 amdagp - ok

17:49:24.0770 5248 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

17:49:24.0782 5248 amdide - ok

17:49:24.0805 5248 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

17:49:24.0853 5248 AmdK8 - ok

17:49:24.0870 5248 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

17:49:24.0897 5248 AmdPPM - ok

17:49:24.0960 5248 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

17:49:24.0970 5248 amdsata - ok

17:49:24.0997 5248 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

17:49:25.0008 5248 amdsbs - ok

17:49:25.0032 5248 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

17:49:25.0040 5248 amdxata - ok

17:49:25.0072 5248 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

17:49:25.0183 5248 AppID - ok

17:49:25.0271 5248 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

17:49:25.0281 5248 arc - ok

17:49:25.0306 5248 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

17:49:25.0316 5248 arcsas - ok

17:49:25.0404 5248 ASMMAP (b9fdfa552eba5b4bf377f7ccec9b8bc7) C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys

17:49:40.0483 5248 ASMMAP - ok

17:49:40.0530 5248 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

17:49:40.0595 5248 AsyncMac - ok

17:49:40.0651 5248 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

17:49:40.0663 5248 atapi - ok

17:49:40.0723 5248 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys

17:49:40.0810 5248 athr ( UnsignedFile.Multi.Generic ) - warning

17:49:40.0810 5248 athr - detected UnsignedFile.Multi.Generic (1)

17:49:40.0895 5248 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

17:49:40.0917 5248 b06bdrv - ok

17:49:40.0944 5248 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

17:49:40.0958 5248 b57nd60x - ok

17:49:40.0985 5248 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

17:49:41.0059 5248 Beep - ok

17:49:41.0099 5248 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

17:49:41.0145 5248 blbdrive - ok

17:49:41.0233 5248 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

17:49:41.0308 5248 bowser - ok

17:49:41.0343 5248 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:49:41.0361 5248 BrFiltLo - ok

17:49:41.0378 5248 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:49:41.0425 5248 BrFiltUp - ok

17:49:41.0486 5248 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

17:49:41.0680 5248 Brserid - ok

17:49:41.0923 5248 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

17:49:41.0975 5248 BrSerWdm - ok

17:49:42.0023 5248 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:49:42.0071 5248 BrUsbMdm - ok

17:49:42.0124 5248 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

17:49:42.0164 5248 BrUsbSer - ok

17:49:42.0224 5248 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

17:49:42.0280 5248 BTHMODEM - ok

17:49:42.0370 5248 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

17:49:42.0395 5248 cdfs - ok

17:49:42.0437 5248 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

17:49:42.0449 5248 cdrom - ok

17:49:42.0494 5248 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

17:49:42.0508 5248 circlass - ok

17:49:42.0550 5248 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

17:49:42.0563 5248 CLFS - ok

17:49:42.0616 5248 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

17:49:42.0628 5248 CmBatt - ok

17:49:42.0643 5248 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

17:49:42.0651 5248 cmdide - ok

17:49:42.0695 5248 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

17:49:42.0731 5248 CNG - ok

17:49:42.0757 5248 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

17:49:42.0768 5248 Compbatt - ok

17:49:42.0795 5248 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:49:42.0840 5248 CompositeBus - ok

17:49:42.0888 5248 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

17:49:42.0900 5248 crcdisk - ok

17:49:42.0955 5248 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

17:49:43.0019 5248 DfsC - ok

17:49:43.0073 5248 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

17:49:43.0133 5248 discache - ok

17:49:43.0230 5248 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

17:49:43.0241 5248 Disk - ok

17:49:43.0332 5248 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

17:49:43.0373 5248 drmkaud - ok

17:49:43.0419 5248 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys

17:49:43.0488 5248 DXGKrnl - ok

17:49:43.0608 5248 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

17:49:43.0745 5248 ebdrv - ok

17:49:43.0814 5248 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

17:49:43.0839 5248 elxstor - ok

17:49:43.0872 5248 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

17:49:43.0914 5248 ErrDev - ok

17:49:44.0004 5248 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

17:49:44.0037 5248 exfat - ok

17:49:44.0072 5248 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

17:49:44.0129 5248 fastfat - ok

17:49:44.0203 5248 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

17:49:44.0215 5248 fdc - ok

17:49:44.0255 5248 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

17:49:44.0265 5248 FileInfo - ok

17:49:44.0304 5248 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

17:49:44.0328 5248 Filetrace - ok

17:49:44.0346 5248 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

17:49:44.0393 5248 flpydisk - ok

17:49:44.0441 5248 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

17:49:44.0458 5248 FltMgr - ok

17:49:44.0504 5248 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

17:49:44.0517 5248 FsDepends - ok

17:49:44.0541 5248 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

17:49:44.0554 5248 Fs_Rec - ok

17:49:44.0585 5248 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys

17:49:44.0604 5248 fvevol - ok

17:49:44.0629 5248 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:49:44.0642 5248 gagp30kx - ok

17:49:44.0683 5248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:49:44.0691 5248 GEARAspiWDM - ok

17:49:44.0739 5248 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys

17:49:44.0786 5248 giveio ( UnsignedFile.Multi.Generic ) - warning

17:49:44.0786 5248 giveio - detected UnsignedFile.Multi.Generic (1)

17:49:44.0877 5248 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys

17:49:44.0895 5248 hamachi - ok

17:49:44.0940 5248 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

17:49:44.0957 5248 hcw85cir - ok

17:49:44.0989 5248 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

17:49:45.0043 5248 HdAudAddService - ok

17:49:45.0102 5248 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:49:45.0150 5248 HDAudBus - ok

17:49:45.0191 5248 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

17:49:45.0231 5248 HidBatt - ok

17:49:45.0274 5248 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

17:49:45.0316 5248 HidBth - ok

17:49:45.0362 5248 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

17:49:45.0410 5248 HidIr - ok

17:49:45.0466 5248 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

17:49:45.0483 5248 HidUsb - ok

17:49:45.0517 5248 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

17:49:45.0532 5248 HpSAMD - ok

17:49:45.0573 5248 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

17:49:45.0646 5248 HTTP - ok

17:49:45.0686 5248 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

17:49:45.0699 5248 hwpolicy - ok

17:49:45.0738 5248 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

17:49:45.0790 5248 i8042prt - ok

17:49:45.0841 5248 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

17:49:45.0862 5248 iaStorV - ok

17:49:45.0953 5248 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

17:49:45.0963 5248 iirsp - ok

17:49:46.0008 5248 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

17:49:46.0016 5248 intelide - ok

17:49:46.0040 5248 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

17:49:46.0051 5248 intelppm - ok

17:49:46.0088 5248 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:49:46.0139 5248 IpFilterDriver - ok

17:49:46.0167 5248 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

17:49:46.0179 5248 IPMIDRV - ok

17:49:46.0193 5248 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

17:49:46.0252 5248 IPNAT - ok

17:49:46.0308 5248 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

17:49:46.0396 5248 IRENUM - ok

17:49:46.0431 5248 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

17:49:46.0440 5248 isapnp - ok

17:49:46.0479 5248 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

17:49:46.0491 5248 iScsiPrt - ok

17:49:46.0513 5248 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

17:49:46.0523 5248 kbdclass - ok

17:49:46.0549 5248 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

17:49:46.0594 5248 kbdhid - ok

17:49:46.0644 5248 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

17:49:46.0659 5248 KSecDD - ok

17:49:46.0675 5248 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

17:49:46.0691 5248 KSecPkg - ok

17:49:46.0738 5248 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

17:49:46.0809 5248 lltdio - ok

17:49:46.0873 5248 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:49:46.0883 5248 LSI_FC - ok

17:49:46.0898 5248 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:49:46.0908 5248 LSI_SAS - ok

17:49:47.0048 5248 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:49:47.0062 5248 LSI_SAS2 - ok

17:49:47.0112 5248 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:49:47.0127 5248 LSI_SCSI - ok

17:49:47.0153 5248 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

17:49:47.0229 5248 luafv - ok

17:49:47.0291 5248 MBAMSwissArmy - ok

17:49:47.0318 5248 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

17:49:47.0326 5248 megasas - ok

17:49:47.0341 5248 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

17:49:47.0353 5248 MegaSR - ok

17:49:47.0373 5248 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

17:49:47.0496 5248 Modem - ok

17:49:47.0566 5248 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

17:49:47.0610 5248 monitor - ok

17:49:47.0687 5248 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\Windows\system32\DRIVERS\MijXfilt.sys

17:49:47.0697 5248 MotioninJoyXFilter - ok

17:49:47.0762 5248 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

17:49:47.0772 5248 mouclass - ok

17:49:47.0814 5248 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

17:49:47.0827 5248 mouhid - ok

17:49:47.0854 5248 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

17:49:47.0864 5248 mountmgr - ok

17:49:47.0893 5248 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

17:49:47.0904 5248 mpio - ok

17:49:47.0933 5248 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

17:49:47.0999 5248 mpsdrv - ok

17:49:48.0014 5248 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

17:49:48.0028 5248 MRxDAV - ok

17:49:48.0076 5248 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:49:48.0121 5248 mrxsmb - ok

17:49:48.0167 5248 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:49:48.0215 5248 mrxsmb10 - ok

17:49:48.0266 5248 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:49:48.0283 5248 mrxsmb20 - ok

17:49:48.0302 5248 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

17:49:48.0315 5248 msahci - ok

17:49:48.0341 5248 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

17:49:48.0352 5248 msdsm - ok

17:49:48.0386 5248 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

17:49:48.0415 5248 Msfs - ok

17:49:48.0431 5248 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

17:49:48.0497 5248 mshidkmdf - ok

17:49:48.0541 5248 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

17:49:48.0549 5248 msisadrv - ok

17:49:48.0582 5248 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

17:49:48.0648 5248 MSKSSRV - ok

17:49:48.0697 5248 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

17:49:48.0755 5248 MSPCLOCK - ok

17:49:48.0814 5248 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

17:49:48.0870 5248 MSPQM - ok

17:49:48.0919 5248 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

17:49:48.0935 5248 MsRPC - ok

17:49:48.0961 5248 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

17:49:48.0970 5248 mssmbios - ok

17:49:48.0989 5248 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

17:49:49.0046 5248 MSTEE - ok

17:49:49.0091 5248 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

17:49:49.0139 5248 MTConfig - ok

17:49:49.0201 5248 MTsensor (2e71504a74be4e3d4ea94568eff7556e) C:\Windows\system32\DRIVERS\ATKACPI.sys

17:49:49.0210 5248 MTsensor - ok

17:49:49.0247 5248 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

17:49:49.0257 5248 Mup - ok

17:49:49.0325 5248 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

17:49:49.0378 5248 NativeWifiP - ok

17:49:49.0460 5248 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

17:49:49.0500 5248 NDIS - ok

17:49:49.0554 5248 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

17:49:49.0581 5248 NdisCap - ok

17:49:49.0640 5248 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

17:49:49.0666 5248 NdisTapi - ok

17:49:49.0688 5248 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

17:49:49.0711 5248 Ndisuio - ok

17:49:49.0733 5248 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

17:49:49.0757 5248 NdisWan - ok

17:49:49.0795 5248 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

17:49:49.0825 5248 NDProxy - ok

17:49:49.0856 5248 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

17:49:49.0880 5248 NetBIOS - ok

17:49:49.0918 5248 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

17:49:49.0943 5248 NetBT - ok

17:49:50.0007 5248 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

17:49:50.0015 5248 nfrd960 - ok

17:49:50.0046 5248 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

17:49:50.0070 5248 Npfs - ok

17:49:50.0108 5248 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

17:49:50.0159 5248 nsiproxy - ok

17:49:50.0223 5248 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

17:49:50.0275 5248 Ntfs - ok

17:49:50.0298 5248 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

17:49:50.0321 5248 Null - ok

17:49:50.0377 5248 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys

17:49:50.0387 5248 NVHDA - ok

17:49:50.0605 5248 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:49:50.0931 5248 nvlddmkm - ok

17:49:50.0984 5248 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

17:49:50.0995 5248 nvraid - ok

17:49:51.0041 5248 nvsmu (02a9f366bcb94b286e34825b2094cb38) C:\Windows\system32\DRIVERS\nvsmu.sys

17:49:51.0114 5248 nvsmu - ok

17:49:51.0157 5248 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

17:49:51.0175 5248 nvstor - ok

17:49:51.0210 5248 nvstor32 (3eba5767211c34923584aab02e7c1a20) C:\Windows\system32\DRIVERS\nvstor32.sys

17:49:51.0217 5248 nvstor32 - ok

17:49:51.0253 5248 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

17:49:51.0262 5248 nv_agp - ok

17:49:51.0282 5248 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

17:49:51.0295 5248 ohci1394 - ok

17:49:51.0385 5248 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

17:49:51.0430 5248 Parport - ok

17:49:51.0501 5248 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

17:49:51.0511 5248 partmgr - ok

17:49:51.0547 5248 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

17:49:51.0596 5248 Parvdm - ok

17:49:51.0677 5248 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

17:49:51.0690 5248 pci - ok

17:49:51.0709 5248 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

17:49:51.0718 5248 pciide - ok

17:49:51.0750 5248 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

17:49:51.0762 5248 pcmcia - ok

17:49:51.0792 5248 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

17:49:51.0803 5248 pcw - ok

17:49:51.0840 5248 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

17:49:51.0915 5248 PEAUTH - ok

17:49:52.0049 5248 pgfilter - ok

17:49:52.0259 5248 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

17:49:52.0322 5248 PptpMiniport - ok

17:49:52.0364 5248 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

17:49:52.0408 5248 Processor - ok

17:49:52.0481 5248 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

17:49:52.0550 5248 Psched - ok

17:49:52.0617 5248 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

17:49:52.0678 5248 ql2300 - ok

17:49:52.0701 5248 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

17:49:52.0712 5248 ql40xx - ok

17:49:52.0733 5248 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

17:49:52.0745 5248 QWAVEdrv - ok

17:49:52.0765 5248 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

17:49:52.0789 5248 RasAcd - ok

17:49:52.0829 5248 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:49:52.0881 5248 RasAgileVpn - ok

17:49:52.0926 5248 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:49:52.0990 5248 Rasl2tp - ok

17:49:53.0045 5248 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

17:49:53.0103 5248 RasPppoe - ok

17:49:53.0162 5248 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

17:49:53.0217 5248 RasSstp - ok

17:49:53.0266 5248 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

17:49:53.0334 5248 rdbss - ok

17:49:53.0411 5248 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

17:49:53.0427 5248 rdpbus - ok

17:49:53.0445 5248 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:49:53.0493 5248 RDPCDD - ok

17:49:53.0527 5248 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

17:49:53.0549 5248 RDPENCDD - ok

17:49:53.0565 5248 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

17:49:53.0592 5248 RDPREFMP - ok

17:49:53.0626 5248 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

17:49:53.0653 5248 RDPWD - ok

17:49:53.0692 5248 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

17:49:53.0704 5248 rdyboost - ok

17:49:53.0750 5248 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

17:49:53.0816 5248 rspndr - ok

17:49:53.0876 5248 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys

17:49:53.0922 5248 RTL8167 - ok

17:49:53.0980 5248 rttm (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\xpwlfm.sys

17:49:53.0991 5248 rttm ( UnsignedFile.Multi.Generic ) - warning

17:49:53.0991 5248 rttm - detected UnsignedFile.Multi.Generic (1)

17:49:54.0035 5248 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

17:49:54.0050 5248 sbp2port - ok

17:49:54.0082 5248 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

17:49:54.0137 5248 scfilter - ok

17:49:54.0197 5248 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

17:49:54.0254 5248 secdrv - ok

17:49:54.0307 5248 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

17:49:54.0318 5248 Serenum - ok

17:49:54.0343 5248 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

17:49:54.0386 5248 Serial - ok

17:49:54.0435 5248 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

17:49:54.0485 5248 sermouse - ok

17:49:54.0538 5248 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

17:49:54.0579 5248 sffdisk - ok

17:49:54.0623 5248 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

17:49:54.0673 5248 sffp_mmc - ok

17:49:54.0716 5248 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

17:49:54.0729 5248 sffp_sd - ok

17:49:54.0745 5248 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

17:49:54.0787 5248 sfloppy - ok

17:49:54.0824 5248 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

17:49:54.0833 5248 sisagp - ok

17:49:54.0864 5248 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:49:54.0874 5248 SiSRaid2 - ok

17:49:54.0910 5248 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

17:49:54.0920 5248 SiSRaid4 - ok

17:49:54.0957 5248 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

17:49:55.0011 5248 Smb - ok

17:49:55.0088 5248 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys

17:49:55.0098 5248 speedfan - ok

17:49:55.0118 5248 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

17:49:55.0127 5248 spldr - ok

17:49:55.0185 5248 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

17:49:55.0185 5248 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

17:49:55.0188 5248 sptd ( LockedFile.Multi.Generic ) - warning

17:49:55.0188 5248 sptd - detected LockedFile.Multi.Generic (1)

17:49:55.0256 5248 SRS_HDAL_Service (55426fed504356125080d1085024564c) C:\Windows\system32\drivers\SRS_HDAL_i386.sys

17:49:55.0269 5248 SRS_HDAL_Service - ok

17:49:55.0287 5248 SRS_SSCFilter (25ecea986742275ecb23a1cb6bc87a61) C:\Windows\system32\drivers\srs_sscfilter_i386.sys

17:49:55.0298 5248 SRS_SSCFilter - ok

17:49:55.0345 5248 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

17:49:55.0372 5248 srv - ok

17:49:55.0399 5248 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

17:49:55.0446 5248 srv2 - ok

17:49:55.0500 5248 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

17:49:55.0550 5248 srvnet - ok

17:49:55.0652 5248 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

17:49:55.0665 5248 stexstor - ok

17:49:55.0686 5248 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

17:49:55.0699 5248 swenum - ok

17:49:55.0748 5248 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\Windows\system32\DRIVERS\tap0901t.sys

17:49:55.0816 5248 tap0901t - ok

17:49:55.0871 5248 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys

17:49:55.0917 5248 Tcpip - ok

17:49:55.0968 5248 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys

17:49:55.0993 5248 TCPIP6 - ok

17:49:56.0016 5248 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

17:49:56.0080 5248 tcpipreg - ok

17:49:56.0127 5248 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

17:49:56.0151 5248 TDPIPE - ok

17:49:56.0170 5248 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

17:49:56.0193 5248 TDTCP - ok

17:49:56.0214 5248 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

17:49:56.0240 5248 tdx - ok

17:49:56.0265 5248 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

17:49:56.0275 5248 TermDD - ok

17:49:56.0312 5248 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:49:56.0335 5248 tssecsrv - ok

17:49:56.0374 5248 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

17:49:56.0398 5248 tunnel - ok

17:49:56.0469 5248 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

17:49:56.0480 5248 uagp35 - ok

17:49:56.0507 5248 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

17:49:56.0561 5248 udfs - ok

17:49:56.0626 5248 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

17:49:56.0640 5248 uliagpkx - ok

17:49:56.0675 5248 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

17:49:56.0691 5248 umbus - ok

17:49:56.0711 5248 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

17:49:56.0728 5248 UmPass - ok

17:49:56.0755 5248 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

17:49:56.0797 5248 usbccgp - ok

17:49:56.0839 5248 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

17:49:56.0930 5248 usbcir - ok

17:49:56.0975 5248 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

17:49:56.0987 5248 usbehci - ok

17:49:57.0018 5248 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

17:49:57.0033 5248 usbhub - ok

17:49:57.0055 5248 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

17:49:57.0097 5248 usbohci - ok

17:49:57.0143 5248 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

17:49:57.0163 5248 usbprint - ok

17:49:57.0182 5248 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:49:57.0193 5248 USBSTOR - ok

17:49:57.0219 5248 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

17:49:57.0264 5248 usbuhci - ok

17:49:57.0341 5248 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys

17:49:57.0370 5248 usbvideo - ok

17:49:57.0424 5248 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

17:49:57.0433 5248 vdrvroot - ok

17:49:57.0456 5248 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

17:49:57.0509 5248 vga - ok

17:49:57.0554 5248 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

17:49:57.0613 5248 VgaSave - ok

17:49:57.0655 5248 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

17:49:57.0672 5248 vhdmp - ok

17:49:57.0699 5248 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

17:49:57.0713 5248 viaagp - ok

17:49:57.0731 5248 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

17:49:57.0780 5248 ViaC7 - ok

17:49:57.0821 5248 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

17:49:57.0834 5248 viaide - ok

17:49:57.0861 5248 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

17:49:57.0875 5248 volmgr - ok

17:49:57.0897 5248 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

17:49:57.0911 5248 volmgrx - ok

17:49:57.0936 5248 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

17:49:57.0950 5248 volsnap - ok

17:49:57.0985 5248 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

17:49:57.0998 5248 vsmraid - ok

17:49:58.0027 5248 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

17:49:58.0074 5248 vwifibus - ok

17:49:58.0128 5248 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

17:49:58.0149 5248 vwififlt - ok

17:49:58.0185 5248 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

17:49:58.0227 5248 WacomPen - ok

17:49:58.0285 5248 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

17:49:58.0346 5248 WANARP - ok

17:49:58.0350 5248 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

17:49:58.0374 5248 Wanarpv6 - ok

17:49:58.0462 5248 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

17:49:58.0470 5248 Wd - ok

17:49:58.0495 5248 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

17:49:58.0512 5248 Wdf01000 - ok

17:49:58.0555 5248 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

17:49:58.0578 5248 WfpLwf - ok

17:49:58.0598 5248 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

17:49:58.0607 5248 WIMMount - ok

17:49:58.0652 5248 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:49:58.0692 5248 WmiAcpi - ok

17:49:58.0767 5248 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

17:49:58.0791 5248 ws2ifsl - ok

17:49:58.0813 5248 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

17:49:58.0838 5248 WudfPf - ok

17:49:58.0876 5248 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:49:58.0948 5248 WUDFRd - ok

17:49:59.0011 5248 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys

17:49:59.0020 5248 xusb21 - ok

17:49:59.0073 5248 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:49:59.0120 5248 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:49:59.0120 5248 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:49:59.0124 5248 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

17:49:59.0244 5248 \Device\Harddisk1\DR1 - ok

17:49:59.0249 5248 Boot (0x1200) (cea5c7735a25668332efb8ce313b97d3) \Device\Harddisk0\DR0\Partition0

17:49:59.0250 5248 \Device\Harddisk0\DR0\Partition0 - ok

17:49:59.0284 5248 Boot (0x1200) (e5bb2f24b5cd439ee7544ce13a8fd8c2) \Device\Harddisk0\DR0\Partition1

17:49:59.0286 5248 \Device\Harddisk0\DR0\Partition1 - ok

17:49:59.0291 5248 Boot (0x1200) (55a3df6cccaf536a76bf0e9b2d3587e5) \Device\Harddisk1\DR1\Partition0

17:49:59.0292 5248 \Device\Harddisk1\DR1\Partition0 - ok

17:49:59.0292 5248 ============================================================

17:49:59.0292 5248 Scan finished

17:49:59.0292 5248 ============================================================

17:49:59.0312 5744 Detected object count: 5

17:49:59.0312 5744 Actual detected object count: 5

17:50:26.0635 5744 athr ( UnsignedFile.Multi.Generic ) - skipped by user

17:50:26.0635 5744 athr ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:50:26.0635 5744 giveio ( UnsignedFile.Multi.Generic ) - skipped by user

17:50:26.0636 5744 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:50:26.0637 5744 rttm ( UnsignedFile.Multi.Generic ) - skipped by user

17:50:26.0637 5744 rttm ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:50:26.0639 5744 sptd ( LockedFile.Multi.Generic ) - skipped by user

17:50:26.0639 5744 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

17:50:26.0641 5744 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:50:26.0641 5744 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

17:50:29.0521 4816 Deinitialize success

scan1.txt

scan2.txt

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

So, I'm not sure how long the scan took in total, because I wasn't watching the whole time. I know that it prompted me to accept it rebooting once, and it rebooted at least one more time while I wasn't there.

While Combofix was on the screen saying it was preparing a log and not to run any programs, I got an error message, saying that "Handle viewer has stopped working"

These are its details:

Problem Event Name: APPCRASH

Application Name: handle.3XE

Application Version: 3.42.0.0

Application Timestamp: 492312a9

Fault Module Name: ntdll.dll

Fault Module Version: 6.1.7600.16695

Fault Module Timestamp: 4cc7ab44

Exception Code: c0000005

Exception Offset: 0007209b

OS Version: 6.1.7600.2.0.0.768.3

Locale ID: 1033

Additional Information 1: 0a9e

Additional Information 2: 0a9e372d3b4ad19135b953a78882e789

Additional Information 3: 0a9e

Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

Apart from that, the computer is running fine as far as I can tell.

Combofix log here:

ComboFix 11-12-06.01 - sam 12/06/2011 20:28:23.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3583.2793 [GMT -6:00]

Running from: c:\users\sam\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\sam\AppData\Local\TempDIR

c:\users\sam\AppData\Local\TempDIR\BetterInstaller.exe

c:\users\sam\AppData\Roaming\527E.7C1

c:\users\sam\AppData\Roaming\Microsoft\Windows\Templates\180242d6q657s421h282q6uyq8h3

c:\windows\$NtUninstallKB60245$

c:\windows\$NtUninstallKB60245$\1898093175\@

c:\windows\$NtUninstallKB60245$\1898093175\bckfg.tmp

c:\windows\$NtUninstallKB60245$\1898093175\cfg.ini

c:\windows\$NtUninstallKB60245$\1898093175\Desktop.ini

c:\windows\$NtUninstallKB60245$\1898093175\keywords

c:\windows\$NtUninstallKB60245$\1898093175\kwrd.dll

c:\windows\$NtUninstallKB60245$\1898093175\L\xadqgnnk

c:\windows\$NtUninstallKB60245$\1898093175\lsflt7.ver

c:\windows\$NtUninstallKB60245$\1898093175\U\00000001.@

c:\windows\$NtUninstallKB60245$\1898093175\U\00000002.@

c:\windows\$NtUninstallKB60245$\1898093175\U\00000004.@

c:\windows\$NtUninstallKB60245$\1898093175\U\80000000.@

c:\windows\$NtUninstallKB60245$\1898093175\U\80000004.@

c:\windows\$NtUninstallKB60245$\1898093175\U\80000032.@

c:\windows\$NtUninstallKB60245$\3493277320

c:\windows\XSxS

F:\autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))

.

.

2011-12-07 02:38 . 2011-12-07 02:39 -------- d-----w- c:\users\sam\AppData\Local\temp

2011-12-05 23:20 . 2011-12-05 23:20 -------- d-----w- c:\users\sam\.swt

2011-11-30 21:13 . 2011-11-30 21:13 -------- d-----w- c:\users\sam\AppData\Local\PassMark

2011-11-30 21:13 . 2008-07-12 14:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2011-11-30 21:13 . 2008-07-12 14:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2011-11-30 21:13 . 2008-07-12 14:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2011-11-30 21:13 . 2011-11-30 21:13 -------- d-----w- c:\programdata\PassMark

2011-11-29 23:13 . 2011-11-29 23:13 -------- d-sh--w- c:\programdata\DSS

2011-11-17 00:27 . 2011-11-17 00:27 -------- d-----w- c:\programdata\Electronic Arts

2011-11-16 19:10 . 2011-11-16 19:10 -------- d-----w- c:\program files\Microsoft WSE

2011-11-16 18:50 . 2011-11-16 18:50 -------- d-----w- c:\users\sam\AppData\Roaming\ImgBurn

2011-11-16 18:50 . 2011-11-16 18:50 -------- d-----w- c:\program files\ImgBurn

2011-11-16 01:45 . 2011-11-16 01:46 -------- d-----w- c:\users\sam\AppData\Roaming\SPORE

2011-11-15 12:33 . 2011-11-05 06:53 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-11-15 12:33 . 2011-11-05 06:53 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-11-15 12:33 . 2011-11-05 06:53 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-11-15 12:33 . 2011-11-05 06:53 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-11-15 12:33 . 2011-11-05 06:53 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-11-15 12:33 . 2011-11-05 06:53 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-11-15 12:33 . 2011-11-05 06:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-11-15 12:33 . 2011-11-05 06:53 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-11-15 12:33 . 2011-11-05 03:21 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-11-15 12:33 . 2011-11-05 03:21 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-11-10 20:19 . 2009-09-04 23:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2011-11-10 20:19 . 2009-09-04 23:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll

2011-11-10 20:19 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2011-11-10 20:19 . 2009-09-04 23:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll

2011-11-10 20:19 . 2009-09-04 23:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2011-11-10 20:19 . 2008-10-27 16:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll

2011-11-10 20:19 . 2008-10-27 16:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll

2011-11-10 20:19 . 2008-10-27 16:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll

2011-11-10 20:19 . 2008-10-27 16:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll

2011-11-10 20:19 . 2008-07-31 16:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll

2011-11-10 20:19 . 2008-07-31 16:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll

2011-11-10 20:19 . 2008-07-31 16:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-02 01:29 . 2009-07-13 23:12 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-09-13 00:32 . 2011-09-13 00:32 249856 ------w- c:\windows\Setup1.exe

2011-09-13 00:32 . 2011-09-13 00:32 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-11-05 06:53 . 2011-11-15 12:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SRSHDAudioLab"="c:\program files\SRS Labs\SRS HD Audio Lab\HDAL.exe" [2010-09-13 551704]

"AIM"="c:\program files\AIM95\aim.exe" [2002-11-14 61440]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]

.

c:\users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

iRotate.lnk - c:\program files\iRotate\iRotate.exe [2008-6-1 58104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Taskman"=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^Users^sam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]

path=c:\users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

backup=c:\windows\pss\CurseClientStartup.ccip.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^sam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe]

path=c:\users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe

backup=c:\windows\pss\PowerReg Scheduler.exe.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

2002-11-14 00:50 61440 ----a-w- c:\program files\AIM95\aim.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]

2009-08-20 01:31 170624 ----a-w- c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]

2009-10-27 01:29 6998656 ----a-w- c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DS3 Tool]

2011-03-25 08:32 110352 ----a-w- c:\program files\MotioninJoy\ds3\DS3_Tool.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]

2009-06-19 15:29 105016 ----a-w- c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-27 06:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2011-08-15 21:18 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRSHDAudioLab]

2010-09-13 21:26 551704 ----a-w- c:\program files\SRS Labs\SRS HD Audio Lab\HDAL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-08-02 22:35 1242448 ----a-w- f:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 136176]

R3 IF;IF;c:\users\sam\AppData\Local\Temp\IF.exe [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-03-25 81168]

R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2010-07-02 384752]

R3 USXDEBEYB;USXDEBEYB;c:\users\sam\AppData\Local\Temp\USXDEBEYB.exe [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-11 1343400]

R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-01-12 4266480]

R4 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [2010-09-13 12592]

R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-06 691696]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]

S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2011-10-14 745832]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 17:02]

.

2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 17:02]

.

.

------- Supplementary Scan -------

.

IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\users\sam\AppData\Roaming\Mozilla\Firefox\Profiles\vsc1750n.default\

FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Main_Page

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-MCEJOY - (no file)

SafeBoot-33998547.sys

MSConfigStartUp-EVEMon - c:\program files\EVEMon\EVEMon.exe

MSConfigStartUp-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe

MSConfigStartUp-Utopia Angel - c:\utopia\Angel\Angel.exe

AddRemove-AutoHotkey - c:\users\sam\Desktop\AHK\uninst.exe

AddRemove-Heroes In the Sky - f:\program files\GamesCampus\Heroes In the Sky\uninstall.exe

AddRemove-RSX2Uninst - c:\windows\system32\rsxunins.exe

AddRemove-Shot Online - f:\program files\GamesCampus\Shot Online\uninst.exe

AddRemove-ShotOnline International - f:\program files\GamesCampus\Shot Online\uninst.exe

AddRemove-Sins of a Solar Empire Trinity_is1 - f:\program files\Stardock\Sins of a Solar Empire\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4223134549-355760590-812211364-1000\Software\SecuROM\License information*]

"datasecu"=hex:50,f5,9c,22,55,f8,63,47,9c,98,86,cd,6c,45,dd,92,95,07,b5,9a,f4,

07,1b,ee,30,5a,de,b8,12,c8,9b,8c,09,88,3e,77,10,fa,cd,8c,6d,d6,2a,46,5c,db,\

"rkeysecu"=hex:b3,ed,83,e2,8f,9f,d9,d9,00,8a,9a,50,ac,8e,b4,cc

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\0c\01\05\17\14\10?"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4012)

c:\program files\Microsoft Office\OFFICE11\msohev.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2011-12-06 20:43:04 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-07 02:43

.

Pre-Run: 133,616,521,216 bytes free

Post-Run: 142,899,236,864 bytes free

.

- - End Of File - - CC075D476745F3C34185C561CBF8C547

Link to post
Share on other sites

Ran the scan, it didn't find anything. The previous problems with the computer don't seem to be reoccurring, but that leaves any problem I'm not recognizing.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8330

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/7/2011 5:46:37 PM

mbam-log-2011-12-07 (17-46-37).txt

Scan type: Full scan (C:\|F:\|)

Objects scanned: 833472

Time elapsed: 2 hour(s), 23 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.