Jump to content

Redirects and AV Security 2012


zeus369

Recommended Posts

Hello all, I seem to be having some issues with redirects and AV Security 2012. I will post Malwarebytes logs the first one shows removal of malware ..I ran it a second time and it came up clean. Attached are the DDS and Attach file..if you just need me to

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8338

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 9.0.8112.16421

12/9/2011 5:49:53 PM

mbam-log-2011-12-09 (17-49-53).txt

Scan type: Quick scan

Objects scanned: 302910

Time elapsed: 9 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Administrator\AppData\Local\xeg.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Administrator\AppData\Local\xeg.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Administrator\AppData\Local\xeg.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ATTACH FILE

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 12/12/2008 4:24:10 AM

System Uptime: 12/9/2011 6:02:30 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M3N72-D

Processor: AMD Phenom 9950 Quad-Core Processor | Socket AM2 | 2600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 223.226 GiB free.

D: is FIXED (NTFS) - 466 GiB total, 334.926 GiB free.

E: is CDROM (UDF)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Gigabyte GN-WP01GS PCI WLAN Card(Turbo)

Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_E9341458&REV_00\4&2DC043EA&0&4840

Manufacturer: Gigabyte Technology Corp.

Name: Gigabyte GN-WP01GS PCI WLAN Card(Turbo)

PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_E9341458&REV_00\4&2DC043EA&0&4840

Service: rt61x64

.

==== System Restore Points ===================

.

RP2688: 12/8/2011 9:39:58 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

a-squared Free 3.5

ABBYY FineReader 6.0 Sprint

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.6

Adobe Shockwave Player 11

Age of Mythology

AGEIA PhysX v7.09.13

Amazon MP3 Downloader 1.0.3

Apple Application Support

Apple Software Update

Asheron's Call

Belarc Advisor 8.1

BlackBerry Desktop Software 4.2

calibre

CMUD 3.32

Counsel Quick Volume 1

Curse Client

Decal 3.0 (Alpha 8: 2.9.6.0)

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dropbox

Facebook Plug-In

ffdshow [rev 3154] [2009-12-09]

Foxit PDF Editor

Foxit Reader

FreeRIP v3.5

GigaTribe 3.01.006

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Memories Disc

HP Photosmart Plus B210 series Help

HP Update

HPDiagnosticAlert

HTC Driver Installer

HTC Sync

IBM Lotus Forms Viewer 3.5.1

ImgBurn

Impulse

IrfanView (remove only)

Java Auto Updater

Java 6 Update 26

JDownloader

K-Lite Mega Codec Pack 4.8.5

KeePass Password Safe 2.09

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 2010

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

MiniTool Drive Copy 5.0

Mozilla Firefox 8.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML4 Parser

NVIDIA ForceWare Network Access Manager

Pando Media Booster

QuickTime

Real Alternative 1.9.0

Realtek High Definition Audio Driver

RIFT

Sansa Updater

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2584066)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Microsoft PowerPoint 2010 (KB2519975)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Word 2010 (KB2345000)

Sins of a Solar Empire

SugarSync Manager

TeamViewer 6

The Sims Medieval

TrueCrypt

TuneUp Companion 1.9.0

TVersity Codec Pack 1.2

TVersity Media Server 1.8 Beta

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2523113)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Update for Outlook 2007 Junk Email Filter (KB2596560)

USB PC Camera VC305

VideoLAN VLC media player 0.8.6i

Viewer_armyifx

Vimicro Cam

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Vuze

Windows Media Player Firefox Plugin

WinRAR archiver

World of Warcraft

Xiph.Org Open Codecs 0.85.17777

Yahoo! Messenger

Yahoo! Software Update

ZVC7100 PC CAMERA (VC0305)

Zygor Guides

.

==== Event Viewer Messages From Past Week ========

.

12/9/2011 6:05:09 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/9/2011 6:03:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS spldr truecrypt Wanarpv6

12/9/2011 6:03:59 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/9/2011 6:03:59 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

12/9/2011 6:03:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/9/2011 6:03:59 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

12/9/2011 6:03:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/9/2011 6:03:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/9/2011 6:03:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/9/2011 6:03:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

12/9/2011 6:03:09 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

12/9/2011 6:03:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

12/9/2011 6:03:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/9/2011 5:53:35 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.

12/9/2011 5:53:35 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/9/2011 5:53:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS

12/9/2011 5:53:33 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the lxdiCATSCustConnectService service to connect.

12/9/2011 5:53:33 PM, Error: Service Control Manager [7000] - The lxdiCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/9/2011 4:04:20 PM, Error: Ntfs [137] - The default transaction resource manager on volume Y: encountered a non-retryable error and could not start. The data contains the error code.

12/8/2011 7:41:30 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

12/8/2011 6:27:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/8/2011 6:27:42 PM, Error: EventLog [6008] - The previous system shutdown at 6:25:48 PM on 12/8/2011 was unexpected.

12/8/2011 6:18:22 PM, Error: Service Control Manager [7023] - The Network Store Interface Service service terminated with the following error: The authentication service is unknown.

12/8/2011 6:16:34 PM, Error: Service Control Manager [7031] - The TeamViewer 6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/8/2011 5:54:46 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat'.

12/8/2011 2:36:53 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.

12/7/2011 9:34:56 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

12/7/2011 8:01:53 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Windows Installer service to connect.

12/7/2011 8:01:53 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/7/2011 8:01:53 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The pipe state is invalid.

12/7/2011 8:01:53 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The pipe has been ended.

12/7/2011 8:01:53 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The paging file is too small for this operation to complete.

12/7/2011 8:01:53 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: Not enough storage is available to process this command.

12/7/2011 8:01:53 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: Insufficient system resources exist to complete the requested service.

12/7/2011 7:59:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/7/2011 7:59:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "230" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/7/2011 7:57:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1450" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/7/2011 7:57:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/7/2011 5:46:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "8" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/7/2011 4:51:56 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

12/7/2011 4:48:56 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error: "1450" Happened while starting this command: C:\Windows\system32\wbem\wmiprvse.exe -Embedding

12/7/2011 4:42:37 PM, Error: SbieDrv [1412] - SBIE1412 In text: [DefaultBox] \??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%

12/7/2011 4:29:50 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.

12/7/2011 4:25:50 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "1455" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

12/7/2011 4:24:56 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "8" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

12/7/2011 4:23:57 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Secure Socket Tunneling Protocol Service service, but this action failed with the following error: An instance of the service is already running.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7024] - The KtmRm for Distributed Transaction Coordinator service terminated with service-specific error 2147942414 (0x8007000E).

12/7/2011 4:21:26 PM, Error: Service Control Manager [7023] - The WebClient service terminated with the following error: The paging file is too small for this operation to complete.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7023] - The TPM Base Services service terminated with the following error: The paging file is too small for this operation to complete.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7023] - The Telephony service terminated with the following error: The paging file is too small for this operation to complete.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7023] - The Smart Card service terminated with the following error: The paging file is too small for this operation to complete.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: A dynamic link library (DLL) initialization routine failed.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The authentication service is unknown.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The dependency service or group failed to start.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the SSDP Discovery service which failed to start because of the following error: A thread could not be created for the service.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The operation completed successfully.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The paging file is too small for this operation to complete.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: A thread could not be created for the service.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: A thread could not be created for the service.

12/7/2011 4:21:26 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: A thread could not be created for the service.

12/7/2011 4:19:43 PM, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x800706D3

12/7/2011 4:19:05 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

12/7/2011 4:19:05 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

12/7/2011 4:19:00 PM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: A thread could not be created for the service.

12/7/2011 4:19:00 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: A thread could not be created for the service.

12/7/2011 4:19:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1054" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/7/2011 4:18:56 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: Not enough storage is available to process this command.

12/7/2011 4:18:56 PM, Error: Service Control Manager [7000] - The Remote Access Connection Manager service failed to start due to the following error: A thread could not be created for the service.

12/7/2011 4:18:55 PM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: The operation completed successfully.

12/7/2011 4:18:54 PM, Error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: Not enough storage is available to process this command.

12/7/2011 4:18:53 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error: "8" Happened while starting this command: C:\Windows\system32\wbem\wmiprvse.exe -Embedding

12/7/2011 4:18:50 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: Not enough storage is available to process this command.

12/7/2011 4:18:50 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: Not enough storage is available to process this command.

12/7/2011 4:18:49 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Network List Service service to connect.

12/7/2011 4:18:49 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the COM+ Event System service to connect.

12/7/2011 4:18:49 PM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: Not enough storage is available to process this command.

12/7/2011 4:18:49 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/7/2011 4:18:49 PM, Error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/7/2011 4:18:42 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\SystemRoot\System32\Config\DEFAULT'.

12/7/2011 4:18:33 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error: "1455" Happened while starting this command: C:\Windows\system32\wbem\wmiprvse.exe -Embedding

12/7/2011 4:18:31 PM, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).

12/7/2011 4:18:31 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7031] - The Windows Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7031] - The WebClient service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7031] - The Smart Card service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7031] - The Secure Socket Tunneling Protocol Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7024] - The Remote Access Connection Manager service terminated with service-specific error 1455 (0x5AF).

12/7/2011 4:18:31 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: Not enough storage is available to process this command.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: Not enough storage is available to process this command.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The paging file is too small for this operation to complete.

12/7/2011 4:18:31 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: Not enough storage is available to process this command.

12/7/2011 4:18:19 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The paging file is too small for this operation to complete.

12/7/2011 4:18:19 PM, Error: Service Control Manager [7023] - The Background Intelligent Transfer Service service terminated with the following error: The paging file is too small for this operation to complete.

12/7/2011 4:18:19 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: Not enough storage is available to process this command.

12/7/2011 4:18:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1455" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/7/2011 4:16:54 PM, Error: Service Control Manager [7022] - The Windows Media Center Extender Service service hung on starting.

12/7/2011 4:15:09 PM, Error: EventLog [6008] - The previous system shutdown at 4:12:27 PM on 12/7/2011 was unexpected.

12/7/2011 4:11:50 PM, Error: EventLog [6008] - The previous system shutdown at 8:10:10 PM on 11/16/2011 was unexpected.

12/7/2011 10:16:17 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\SystemRoot\System32\Config\SOFTWARE'.

.

==== End Of File ===========================

I will post the DDS on the next post it was too large

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Administrator at 18:44:22 on 2011-12-09

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.980 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File

TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [sansaDispatch] C:\Users\Administrator\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

uRun: [sugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true

uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [FaxCenterServer] "C:\Program Files (x86)\\Lexmark Fax Solutions\fm3032.exe" /s

mRun: [bigDog305] C:\Windows\VM305_STI.EXE USB PC Camera VC305

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [jusched] C:\Windows\TEMP\kjghsad.exe

mRunOnce: [GrpConv] grpconv -o

dRun: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe

dRun: [jusched] C:\Windows\TEMP\kjghsad.exe

StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GIGATR~1.LNK - C:\Program Files (x86)\GigaTribe\gigatribe.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-system: DisableTaskMgr = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: %SYSTEMROOT%\system32\nvLsp.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: Interfaces\{2684F062-F0EB-4EF0-AA66-8D07FFC7383F} : NameServer = 192.168.1.1

TCP: Interfaces\{AFA0FA54-232B-4BA5-AB7B-E653A21760BB} : DhcpNameServer = 192.168.1.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB-X64: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File

TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [FaxCenterServer] "C:\Program Files (x86)\\Lexmark Fax Solutions\fm3032.exe" /s

mRun-x64: [bigDog305] C:\Windows\VM305_STI.EXE USB PC Camera VC305

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [jusched] C:\Windows\TEMP\kjghsad.exe

mRunOnce-x64: [GrpConv] grpconv -o

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

Hosts: 94.63.240.163 www.google.com

Hosts: 94.63.240.164 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wv95sddo.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cfed833&v=6.010.023.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 4

FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wv95sddo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wv95sddo.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wv95sddo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wv95sddo.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

pref(dom.disable_open_during_load, false); FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

S2 a2free;a-squared Free Service;C:\Program Files (x86)\a-squared Free\a2service.exe [2008-12-16 419448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe -service --> C:\Windows\system32\lxdicoms.exe -service [?]

S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdiserv.exe [2007-6-11 33712]

S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-6 2337144]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]

S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]

S3 rt61x64;Gigabyte RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]

S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-1-12 147048]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vvftav;vvftav;C:\Windows\system32\drivers\vvftav.sys --> C:\Windows\system32\drivers\vvftav.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 ZSMC0305;USB PC Camera VC305;C:\Windows\System32\drivers\usbVM305.sys [2009-6-18 392444]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2071-07-25 16:13:30 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2011-12-09 23:37:00 286720 ----a-w- C:\Users\Administrator\AppData\Local\xeg.exe

2011-12-09 02:47:53 -------- d-sh--w- C:\found.000

2011-11-11 19:25:35 -------- d-----w- C:\Users\Administrator\AppData\Roaming\y8evQXNpLzF7ecQ

2011-11-11 19:06:34 -------- d-----w- C:\Users\Administrator\AppData\Roaming\WnZ1hbTufNHw6ln

2011-11-11 19:03:18 -------- d-----w- C:\Users\Administrator\AppData\Roaming\u1L3g4huXuqbRbL

2011-11-11 19:03:12 -------- d-----w- C:\Users\Administrator\AppData\Roaming\yRPsU4h18zQ

2011-11-11 19:03:11 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Qzu4GsJdKfhUrAv

2011-11-11 19:03:09 -------- d-----w- C:\Users\Administrator\AppData\Roaming\T46fLgqYk

2011-11-11 19:03:00 -------- d-----w- C:\Users\Administrator\AppData\Roaming\FRzW07ifiwHP

2011-11-11 19:01:54 -------- d-----w- C:\Users\Administrator\AppData\Roaming\OB2ErbWA59

2011-11-11 19:01:51 -------- d-----w- C:\Users\Administrator\AppData\Roaming\xIoXSHepEr6qxE

2011-11-11 19:01:39 -------- d-----w- C:\Users\Administrator\AppData\Roaming\peGq090s0HUFR1E

2011-11-11 19:01:32 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ZETkNc3HECOSnHE

2011-11-11 19:01:20 -------- d-----w- C:\Users\Administrator\AppData\Roaming\G2nQW7R9TqYIt

2011-11-11 19:01:19 -------- d-----w- C:\Users\Administrator\AppData\Roaming\OBxuSo3m56

2011-11-11 19:01:17 -------- d-----w- C:\Users\Administrator\AppData\Roaming\UaHWETYkltu3HJ

2011-11-11 19:01:05 -------- d-----w- C:\Users\Administrator\AppData\Roaming\bT0WtmUF9v8

2011-11-11 19:00:53 -------- d-----w- C:\Users\Administrator\AppData\Roaming\XcgzsI3jifuWr6w

2011-11-11 19:00:45 -------- d-----w- C:\Users\Administrator\AppData\Roaming\prisz48y6

2011-11-11 19:00:35 -------- d-----w- C:\Users\Administrator\AppData\Roaming\XOnENHZtHwc5I

2011-11-11 18:59:51 -------- d-----w- C:\Users\Administrator\AppData\Roaming\z89etyuDo4

2011-11-11 18:59:48 -------- d-----w- C:\Users\Administrator\AppData\Roaming\PXjCkVOuDGsKf9

2011-11-11 18:59:27 -------- d-----w- C:\Users\Administrator\AppData\Roaming\os7ghUlBzyAuo5K

2011-11-11 18:59:24 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ISpa6W7R9TCV

2011-11-11 18:59:17 -------- d-----w- C:\Users\Administrator\AppData\Roaming\C26V3fragOsXNQC

2011-11-11 18:59:12 -------- d-----w- C:\Users\Administrator\AppData\Roaming\YzcvpJKZYwUeIty

2011-11-11 18:59:11 -------- d-----w- C:\Users\Administrator\AppData\Roaming\sSDoGaHsJfTCOc

2011-11-11 18:59:09 -------- d-----w- C:\Users\Administrator\AppData\Roaming\aTUIzNx0vi

2011-11-11 18:59:08 -------- d-----w- C:\Users\Administrator\AppData\Roaming\tm7RwlPvsfXlzAS

2011-11-11 18:59:06 -------- d-----w- C:\Users\Administrator\AppData\Roaming\o8lohzFjAGCSHwD

2011-11-11 18:58:52 -------- d-----w- C:\Users\Administrator\AppData\Roaming\gcAA11ivD2o

2011-11-11 18:58:51 -------- d-----w- C:\Users\Administrator\AppData\Roaming\KDdNsXoKydC5XA9

2011-11-11 18:58:49 -------- d-----w- C:\Users\Administrator\AppData\Roaming\c689jBx2padf

2011-11-11 18:58:38 -------- d-----w- C:\Users\Administrator\AppData\Roaming\FLiKIDfcsXp9

2011-11-11 18:58:22 -------- d-----w- C:\Users\Administrator\AppData\Roaming\y0EB5IFXigc7NWU

2011-11-11 18:58:04 -------- d-----w- C:\Users\Administrator\AppData\Roaming\wzcuDo4m5Q

2011-11-11 18:58:04 -------- d-----w- C:\Users\Administrator\AppData\Roaming\vKKK8ggRZ9hYwjV

2011-11-11 18:58:02 -------- d-----w- C:\Users\Administrator\AppData\Roaming\UfI2djxGLzbfkSH

2011-11-11 18:57:57 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Wz48B2dCuQXyn9z

2011-11-11 18:57:53 -------- d-----w- C:\Users\Administrator\AppData\Roaming\eRPpTxQjSsw

2011-11-11 18:57:40 -------- d-----w- C:\Users\Administrator\AppData\Roaming\aRYUlBzyAuomdfZ

2011-11-11 18:57:39 -------- d-----w- C:\Users\Administrator\AppData\Roaming\adEEKK8gRZ9hYwU

2011-11-11 18:57:36 -------- d-----w- C:\Users\Administrator\AppData\Roaming\TTUeIrPy1opQdKf

2011-11-11 18:57:36 -------- d-----w- C:\Users\Administrator\AppData\Roaming\bE9weIrPy1o

2011-11-11 18:57:18 -------- d-----w- C:\Users\Administrator\AppData\Roaming\UXVN02b3n4Q

2011-11-11 18:57:07 -------- d-----w- C:\Users\Administrator\AppData\Roaming\CEZTUIPb6hC

2011-11-11 18:57:04 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ZVNPcbmfqVxcv3a

2011-11-11 18:57:03 -------- d-----w- C:\Users\Administrator\AppData\Roaming\UQ6WRjkzNAS3aK

2011-11-11 18:57:02 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ALrodkiJjcmhPmR

2011-11-11 18:57:00 -------- d-----w- C:\Users\Administrator\AppData\Roaming\qY0mZtagt

2011-11-11 18:56:50 -------- d-----w- C:\Users\Administrator\AppData\Roaming\l8kvWY0HZ048xnL

2011-11-11 18:56:31 -------- d-----w- C:\Users\Administrator\AppData\Roaming\LUH0huJPa0qc9ay

2011-11-11 18:56:24 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Bp6gYIO0SiDpGaH

2011-11-11 18:56:23 -------- d-----w- C:\Users\Administrator\AppData\Roaming\kzFfkc6j1gDXnV6

2011-11-11 18:56:22 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ortyo58wlz1

2011-11-11 18:56:21 -------- d-----w- C:\Users\Administrator\AppData\Roaming\VvQjxGgz37kn

2011-11-11 18:56:12 -------- d-----w- C:\Users\Administrator\AppData\Roaming\tLUya8U1m8

2011-11-11 18:56:12 -------- d-----w- C:\Users\Administrator\AppData\Roaming\DC04grS5Rev5Zzo

2011-11-11 18:55:59 -------- d-----w- C:\Users\Administrator\AppData\Roaming\N2KBbZNaqu6

2011-11-11 18:55:48 -------- d-----w- C:\Users\Administrator\AppData\Roaming\H6UvYcKNGq0sXA7

2011-11-11 18:55:42 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Eos8ZhXkVlzcDmW

2011-11-11 18:31:04 -------- d-----w- C:\Users\Administrator\AppData\Roaming\1C320

2011-11-11 15:10:39 -------- d-----w- C:\Windows\SysWow64\FeekkIVVrzNtx0u

2011-11-11 15:10:38 -------- d-----w- C:\q99hTXXwjUCeIBz

2011-11-11 15:10:29 -------- d-----w- C:\Windows\SysWow64\BH66ddWK7fR9g

2011-11-11 15:10:28 -------- d-----w- C:\trzzPNNyxA1vSob

2011-11-11 15:10:20 -------- d-----w- C:\Windows\SysWow64\cOOONttxA0uc2iD

2011-11-11 15:10:19 -------- d-----w- C:\lBBrrzOON

2011-11-11 15:10:12 -------- d-----w- C:\Windows\SysWow64\wF44amH5sJ7dLgZ

2011-11-11 15:10:11 -------- d-----w- C:\bkIIVrlONxP0c1b

2011-11-11 15:10:05 -------- d-----w- C:\Windows\SysWow64\zvvSSiiF3p

2011-11-11 15:10:04 -------- d-----w- C:\oBrrzPNyx1uv2b3

2011-11-11 15:08:55 -------- d-----w- C:\Windows\SysWow64\KssQQJ77dE

2011-11-11 15:07:55 -------- d-----w- C:\Windows\SysWow64\cSSS1iibD3on

2011-11-11 15:06:58 -------- d-----w- C:\Windows\SysWow64\gXXwwkUUVel

2011-11-11 15:05:58 -------- d-----w- C:\Windows\SysWow64\dHH66sWWK7EL

2011-11-11 15:04:57 -------- d-----w- C:\Windows\SysWow64\qhhhTXXwjUCeIBz

2011-11-11 15:03:58 -------- d-----w- C:\Windows\SysWow64\ztzP0ycA1v2n4m5

2011-11-11 15:02:56 -------- d-----w- C:\Windows\SysWow64\TmmmG55sQJ6EK8R

2011-11-11 15:01:59 -------- d-----w- C:\wUUUCCekIBrzNyA

2011-11-11 15:00:57 -------- d-----w- C:\Windows\SysWow64\ZEEEL88gTZqh

2011-11-11 14:59:55 -------- d-----w- C:\Windows\SysWow64\s555sQQJ7dE8gZ

2011-11-11 14:58:58 -------- d-----w- C:\Windows\SysWow64\hQQQJ66dW

2011-11-11 14:57:57 -------- d-----w- C:\Windows\SysWow64\gkIIVVrlONt

2011-11-11 14:56:59 -------- d-----w- C:\ZUUVVrllO

2011-11-11 14:55:58 -------- d-----w- C:\Windows\SysWow64\o88ffRZ9hTXwjCl

2011-11-11 14:54:56 -------- d-----w- C:\Windows\SysWow64\vtttxxA0ucS2bDp

2011-11-11 14:53:59 -------- d-----w- C:\Windows\SysWow64\eG44aamH6sWJfE

2011-11-11 14:52:56 -------- d-----w- C:\xhYYYCwkUVrlOtP

2011-11-11 14:51:59 -------- d-----w- C:\Windows\SysWow64\z111ivvD2onFp

2011-11-11 14:50:56 -------- d-----w- C:\Windows\SysWow64\SVVeelIBBtPNyA1

2011-11-11 14:49:59 -------- d-----w- C:\Windows\SysWow64\pCCCekkIB

2011-11-11 14:48:57 -------- d-----w- C:\Windows\SysWow64\IwwkkIVVrlOtx0u

2011-11-11 14:47:59 -------- d-----w- C:\FHH66sWJ7fEL8Tq

2011-11-11 14:46:59 -------- d-----w- C:\mONNyyxA0uvSib3

2011-11-11 14:45:57 -------- d-----w- C:\Windows\SysWow64\ebbbD33onG4aH6

2011-11-11 14:44:59 -------- d-----w- C:\Windows\SysWow64\rVVrrlOOBtx0yS1

2011-11-11 14:43:53 -------- d-----w- C:\Windows\SysWow64\tCCeelIIBrPNxAu

2011-11-11 14:42:56 -------- d-----w- C:\Windows\SysWow64\AekkIIBrzONxA0v

2011-11-11 14:41:55 -------- d-----w- C:\Windows\SysWow64\NHHH5sWJ7dE8gZq

2011-11-11 14:40:55 -------- d-----w- C:\Windows\SysWow64\VA00uucS2ibDpn4

2011-11-11 14:39:54 -------- d-----w- C:\Windows\SysWow64\duuuvDD2obFpm5s

2011-11-11 14:38:53 -------- d-----w- C:\Windows\SysWow64\PHH66dWWK7RL9Tq

2011-11-11 14:37:58 -------- d-----w- C:\Windows\SysWow64\IIIBBtzzPNyA

2011-11-11 14:36:56 -------- d-----w- C:\Windows\SysWow64\I22oobFF3pG5aJd

2011-11-11 14:35:59 -------- d-----w- C:\Windows\SysWow64\E4aaQQH6sWK7f

2011-11-11 14:34:58 -------- d-----w- C:\Windows\SysWow64\kpmmG5sQJdE

2011-11-11 14:33:56 -------- d-----w- C:\Windows\SysWow64\UL9hhXXjUCeIrO

2011-11-11 14:32:57 -------- d-----w- C:\Windows\SysWow64\ixA1uvS2oFpGaJd

2011-11-11 14:31:57 -------- d-----w- C:\FzP0ycA1i

2011-11-11 14:30:59 -------- d-----w- C:\Windows\SysWow64\DsQJ7dEK8R9YwUe

2011-11-11 14:29:55 -------- d-----w- C:\Windows\SysWow64\EycS1ivD3n4m5W7

2011-11-11 14:28:56 -------- d-----w- C:\Windows\SysWow64\z7fEL8gTZhCkVlB

2011-11-11 14:27:56 -------- d-----w- C:\Windows\SysWow64\PRLLL9hTXqjUCkB

2011-11-11 14:26:56 -------- d-----w- C:\Windows\SysWow64\JttzzPNyy

2011-11-11 14:25:57 -------- d-----w- C:\Windows\SysWow64\GsssWJJ7dELgRqh

2011-11-11 14:24:57 -------- d-----w- C:\Windows\SysWow64\PIBBrrzONyx

2011-11-11 14:23:59 -------- d-----w- C:\Windows\SysWow64\fWWKK7ffEL

2011-11-11 14:22:56 -------- d-----w- C:\Windows\SysWow64\K22iibDD3pn4aH6

2011-11-11 14:21:55 -------- d-----w- C:\Windows\SysWow64\KA1ivD2on4m5Q7E

2011-11-11 14:20:56 -------- d-----w- C:\Windows\SysWow64\aZZqqhYYXwkVeOB

2011-11-11 14:19:56 -------- d-----w- C:\Windows\SysWow64\JLLL9ggTZqjYwkV

2011-11-11 14:18:57 -------- d-----w- C:\Windows\SysWow64\HrrrzOONtxAuc2

2011-11-11 14:17:59 -------- d-----w- C:\Windows\SysWow64\LpnG4aQH6W7

2011-11-11 14:16:55 -------- d-----w- C:\nK8fRL9hT

2011-11-11 14:15:58 -------- d-----w- C:\Windows\SysWow64\TlOBtxP0y

2011-11-11 14:14:56 -------- d-----w- C:\Windows\SysWow64\eonF4amH5W7E8Rq

2011-11-11 14:13:57 -------- d-----w- C:\Windows\SysWow64\O1ivD3onFaHsJdL

2011-11-11 14:12:59 -------- d-----w- C:\Windows\SysWow64\iibD3onG4m6W7E8

2011-11-11 14:11:55 -------- d-----w- C:\Windows\SysWow64\krlOOBtx0yc

2011-11-11 14:10:57 -------- d-----w- C:\Windows\SysWow64\nbDD3onG4mH6W7E

2011-11-11 14:09:58 -------- d-----w- C:\Windows\SysWow64\OL9ggTZqYCwIVlN

2011-11-11 14:08:58 -------- d-----w- C:\woobF3pmG5QJdKf

2011-11-11 14:07:56 -------- d-----w- C:\zjjjYCeekIVzOtx

2011-11-11 14:06:58 -------- d-----w- C:\Windows\SysWow64\TwwkkIVVrlOtx0u

2011-11-11 14:05:59 -------- d-----w- C:\Windows\SysWow64\izzOONttxA

2011-11-11 14:04:59 -------- d-----w- C:\Windows\SysWow64\pEKK8ffRZ

2011-11-11 14:03:59 -------- d-----w- C:\Windows\SysWow64\bllOOBtxP0ycSi3

2011-11-11 14:02:53 -------- d-----w- C:\yBBrrzPNNyA1uSo

2011-11-11 14:01:57 -------- d-----w- C:\Windows\SysWow64\ZjjYYwwIVrlNx0c

2011-11-11 14:00:56 -------- d-----w- C:\Windows\SysWow64\sEKK8fRZhTX

2011-11-11 13:59:57 -------- d-----w- C:\Windows\SysWow64\OK88fRZ9hXwjC

2011-11-11 13:58:58 -------- d-----w- C:\Windows\SysWow64\HllOBtxP0yS1v3n

2011-11-11 13:57:58 -------- d-----w- C:\Windows\SysWow64\qWK77EE9gTZj

2011-11-11 13:56:55 -------- d-----w- C:\Windows\SysWow64\cnG4aQH6sKfLgZj

2011-11-11 13:55:57 -------- d-----w- C:\Windows\SysWow64\vS2ibD3pn4Q6W7E

2011-11-11 13:54:56 -------- d-----w- C:\Windows\SysWow64\fZZZ99hTXwjUelB

2011-11-11 13:53:58 -------- d-----w- C:\Windows\SysWow64\qPPNNyxxA1uS

2011-11-11 13:52:59 -------- d-----w- C:\Windows\SysWow64\a555sQQJ6dE8f

2011-11-11 13:51:59 -------- d-----w- C:\CS1iibD3nG4aHsJ

2011-11-11 13:50:58 -------- d-----w- C:\Windows\SysWow64\JQQQJ66dEK8fZ9T

2011-11-11 13:49:55 -------- d-----w- C:\Windows\SysWow64\QTTXXqjUUCkIBzN

2011-11-11 13:48:59 -------- d-----w- C:\Windows\SysWow64\arrllOBtxP0yc

2011-11-11 13:47:53 -------- d-----w- C:\Windows\SysWow64\DzPPNNyxA1uv2o

2011-11-11 13:46:59 -------- d-----w- C:\tddEKK8gRZ9hXjU

2011-11-11 13:45:56 -------- d-----w- C:\Windows\SysWow64\B222onFF4pm5s

2011-11-11 13:44:54 -------- d-----w- C:\Windows\SysWow64\BdEEKK8fRZ9TXjU

2011-11-11 13:43:59 -------- d-----w- C:\Windows\SysWow64\ziiivD2onF4p5Q7

2011-11-11 13:42:57 -------- d-----w- C:\Windows\SysWow64\KvS22bb3pmGaJ6W

2011-11-11 13:41:56 -------- d-----w- C:\Windows\SysWow64\QTZqqYYwkUVlBxP

2011-11-11 13:40:54 -------- d-----w- C:\Windows\SysWow64\zgRZZhhXwjUeI

2011-11-11 13:39:57 -------- d-----w- C:\z88fRZZhTX

2011-11-11 13:38:57 -------- d-----w- C:\Windows\SysWow64\DhYXwkUVeOtPyAi

2011-11-11 13:37:57 -------- d-----w- C:\kcS2ibD3pGaHsKf

2011-11-11 13:36:59 -------- d-----w- C:\Windows\SysWow64\utxP0ucS1b3n

2011-11-11 13:35:55 -------- d-----w- C:\Windows\SysWow64\CzONtxA0uSiDpG

2011-11-11 13:34:58 -------- d-----w- C:\Windows\SysWow64\LggRRZqhhYw

2011-11-11 13:33:56 -------- d-----w- C:\Windows\SysWow64\g55ssQJ66EK

2011-11-11 13:32:59 -------- d-----w- C:\Windows\SysWow64\a888fRRL9h

2011-11-11 13:31:59 -------- d-----w- C:\Windows\SysWow64\JmmHH5ssWJ7ELgR

2011-11-11 13:30:58 -------- d-----w- C:\Windows\SysWow64\s888fRRL9hT

2011-11-11 13:29:57 -------- d-----w- C:\Windows\SysWow64\iEELL8gTZqhCw

2011-11-11 13:28:55 -------- d-----w- C:\Windows\SysWow64\xJJ77dEK8gZ9YXj

2011-11-11 13:27:57 -------- d-----w- C:\Windows\SysWow64\vzzzPNNyxA1vS

2011-11-11 13:26:55 -------- d-----w- C:\Windows\SysWow64\xXqjjUCeekBrzNx

2011-11-11 13:25:56 -------- d-----w- C:\Windows\SysWow64\yKK88fRL9hTXjU

2011-11-11 13:24:53 -------- d-----w- C:\Windows\SysWow64\rSS2obbF3mG5QJd

2011-11-11 13:23:57 -------- d-----w- C:\Windows\SysWow64\afffEL88gTZhYwk

2011-11-11 13:22:57 -------- d-----w- C:\WS2iiFF3nG5Q6dK

2011-11-11 13:21:55 -------- d-----w- C:\Windows\SysWow64\PonFFaaH5sW7E8g

2011-11-11 13:20:55 -------- d-----w- C:\Windows\SysWow64\eIVrzONtx0c2b3n

2011-11-11 13:19:56 -------- d-----w- C:\Windows\SysWow64\lBrzPNyxAuSoFpG

2011-11-11 13:18:57 -------- d-----w- C:\fvD2onF4pHsJdKg

2011-11-11 13:17:58 -------- d-----w- C:\Windows\SysWow64\mA1ivD2on4m5Q7E

2011-11-11 13:16:58 -------- d-----w- C:\Windows\SysWow64\CgTZqjYCwIrOtP

2011-11-11 13:15:59 -------- d-----w- C:\Windows\SysWow64\iAA00ucS2ibD3n4

2011-11-11 13:14:58 -------- d-----w- C:\zcccA11ivD2oF4m

2011-11-11 13:13:56 -------- d-----w- C:\Windows\SysWow64\rSS22obbF3mG

2011-11-11 13:12:58 -------- d-----w- C:\wjjUUCeelIBzPyx

2011-11-11 13:11:55 -------- d-----w- C:\Windows\SysWow64\nFF33pnnG5aH

2011-11-11 13:10:59 -------- d-----w- C:\CaammH5sWJ7ELgZ

2011-11-11 13:09:54 -------- d-----w- C:\xnGG55aQH6dW7f

2011-11-11 13:08:59 -------- d-----w- C:\Windows\SysWow64\aBrrzzPNyxA1v

2011-11-11 13:07:57 -------- d-----w- C:\Windows\SysWow64\beeekkIBrzONxAu

2011-11-11 13:06:59 -------- d-----w- C:\FeekkIVVrzNtx0c

2011-11-11 13:05:57 -------- d-----w- C:\Windows\SysWow64\qrrllONNtxPu

2011-11-11 13:04:55 -------- d-----w- C:\Windows\SysWow64\a55ssQJ7dEK8RZh

2011-11-11 13:03:59 -------- d-----w- C:\Windows\SysWow64\LjjjUCCekIrzOyA

2011-11-11 13:02:55 -------- d-----w- C:\Windows\SysWow64\gffRLL9hTXqjCk

2011-11-11 13:01:58 -------- d-----w- C:\Windows\SysWow64\LVrzONtxAuSiDpG

2011-11-11 13:00:59 -------- d-----w- C:\Windows\SysWow64\UuvS2ibF3n5Q6W7

2011-11-11 12:59:59 -------- d-----w- C:\XRZ99TTwjU

2011-11-11 12:58:58 -------- d-----w- C:\YXqqjjYCekIVzOt

2011-11-11 12:57:59 -------- d-----w- C:\Windows\SysWow64\lAAA0uucS2iD3pG

2011-11-11 12:56:59 -------- d-----w- C:\Windows\SysWow64\y7ddEEK8gRZhYX

2011-11-11 12:55:56 -------- d-----w- C:\Windows\SysWow64\tjjjUCCelIBrPNx

2011-11-11 12:54:59 -------- d-----w- C:\WA000uvS2ibFpn5

2011-11-11 12:53:59 -------- d-----w- C:\Windows\SysWow64\uJJ77dEEK8gZ

2011-11-11 12:52:57 -------- d-----w- C:\Windows\SysWow64\KFF33pmGG5QJ6

2011-11-11 12:51:59 -------- d-----w- C:\eUCeeIIrzONx0v

2011-11-11 12:50:55 -------- d-----w- C:\Windows\SysWow64\fAAA1uuvD2oF4

2011-11-11 12:49:56 -------- d-----w- C:\Windows\SysWow64\cnF44mm5s

2011-11-11 12:48:59 -------- d-----w- C:\Windows\SysWow64\L555aQQH6dWKfR9

2011-11-11 12:47:59 -------- d-----w- C:\Windows\SysWow64\ByccAA1ivD2oFpm

2011-11-11 12:46:58 -------- d-----w- C:\Windows\SysWow64\wKK7fRRL9gXqYCk

2011-11-11 12:45:58 -------- d-----w- C:\Windows\SysWow64\UwjUCelIBzNx1v2

2011-11-11 12:44:59 -------- d-----w- C:\Windows\SysWow64\dUVelIBtzNc1v2b

2011-11-11 12:43:59 -------- d-----w- C:\i3onG4amHs

2011-11-11 12:42:55 -------- d-----w- C:\Windows\SysWow64\x00ucS2ibDpn4Q6

2011-11-11 12:41:57 -------- d-----w- C:\Windows\SysWow64\tibDDppG5aQ6W

2011-11-11 12:40:57 -------- d-----w- C:\Windows\SysWow64\qJ66dEK8fZ9hXjC

2011-11-11 12:39:58 -------- d-----w- C:\Windows\SysWow64\t5sQJ7dEKgZhXjV

2011-11-11 12:38:58 -------- d-----w- C:\Windows\SysWow64\o7fEL8gTZhCkVlB

2011-11-11 12:37:59 -------- d-----w- C:\Windows\SysWow64\IcSS2ibD3nG4

2011-11-11 12:36:55 -------- d-----w- C:\Windows\SysWow64\ATTXXqjYYCkIVzO

2011-11-11 12:35:59 -------- d-----w- C:\Windows\SysWow64\YttzP0ycA1vDo

2011-11-11 12:34:58 -------- d-----w- C:\Windows\SysWow64\cWKK88fRL9hTqjC

2011-11-11 12:33:59 -------- d-----w- C:\dzzPNyyA1uS2b3m

2011-11-11 12:32:53 -------- d-----w- C:\Windows\SysWow64\iLLL88gTZqhYwkV

2011-11-11 12:31:59 -------- d-----w- C:\Windows\SysWow64\CiiibDD3pnG4QHs

2011-11-11 12:30:55 -------- d-----w- C:\Windows\SysWow64\BA0ucS2ib3n4Q6W

2011-11-11 12:29:56 -------- d-----w- C:\Windows\SysWow64\SvvSS2oobF3mG

2011-11-11 12:28:59 -------- d-----w- C:\HtxA0ucS2b3n4Q

2011-11-11 12:27:56 -------- d-----w- C:\Windows\SysWow64\IdWK7fRL9TqYeIr

2011-11-11 12:26:57 -------- d-----w- C:\Windows\SysWow64\rONyxA0uv2b3n5Q

2011-11-11 12:25:57 -------- d-----w- C:\Windows\SysWow64\QmG5sQJ6dKfZhXj

2011-11-11 12:24:58 -------- d-----w- C:\Windows\SysWow64\vsQJ7dEK8R9YwUe

2011-11-11 12:23:59 -------- d-----w- C:\Windows\SysWow64\wwkUVelOBz0c1v2

2011-11-11 12:22:55 -------- d-----w- C:\Windows\SysWow64\OEL8gTZqhCkVl

2011-11-11 12:21:56 -------- d-----w- C:\Windows\SysWow64\K6sWK7fELgZjCkV

2011-11-11 12:20:57 -------- d-----w- C:\Windows\SysWow64\IVrzONtxAuSiDpG

2011-11-11 12:19:59 -------- d-----w- C:\Windows\SysWow64\onG5aQH6dKfLgXj

2011-11-11 12:18:59 -------- d-----w- C:\nEK8fRZ9hXjClBz

2011-11-11 12:17:55 -------- d-----w- C:\Windows\SysWow64\DD2obF4pm5Q

2011-11-11 12:16:57 -------- d-----w- C:\Windows\SysWow64\I5sQJ6dEKfZhXjC

2011-11-11 12:15:58 -------- d-----w- C:\Windows\SysWow64\kqhYXwkUVlBz0c1

2011-11-11 12:14:59 -------- d-----w- C:\Windows\SysWow64\BsWJ7fEL8TqYwUr

2011-11-11 12:13:59 -------- d-----w- C:\Windows\SysWow64\B9gTXqjYCkVzNx0

2011-11-11 12:12:59 -------- d-----w- C:\hbF4pmG5sJdKfZh

2011-11-11 12:11:57 -------- d-----w- C:\Windows\SysWow64\kAA0uvv2ib3pGaH

2011-11-11 12:10:55 -------- d-----w- C:\Windows\SysWow64\lVVrlONtxPuc1b3

2011-11-11 12:09:58 -------- d-----w- C:\Windows\SysWow64\HP00ycS1iD3oFaH

2011-11-11 12:08:59 -------- d-----w- C:\OxP00cc1ivDoFam

2011-11-11 12:07:55 -------- d-----w- C:\Windows\SysWow64\OPPP0uucS1

2011-11-11 12:06:58 -------- d-----w- C:\Windows\SysWow64\ohYYXXwkUVe

2011-11-11 12:05:55 -------- d-----w- C:\Windows\SysWow64\aLL88gRZZhYXwUe

2011-11-11 12:04:55 -------- d-----w- C:\Windows\SysWow64\vffEL9gTZqYCkVl

2011-11-11 12:03:58 -------- d-----w- C:\Windows\SysWow64\yXwwjjUVelO

2011-11-11 12:02:58 -------- d-----w- C:\Windows\SysWow64\F33ppnGG5aQ6

2011-11-11 12:01:55 -------- d-----w- C:\Windows\SysWow64\NggTTZqjjCwkIrO

2011-11-11 12:00:54 -------- d-----w- C:\Windows\SysWow64\EL88ggRZqhYXkUe

2011-11-11 11:59:55 -------- d-----w- C:\Windows\SysWow64\mvDD33onF4am5

2011-11-11 11:58:55 -------- d-----w- C:\Windows\SysWow64\sVrrllONtxP

2011-11-11 11:57:56 -------- d-----w- C:\Windows\SysWow64\lbFF33pnG5aQ6dK

2011-11-11 11:56:57 -------- d-----w- C:\Windows\SysWow64\oelIBrzPNx1

2011-11-11 11:55:59 -------- d-----w- C:\Windows\SysWow64\libF3pnG5Q6W7R9

2011-11-11 11:54:59 -------- d-----w- C:\Windows\SysWow64\sooobFF4pmG5QJ

2011-11-11 11:53:55 -------- d-----w- C:\Windows\SysWow64\kllOOBttzP0cAiv

2011-11-11 11:52:57 -------- d-----w- C:\Windows\SysWow64\HOOOBttzP0y

2011-11-11 11:51:57 -------- d-----w- C:\Windows\SysWow64\ftttxPP0ucS1b3o

2011-11-11 11:50:58 -------- d-----w- C:\Windows\SysWow64\vZZqqjYYCeIVrON

2011-11-11 11:49:56 -------- d-----w- C:\Windows\SysWow64\qJ77ffEL8gTZhYw

2011-11-11 11:48:58 -------- d-----w- C:\Windows\SysWow64\XUUVVrllOBxP0

2011-11-11 11:47:57 -------- d-----w- C:\Windows\SysWow64\g2oobbF4pmG5QJ

2011-11-11 11:46:55 -------- d-----w- C:\Windows\SysWow64\mXqjYCekIrOtAuS

2011-11-11 11:45:57 -------- d-----w- C:\Windows\SysWow64\I7fEL9gTZjCk

2011-11-11 11:44:58 -------- d-----w- C:\Windows\SysWow64\QaQH6dWK7R9TqY

2011-11-11 11:43:59 -------- d-----w- C:\Windows\SysWow64\VIBBrzONyA0uSiF

2011-11-11 11:42:57 -------- d-----w- C:\Windows\SysWow64\OTZqqYYwkIVlNxP

2011-11-11 11:41:59 -------- d-----w- C:\Windows\SysWow64\oQHH6sWKfEL9Tq

2011-11-11 11:40:58 -------- d-----w- C:\Windows\SysWow64\NfRRZ99hTwjUelB

2011-11-11 11:39:57 -------- d-----w- C:\Windows\SysWow64\rzzOOttA0uS2b3n

2011-11-11 11:38:57 -------- d-----w- C:\Windows\SysWow64\lOONNyxA0

2011-11-11 11:37:53 -------- d-----w- C:\Windows\SysWow64\SQQQJJ6dEK8fZ

2011-11-11 11:36:59 -------- d-----w- C:\Windows\SysWow64\UkkkVeelOBtP0cA

2011-11-11 11:35:58 -------- d-----w- C:\Windows\SysWow64\sFFF3ppmG5aQ6dK

2011-11-11 11:34:59 -------- d-----w- C:\Windows\SysWow64\OJJ6dEEK8fRZhTw

2011-11-11 11:33:57 -------- d-----w- C:\Windows\SysWow64\C5aaQQH6dWK7fLg

2011-11-11 11:32:58 -------- d-----w- C:\Windows\SysWow64\EuvvSS2obF3pG5Q

2011-11-11 11:31:59 -------- d-----w- C:\Windows\SysWow64\XWWKK8ffRL9TXjU

2011-11-11 11:30:55 -------- d-----w- C:\Windows\SysWow64\HnF4pmH5sJdKgZh

2011-11-11 11:29:56 -------- d-----w- C:\Windows\SysWow64\PRZqhYXwkVlBz0c

2011-11-11 11:28:59 -------- d-----w- C:\XCeeelIBrzPNyAu

2011-11-11 11:27:55 -------- d-----w- C:\Windows\SysWow64\AwjUUeeIBtzNc1v

2011-11-11 11:26:56 -------- d-----w- C:\Windows\SysWow64\EXXwwjUVelIBtPy

2011-11-11 11:25:53 -------- d-----w- C:\Windows\SysWow64\Y4ppmH5sJ7dE8R9

2011-11-11 11:24:59 -------- d-----w- C:\Windows\SysWow64\gLL88gTTZqhCwUV

2011-11-11 11:23:54 -------- d-----w- C:\Windows\SysWow64\w22ibD3pnGaQ6W7

2011-11-11 11:22:56 -------- d-----w- C:\Windows\SysWow64\VbbD3pnG4aH6W7E

2011-11-11 11:21:57 -------- d-----w- C:\Windows\SysWow64\wmG5aQJ6dKfLhXj

2011-11-11 11:20:58 -------- d-----w- C:\Windows\SysWow64\nG5aQJ6dW8R9TqU

2011-11-11 11:19:56 -------- d-----w- C:\Windows\SysWow64\VKK77fRL9gTqjCk

2011-11-11 11:18:56 -------- d-----w- C:\Windows\SysWow64\ryccA11uv2ob4pG

2011-11-11 11:17:56 -------- d-----w- C:\Windows\SysWow64\TammH5sWJ7dE8RZ

2011-11-11 11:16:56 -------- d-----w- C:\Windows\SysWow64\N55aQHH6dK7fL9T

2011-11-11 11:15:56 -------- d-----w- C:\Windows\SysWow64\J55ssQJ6dEKf

2011-11-11 11:14:59 -------- d-----w- C:\STTZZqjYCw

2011-11-11 11:13:56 -------- d-----w- C:\Windows\SysWow64\DXXqqjYCekIrzN

2011-11-11 11:12:56 -------- d-----w- C:\Windows\SysWow64\jsssQJ6dEK8RZhX

2011-11-11 11:11:55 -------- d-----w- C:\Windows\SysWow64\FTTZZqhYCwUVrOt

2011-11-11 11:10:55 -------- d-----w- C:\Windows\SysWow64\BuvvS2ibF3pn5Q6

2011-11-11 11:09:56 -------- d-----w- C:\Windows\SysWow64\FXXwwjUVelIt

2011-11-11 11:08:56 -------- d-----w- C:\Windows\SysWow64\OiibD33on4am6sJ

2011-11-11 11:07:56 -------- d-----w- C:\Windows\SysWow64\KAA0uucS2i

2011-11-11 11:06:57 -------- d-----w- C:\Windows\SysWow64\DppmmG5aQJd

2011-11-11 11:05:59 -------- d-----w- C:\I9ggTXqjjCekVzO

2011-11-11 11:04:59 -------- d-----w- C:\Windows\SysWow64\aZ99hTXwjUCeI

2011-11-11 11:03:59 -------- d-----w- C:\Windows\SysWow64\xcc1vDD3n4aH7E8

2011-11-11 11:02:57 -------- d-----w- C:\Windows\SysWow64\XZqqhYXwkUVeOtP

2011-11-11 11:01:57 -------- d-----w- C:\Windows\SysWow64\jKKK7ffEL9ZqY

2011-11-11 11:00:58 -------- d-----w- C:\Windows\SysWow64\I000ucSS2iD3pGa

2011-11-11 10:59:59 -------- d-----w- C:\Windows\SysWow64\QA00uucS2ibDpn4

2011-11-11 10:58:55 -------- d-----w- C:\Windows\SysWow64\H333pmmG5aQJdW8

2011-11-11 10:57:54 -------- d-----w- C:\Windows\SysWow64\ZsssWJJ7f

2011-11-11 10:56:59 -------- d-----w- C:\Windows\SysWow64\zxxAA0uvS2ibFpG

2011-11-11 10:55:56 -------- d-----w- C:\Windows\SysWow64\C22obF3pmGaQ6W

2011-11-11 10:54:59 -------- d-----w- C:\Windows\SysWow64\OWWKK7ffEL9TZjC

2011-11-11 10:53:59 -------- d-----w- C:\PiiibF3ppG5aQ6

2011-11-11 10:52:54 -------- d-----w- C:\Windows\SysWow64\TUUUVVelOBtz0yA

2011-11-11 10:51:56 -------- d-----w- C:\Windows\SysWow64\QelIBtzPNc1v2b

2011-11-11 10:50:55 -------- d-----w- C:\Windows\SysWow64\ikIVrzONtAuSiDp

2011-11-11 10:49:57 -------- d-----w- C:\Windows\SysWow64\rA0ucS2ib

2011-11-11 10:48:59 -------- d-----w- C:\Windows\SysWow64\maaQQ66WK7ELgZj

2011-11-11 10:47:59 -------- d-----w- C:\whTXqjUCeIrOyAu

2011-11-11 10:46:56 -------- d-----w- C:\Windows\SysWow64\vnnG5aQH6WK7R9T

2011-11-11 10:45:59 -------- d-----w- C:\JaQHHssK7fE9Tqj

2011-11-11 10:44:56 -------- d-----w- C:\Windows\SysWow64\KaammH6sWJ7fL

2011-11-11 10:43:56 -------- d-----w- C:\Windows\SysWow64\JfRZZhhXwjUeIrN

2011-11-11 10:42:54 -------- d-----w- C:\Windows\SysWow64\xKKK77fRL9g

2011-11-11 10:41:55 -------- d-----w- C:\Windows\SysWow64\qffRRL9hhTqjCeI

2011-11-11 10:40:56 -------- d-----w- C:\Windows\SysWow64\offRL9hTXqUCkBz

2011-11-11 10:39:53 -------- d-----w- C:\Windows\SysWow64\a3ppnG5aQ6dW7R9

2011-11-11 10:38:57 -------- d-----w- C:\Windows\SysWow64\PlllOBBtzP0cAi

2011-11-11 10:37:58 -------- d-----w- C:\Windows\SysWow64\ODD33onnF4aH5

2011-11-11 10:36:57 -------- d-----w- C:\Windows\SysWow64\YbbbF33pmG5aJ6W

2011-11-11 10:35:58 -------- d-----w- C:\Windows\SysWow64\UBBBtzzPNyA1uD

2011-11-11 10:34:57 -------- d-----w- C:\Windows\SysWow64\yA000ucS2ibD3n4

2011-11-11 10:33:59 -------- d-----w- C:\rWK7fEL9gZjCkVl

2011-11-11 10:32:55 -------- d-----w- C:\Windows\SysWow64\BVrzONtxAuSiDpG

2011-11-11 10:31:57 -------- d-----w- C:\Windows\SysWow64\LQH6dWK7fLgXjCk

2011-11-11 10:30:58 -------- d-----w- C:\WlIBrzPNy

2011-11-11 10:29:58 -------- d-----w- C:\Windows\SysWow64\mmH5sQJ7dKgZhXj

2011-11-11 10:28:57 -------- d-----w- C:\Windows\SysWow64\zvSS2ibFpnG5Q

2011-11-11 10:27:55 -------- d-----w- C:\Windows\SysWow64\lfEELL8gTZqhCwU

2011-11-11 10:26:59 -------- d-----w- C:\i2oobbF3pmG5aJd

2011-11-11 10:25:56 -------- d-----w- C:\Windows\SysWow64\DaaQQJ66dWK

2011-11-11 10:24:55 -------- d-----w- C:\Windows\SysWow64\ZwwwkUUVr

2011-11-11 10:23:59 -------- d-----w- C:\QwjjUCCelIBrPN

2011-11-11 10:22:57 -------- d-----w- C:\Windows\SysWow64\CK77ffRL9gTXqY

2011-11-11 10:21:57 -------- d-----w- C:\Windows\SysWow64\t88ffRZZ9h

2011-11-11 10:20:57 -------- d-----w- C:\Windows\SysWow64\SDDD3onnF4

2011-11-11 10:19:54 -------- d-----w- C:\WttxxP0ycS1iv3n

2011-11-11 10:18:57 -------- d-----w- C:\Windows\SysWow64\PBBBtzzP0yc

2011-11-11 10:17:57 -------- d-----w- C:\Windows\SysWow64\N1ibbD3oG4a

2011-11-11 10:16:57 -------- d-----w- C:\Windows\SysWow64\clIBrzPNyAuSoFp

2011-11-11 10:15:57 -------- d-----w- C:\Windows\SysWow64\ldEL8gRZqYwUeOt

2011-11-11 10:14:58 -------- d-----w- C:\Windows\SysWow64\F4amH5sWJdLgZhX

2011-11-11 10:13:59 -------- d-----w- C:\Windows\SysWow64\BhYCwkUVrOtPySi

2011-11-11 10:12:56 -------- d-----w- C:\Windows\SysWow64\dmmH6sWJ7fL8TqY

2011-11-11 10:11:57 -------- d-----w- C:\Windows\SysWow64\NhYYCwkUVlOBx0c

2011-11-11 10:10:59 -------- d-----w- C:\dJJ77EE8g

2011-11-11 10:09:56 -------- d-----w- C:\Windows\SysWow64\Q1ivv33oF4aH5W

2011-11-11 10:08:58 -------- d-----w- C:\Windows\SysWow64\rccS1iiD3oF4m5W

2011-11-11 10:07:57 -------- d-----w- C:\Windows\SysWow64\T333ppnG5aQHdW7

2011-11-11 10:06:59 -------- d-----w- C:\hbF33nnGaQHdK7R

2011-11-11 10:05:58 -------- d-----w- C:\Windows\SysWow64\W6ssWJJ7EL8g

2011-11-11 10:04:57 -------- d-----w- C:\Windows\SysWow64\zdddEKK8fRZ9TXj

2011-11-11 10:03:57 -------- d-----w- C:\Windows\SysWow64\xH55sWJ7dL8gZhX

2011-11-11 10:02:54 -------- d-----w- C:\Windows\SysWow64\KK8ggRZ9YXwjVlB

2011-11-11 10:01:59 -------- d-----w- C:\Windows\SysWow64\rkkUVrlOBtP0

2011-11-11 10:00:57 -------- d-----w- C:\Windows\SysWow64\enFF4amH5WJ7E8R

2011-11-11 09:59:56 -------- d-----w- C:\Windows\SysWow64\KYCeekIVzONxAuS

2011-11-11 09:58:58 -------- d-----w- C:\Windows\SysWow64\r2ibF3pnGaHdKfL

2011-11-11 09:57:54 -------- d-----w- C:\Windows\SysWow64\i333pnnG5aH6dK7

2011-11-11 09:56:59 -------- d-----w- C:\Windows\SysWow64\gJJJ7ddEK8gZ9Y

2011-11-11 09:55:57 -------- d-----w- C:\Windows\SysWow64\eUUCCekkIBzONx

2011-11-11 09:54:58 -------- d-----w- C:\xooobF44pmGsQ6d

2011-11-11 09:53:58 -------- d-----w- C:\Windows\SysWow64\tH6ssWJ7EL8TZhC

2011-11-11 09:52:56 -------- d-----w- C:\Windows\SysWow64\YRZ9hYXwjVlBzNc

2011-11-11 09:51:56 -------- d-----w- C:\Windows\SysWow64\VfEL8gTZq

2011-11-11 09:50:52 -------- d-----w- C:\Windows\SysWow64\xzzzONNtxA0

2011-11-11 09:49:55 -------- d-----w- C:\Windows\SysWow64\GZZqqhYCCkUVr

2011-11-11 09:48:58 -------- d-----w- C:\Windows\SysWow64\qeellIBBtzNy

2011-11-11 09:47:54 -------- d-----w- C:\Windows\SysWow64\GttxxP0yyc1iv3n

2011-11-11 09:46:56 -------- d-----w- C:\Windows\SysWow64\X55ssQJ77dK8gZ9

2011-11-11 09:45:58 -------- d-----w- C:\Windows\SysWow64\aKK88gRRZ9hXwUV

2011-11-11 09:44:55 -------- d-----w- C:\Windows\SysWow64\SzzzPNNyxA1uS

2011-11-11 09:43:58 -------- d-----w- C:\Windows\SysWow64\F6dWK7fRL

2011-11-11 09:42:59 -------- d-----w- C:\Windows\SysWow64\JlIBrzPNyAuSoFp

2011-11-11 09:41:55 -------- d-----w- C:\Windows\SysWow64\sPPNNyxxA1uS2bF

2011-11-11 09:41:54 -------- d-----w- C:\mmmmH55sQJ7dK8R

2011-11-11 09:41:47 -------- d-----w- C:\Windows\SysWow64\JiiibFF3pnGa

2011-11-11 09:41:46 -------- d-----w- C:\UPPNNyxxA1v

2011-11-11 09:41:37 -------- d-----w- C:\Windows\SysWow64\uqqjjUCCe

2011-11-11 09:41:34 -------- d-----w- C:\DrrllOBBtxPyc1

2011-11-11 09:41:28 -------- d-----w- C:\Windows\SysWow64\HiibbD33pnG

2011-11-11 09:41:26 -------- d-----w- C:\tffRRZ9hhXwjUeI

2011-11-11 09:41:19 -------- d-----w- C:\Windows\SysWow64\ZssWWJ7ffE8g

2011-11-11 09:41:18 -------- d-----w- C:\BHHH6ddWK7fL9Tq

2011-11-11 09:41:10 -------- d-----w- C:\Windows\SysWow64\jnnFF4aamH5WJ

2011-11-11 09:41:09 -------- d-----w- C:\BrrllONttx0uc1i

2011-11-11 09:39:57 -------- d-----w- C:\Windows\SysWow64\PllOOBtxxPy

2011-11-11 09:38:55 -------- d-----w- C:\Windows\SysWow64\bobbFF4pmG5

2011-11-11 09:37:52 -------- d-----w- C:\Windows\SysWow64\FsQQJ6ddEKfRZhT

2011-11-11 09:37:51 -------- d-----w- C:\ViiivDD2onFp

2011-11-11 09:37:37 -------- d-----w- C:\Windows\SysWow64\VddEEK8ffR9h

2011-11-11 09:37:36 -------- d-----w- C:\fL88ggRZqhYXkUe

2011-11-11 09:37:28 -------- d-----w- C:\Windows\SysWow64\lddEEK8ffR9hTwU

2011-11-11 09:37:27 -------- d-----w- C:\q111ivvD2onFpm5

2011-11-11 09:37:19 -------- d-----w- C:\wuuuvSS2obFpmGa

2011-11-11 09:37:19 -------- d-----w- C:\Windows\SysWow64\vBBrrzzONyx0uS2

2011-11-11 09:37:12 -------- d-----w- C:\Windows\SysWow64\wmmmH55sQJ7dKgZ

2011-11-11 09:37:12 -------- d-----w- C:\jEEEL88gRZ

2011-11-11 09:37:04 -------- d-----w- C:\Windows\SysWow64\AL99hhTXq

2011-11-11 09:37:04 -------- d-----w- C:\L9hhTTXwjUCeIB

2011-11-11 09:35:59 -------- d-----w- C:\Windows\SysWow64\sFF44ammH5s

2011-11-11 09:34:59 -------- d-----w- C:\DL99ggTZqjYCkI

2011-11-11 09:33:59 -------- d-----w- C:\TL999hTXq

2011-11-11 09:32:58 -------- d-----w- C:\Windows\SysWow64\HSS1iibD3onGam

2011-11-11 09:31:59 -------- d-----w- C:\hIVrlONtx

2011-11-11 09:30:57 -------- d-----w- C:\Windows\SysWow64\ZvD3onF4aHsJ

2011-11-11 09:29:55 -------- d-----w- C:\Windows\SysWow64\O22ooFFpmGsQ6E8

2011-11-11 09:28:59 -------- d-----w- C:\c99gTXqjYCkIrOt

2011-11-11 09:27:59 -------- d-----w- C:\Windows\SysWow64\KDD2obb4pm5sJdK

2011-11-11 09:26:59 -------- d-----w- C:\Windows\SysWow64\JffEL8gTZqYC

2011-11-11 09:25:58 -------- d-----w- C:\Windows\SysWow64\CbFF3pmG5QJ6W8R

2011-11-11 09:24:58 -------- d-----w- C:\Windows\SysWow64\vhhYXwwUVeOBz

2011-11-11 09:23:58 -------- d-----w- C:\Windows\SysWow64\lkkIIrrONtx0c2b

2011-11-11 09:22:58 -------- d-----w- C:\Windows\SysWow64\xQJJ6dEK8RZ9Tw

2011-11-11 09:21:58 -------- d-----w- C:\Windows\SysWow64\monnF4amHsWJdLg

2011-11-11 09:20:57 -------- d-----w- C:\Windows\SysWow64\G9gTTqqjCekVr

2011-11-11 09:19:57 -------- d-----w- C:\Windows\SysWow64\QH55sQJ7dK8gZhX

2011-11-11 09:18:59 -------- d-----w- C:\Windows\SysWow64\deelIBrzPyxAuSo

2011-11-11 09:17:58 -------- d-----w- C:\Windows\SysWow64\s3pnn44aH6sKfE9

2011-11-11 09:16:56 -------- d-----w- C:\Windows\SysWow64\ABtxx00cS1iDoF4

2011-11-11 09:15:58 -------- d-----w- C:\Windows\SysWow64\bsQJJddK8gR

2011-11-11 09:14:59 -------- d-----w- C:\Windows\SysWow64\akIVVllNtxPuSib

2011-11-11 09:13:56 -------- d-----w- C:\Windows\SysWow64\glOONtxP0cS1b3n

2011-11-11 09:12:57 -------- d-----w- C:\Windows\SysWow64\hYYCCkkIVrltxPu

2011-11-11 09:11:58 -------- d-----w- C:\Windows\SysWow64\knnnG44aHsWKf9g

2011-11-11 09:10:56 -------- d-----w- C:\Windows\SysWow64\byccS1ivDonFaHs

2011-11-11 09:09:58 -------- d-----w- C:\Windows\SysWow64\VCwwUVVrlBtxPyS

2011-11-11 09:08:55 -------- d-----w- C:\Windows\SysWow64\SZZZqhhYXwkVeOt

2011-11-11 09:07:55 -------- d-----w- C:\Windows\SysWow64\lLLL9ggTZqjYwkV

2011-11-11 09:06:54 -------- d-----w- C:\Windows\SysWow64\W55sQQJ7dEK8

2011-11-11 09:05:59 -------- d-----w- C:\Windows\SysWow64\FvvvDD3onF4aH5W

2011-11-11 09:04:57 -------- d-----w- C:\Windows\SysWow64\FJJ77dEEK8gZ9YX

2011-11-11 09:03:56 -------- d-----w- C:\Windows\SysWow64\LG5aaHHdWK7R9TX

2011-11-11 09:02:59 -------- d-----w- C:\Windows\SysWow64\HPPP0uucS1iD3o

2011-11-11 09:01:59 -------- d-----w- C:\Windows\SysWow64\FTXqjUCekBzNx0v

2011-11-11 09:00:59 -------- d-----w- C:\msWJ7dEL8RqYwUe

2011-11-11 08:59:57 -------- d-----w- C:\Windows\SysWow64\aEK8fRZ9hXjClBz

2011-11-11 08:58:59 -------- d-----w- C:\Windows\SysWow64\RRZ9hTXwjClBzNx

2011-11-11 08:57:56 -------- d-----w- C:\Windows\SysWow64\b3pnn55QH6dKfL9

2011-11-11 08:56:58 -------- d-----w- C:\Windows\SysWow64\GOONtxA0uS2iDpG

2011-11-11 08:55:59 -------- d-----w- C:\Windows\SysWow64\ZBrrzONyA0uv

2011-11-11 08:54:59 -------- d-----w- C:\Windows\SysWow64\LnFF4pmH5QJ7E8R

2011-11-11 08:53:59 -------- d-----w- C:\Windows\SysWow64\GDD33onG4am6s

2011-11-11 08:52:58 -------- d-----w- C:\Windows\SysWow64\qKKK8fRZ9

2011-11-11 08:51:59 -------- d-----w- C:\Windows\SysWow64\QzzPPNyccAu

2011-11-11 08:50:55 -------- d-----w- C:\Windows\SysWow64\cEEL8gRZqhXwUeO

2011-11-11 08:49:58 -------- d-----w- C:\Windows\SysWow64\FcA11uvDobFpm5Q

2011-11-11 08:48:55 -------- d-----w- C:\Windows\SysWow64\UcAAA1uvD2ob4p

2011-11-11 08:47:55 -------- d-----w- C:\Windows\SysWow64\RVrrlOBtx0yc1v

2011-11-11 08:46:58 -------- d-----w- C:\yBttzzP0ycA1iD

2011-11-11 08:45:59 -------- d-----w- C:\bpmH5sQJ7E8

2011-11-11 08:44:59 -------- d-----w- C:\Windows\SysWow64\errrzOONtxAucS

2011-11-11 08:43:58 -------- d-----w- C:\Windows\SysWow64\OllOOBtzP0ycAiD

2011-11-11 08:42:57 -------- d-----w- C:\Windows\SysWow64\qTTXXqjYC

2011-11-11 08:41:56 -------- d-----w- C:\Windows\SysWow64\owkkUUVelOBtP0

2011-11-11 08:40:59 -------- d-----w- C:\Windows\SysWow64\FBrrzzPNyxA1

2011-11-11 08:39:57 -------- d-----w- C:\Windows\SysWow64\aKKK7ffEL9gTqjC

2011-11-11 08:38:57 -------- d-----w- C:\Windows\SysWow64\UBBBtzzPNyc1uv2

2011-11-11 08:37:59 -------- d-----w- C:\hSS22obbF3pG5QJ

2011-11-11 08:36:59 -------- d-----w- C:\Windows\SysWow64\N777fEEL8gTqhC

2011-11-11 08:35:57 -------- d-----w- C:\Windows\SysWow64\xsssQJJ6dEK8RZ

2011-11-11 08:34:55 -------- d-----w- C:\Windows\SysWow64\yiibbF33pnGaQ6

2011-11-11 08:33:59 -------- d-----w- C:\Windows\SysWow64\WCCCwkkUV

2011-11-11 08:32:58 -------- d-----w- C:\Windows\SysWow64\sPPNNyxAA1vS2bF

2011-11-11 08:31:56 -------- d-----w- C:\Windows\SysWow64\xCCCwkkIVrlNtx

2011-11-11 08:30:59 -------- d-----w- C:\Windows\SysWow64\e444ammH5sW

2011-11-11 08:29:56 -------- d-----w- C:\Windows\SysWow64\AOOBBtxPP0cS1v3

2011-11-11 08:28:58 -------- d-----w- C:\Windows\SysWow64\E00yycA1ivD2oFp

2011-11-11 08:27:56 -------- d-----w- C:\Windows\SysWow64\d444pmmG5sQ6dK8

2011-11-11 08:26:58 -------- d-----w- C:\Windows\SysWow64\qS222obF3pmG

2011-11-11 08:25:56 -------- d-----w- C:\Windows\SysWow64\vzzzONNtxA0uS

2011-11-11 08:24:59 -------- d-----w- C:\Windows\SysWow64\zgggRZZqhY

2011-11-11 08:23:59 -------- d-----w- C:\Windows\SysWow64\PXXXqjjUCek

2011-11-11 08:22:57 -------- d-----w- C:\Windows\SysWow64\D000ucSS1iD

2011-11-11 08:21:55 -------- d-----w- C:\Windows\SysWow64\PBBttzP0ycAiv2

2011-11-11 08:20:54 -------- d-----w- C:\Windows\SysWow64\mUCCeekIBrzOy

2011-11-11 08:19:59 -------- d-----w- C:\Windows\SysWow64\cKKK8ffRZ9hTwjC

2011-11-11 08:18:53 -------- d-----w- C:\Windows\SysWow64\YaaaQH66sW

2011-11-11 08:17:59 -------- d-----w- C:\GrrzONyxA0vSiFp

2011-11-11 08:16:56 -------- d-----w- C:\Windows\SysWow64\zH6ddKKfRL9TqYC

2011-11-11 08:15:59 -------- d-----w- C:\YsssWJJ7dE

2011-11-11 08:14:56 -------- d-----w- C:\Windows\SysWow64\m1ivD3onFaHsJdL

2011-11-11 08:13:59 -------- d-----w- C:\Windows\SysWow64\f44pmHHsQJdE8R9

2011-11-11 08:12:57 -------- d-----w- C:\Windows\SysWow64\PBBrzONyx0u

2011-11-11 08:11:55 -------- d-----w- C:\Windows\SysWow64\CwkkIVrlOtxPuS

2011-11-11 08:10:58 -------- d-----w- C:\Windows\SysWow64\m55ssWJ7dEL8g

2011-11-11 08:09:56 -------- d-----w- C:\Windows\SysWow64\PA1uuvD2bF4

2011-11-11 08:08:56 -------- d-----w- C:\Windows\SysWow64\W6sWW77EL8gZhCw

2011-11-11 08:07:57 -------- d-----w- C:\Windows\SysWow64\CDDD3oonG4a

2011-11-11 08:06:59 -------- d-----w- C:\Windows\SysWow64\XTTZZqhhYw

2011-11-11 08:05:52 -------- d-----w- C:\Windows\SysWow64\WhhYYwwkUVeOBtP

2011-11-11 08:04:58 -------- d-----w- C:\Windows\SysWow64\NrrlOBBtxP0cS1v

2011-11-11 08:03:57 -------- d-----w- C:\Windows\SysWow64\O11uuvSS2o

2011-11-11 08:02:59 -------- d-----w- C:\Windows\SysWow64\kGG55aQHHdWK7R

2011-11-11 08:01:57 -------- d-----w- C:\Windows\SysWow64\LjYYCwkIVlONx0c

2011-11-11 08:00:59 -------- d-----w- C:\Windows\SysWow64\blOONttxP0u

2011-11-11 07:59:56 -------- d-----w- C:\z111ibbD3onGam6

2011-11-11 07:58:58 -------- d-----w- C:\Windows\SysWow64\WAA11ivvD

2011-11-11 07:57:57 -------- d-----w- C:\Windows\SysWow64\tmGG5aQJ6WK8R9T

2011-11-11 07:56:58 -------- d-----w- C:\Windows\SysWow64\lVelOBtzPyAiDoF

2011-11-11 07:55:59 -------- d-----w- C:\Windows\SysWow64\IP0ycA1iv2n4m5Q

2011-11-11 07:54:55 -------- d-----w- C:\Windows\SysWow64\YkUVrlOBtPySiDo

2011-11-11 07:53:56 -------- d-----w- C:\Windows\SysWow64\aibD3onG4m6W7E8

2011-11-11 07:52:59 -------- d-----w- C:\Windows\SysWow64\QzPP0ycA1vD2n4m

2011-11-11 07:51:59 -------- d-----w- C:\LL9gTZqjYwIrOtP

2011-11-11 07:50:58 -------- d-----w- C:\Windows\SysWow64\VwjjUVelBtzPyAu

2011-11-11 07:49:57 -------- d-----w- C:\Windows\SysWow64\pCCekIVrzOtx0c2

2011-11-11 07:48:59 -------- d-----w- C:\KbDD3pnGaQH6W7E

2011-11-11 07:47:59 -------- d-----w- C:\ZL99hTTXqjUekBz

2011-11-11 07:46:58 -------- d-----w- C:\Windows\SysWow64\YfEEL8gTqhYCkVl

2011-11-11 07:45:57 -------- d-----w- C:\Windows\SysWow64\tddWKK8fRL9hXqU

2011-11-11 07:44:53 -------- d-----w- C:\Windows\SysWow64\RF44pmH5sJ7dKgZ

2011-11-11 07:43:57 -------- d-----w- C:\Windows\SysWow64\GH66dWK7RL

2011-11-11 07:43:56 -------- d-----w- C:\BS22obF3pG5aJdK

2011-11-11 07:43:50 -------- d-----w- C:\Windows\SysWow64\rvvD2bb4pmGs

2011-11-11 07:43:49 -------- d-----w- C:\yYYXXkkVelBtPyA

2011-11-11 00:01:48 791720 ----a-w- C:\Windows\System32\PerfStringBackup.TMP

2011-11-10 21:06:31 -------- d-----w- C:\Users\Administrator\AppData\Roaming\SEEEL88gRZqhX

2011-11-10 21:04:55 -------- d-----w- C:\Users\Administrator\AppData\Roaming\F333pmmG5aQJdW8

2011-11-10 20:59:33 -------- d-----w- C:\Users\Administrator\AppData\Roaming\YwwwjUUVelItzPy

2011-11-10 20:58:57 -------- d-----w- C:\Users\Administrator\AppData\Roaming\l5W9Yzu3Q7Zkx1n

2011-11-10 20:57:59 -------- d-----w- C:\Users\Administrator\AppData\Roaming\WR1Z1R1fx7NaC1E

2011-11-10 20:56:58 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ZZwVOzyinQK9hwU

2011-11-10 20:55:51 -------- d-----w- C:\Users\Administrator\AppData\Roaming\zhhhTXXqjUCkIrz

2011-11-10 20:54:58 -------- d-----w- C:\Users\Administrator\AppData\Roaming\yyxxA0uuv2ib3pG

.

==================== Find3M ====================

.

2011-10-08 22:20:53 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-20 21:06:18 1426304 ---ha-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 18:44:41.22 ===============

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Here is the log from the TDSSKiller, it showed no infections but when I went to post this reply there is now a Privacy Protection shortcut on my desktop and both IE and Firefox both redirected me. I reboot back into safe mode and was now able to post this.

16:57:54.0262 1760 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

16:57:54.0699 1760 ============================================================

16:57:54.0699 1760 Current date / time: 2011/12/14 16:57:54.0699

16:57:54.0699 1760 SystemInfo:

16:57:54.0699 1760

16:57:54.0699 1760 OS Version: 6.0.6002 ServicePack: 2.0

16:57:54.0699 1760 Product type: Workstation

16:57:54.0699 1760 ComputerName: NEALBERG

16:57:54.0714 1760 UserName: Administrator

16:57:54.0714 1760 Windows directory: C:\Windows

16:57:54.0714 1760 System windows directory: C:\Windows

16:57:54.0714 1760 Running under WOW64

16:57:54.0714 1760 Processor architecture: Intel x64

16:57:54.0714 1760 Number of processors: 4

16:57:54.0714 1760 Page size: 0x1000

16:57:54.0714 1760 Boot type: Safe boot with network

16:57:54.0714 1760 ============================================================

16:57:55.0354 1760 Initialize success

16:58:39.0549 1724 ============================================================

16:58:39.0549 1724 Scan started

16:58:39.0549 1724 Mode: Manual; SigCheck; TDLFS;

16:58:39.0549 1724 ============================================================

16:58:40.0017 1724 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

16:58:40.0111 1724 ACPI - ok

16:58:40.0360 1724 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

16:58:40.0391 1724 adp94xx - ok

16:58:40.0438 1724 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

16:58:40.0454 1724 adpahci - ok

16:58:40.0485 1724 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

16:58:40.0485 1724 adpu160m - ok

16:58:40.0501 1724 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

16:58:40.0516 1724 adpu320 - ok

16:58:40.0563 1724 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys

16:58:40.0719 1724 AFD - ok

16:58:40.0719 1724 AFS - ok

16:58:40.0735 1724 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

16:58:40.0750 1724 agp440 - ok

16:58:40.0781 1724 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

16:58:40.0781 1724 aic78xx - ok

16:58:40.0813 1724 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

16:58:40.0813 1724 aliide - ok

16:58:40.0828 1724 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

16:58:40.0844 1724 amdide - ok

16:58:40.0859 1724 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

16:58:41.0000 1724 AmdK8 - ok

16:58:41.0015 1724 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

16:58:41.0031 1724 arc - ok

16:58:41.0047 1724 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

16:58:41.0062 1724 arcsas - ok

16:58:41.0078 1724 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

16:58:41.0140 1724 AsyncMac - ok

16:58:41.0156 1724 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

16:58:41.0171 1724 atapi - ok

16:58:41.0203 1724 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

16:58:41.0265 1724 blbdrive - ok

16:58:41.0296 1724 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

16:58:41.0359 1724 bowser - ok

16:58:41.0390 1724 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

16:58:41.0483 1724 BrFiltLo - ok

16:58:41.0499 1724 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

16:58:41.0561 1724 BrFiltUp - ok

16:58:41.0577 1724 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

16:58:41.0733 1724 Brserid - ok

16:58:41.0764 1724 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

16:58:41.0842 1724 BrSerWdm - ok

16:58:41.0858 1724 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

16:58:41.0936 1724 BrUsbMdm - ok

16:58:41.0951 1724 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

16:58:42.0014 1724 BrUsbSer - ok

16:58:42.0029 1724 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

16:58:42.0092 1724 BTHMODEM - ok

16:58:42.0123 1724 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

16:58:42.0170 1724 cdfs - ok

16:58:42.0201 1724 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

16:58:42.0232 1724 cdrom - ok

16:58:42.0263 1724 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

16:58:42.0341 1724 circlass - ok

16:58:42.0373 1724 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

16:58:42.0388 1724 CLFS - ok

16:58:42.0404 1724 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

16:58:42.0419 1724 cmdide - ok

16:58:42.0435 1724 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

16:58:42.0435 1724 Compbatt - ok

16:58:42.0451 1724 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

16:58:42.0451 1724 crcdisk - ok

16:58:42.0497 1724 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys

16:58:42.0575 1724 CSC - ok

16:58:42.0622 1724 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

16:58:42.0653 1724 DfsC - ok

16:58:42.0716 1724 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

16:58:42.0716 1724 disk - ok

16:58:42.0747 1724 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

16:58:42.0794 1724 drmkaud - ok

16:58:42.0856 1724 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

16:58:42.0903 1724 DXGKrnl - ok

16:58:42.0965 1724 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

16:58:43.0012 1724 E1G60 - ok

16:58:43.0059 1724 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

16:58:43.0075 1724 Ecache - ok

16:58:43.0106 1724 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

16:58:43.0137 1724 elxstor - ok

16:58:43.0168 1724 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

16:58:43.0215 1724 ErrDev - ok

16:58:43.0246 1724 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

16:58:43.0293 1724 exfat - ok

16:58:43.0324 1724 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

16:58:43.0371 1724 fastfat - ok

16:58:43.0418 1724 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

16:58:43.0465 1724 fdc - ok

16:58:43.0496 1724 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

16:58:43.0511 1724 FileInfo - ok

16:58:43.0527 1724 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

16:58:43.0589 1724 Filetrace - ok

16:58:43.0589 1724 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

16:58:43.0621 1724 flpydisk - ok

16:58:43.0652 1724 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

16:58:43.0667 1724 FltMgr - ok

16:58:43.0683 1724 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

16:58:43.0699 1724 Fs_Rec - ok

16:58:43.0745 1724 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys

16:58:43.0761 1724 fvevol - ok

16:58:43.0777 1724 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

16:58:43.0777 1724 gagp30kx - ok

16:58:43.0808 1724 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:58:43.0823 1724 GEARAspiWDM - ok

16:58:43.0855 1724 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys

16:58:43.0933 1724 HdAudAddService - ok

16:58:43.0964 1724 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:58:44.0089 1724 HDAudBus - ok

16:58:44.0120 1724 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

16:58:44.0182 1724 HidBth - ok

16:58:44.0198 1724 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

16:58:44.0307 1724 HidIr - ok

16:58:44.0354 1724 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

16:58:44.0385 1724 HidUsb - ok

16:58:44.0401 1724 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

16:58:44.0416 1724 HpCISSs - ok

16:58:44.0432 1724 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:\Windows\system32\Drivers\ANDROIDUSB.sys

16:58:44.0510 1724 HTCAND64 - ok

16:58:44.0541 1724 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

16:58:44.0619 1724 HTTP - ok

16:58:44.0650 1724 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

16:58:44.0666 1724 i2omp - ok

16:58:44.0681 1724 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

16:58:44.0713 1724 i8042prt - ok

16:58:44.0728 1724 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

16:58:44.0744 1724 iaStorV - ok

16:58:44.0759 1724 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

16:58:44.0775 1724 iirsp - ok

16:58:44.0822 1724 IntcAzAudAddService (82a719429fb3c09fc2f8e03a84584452) C:\Windows\system32\drivers\RTKVHD64.sys

16:58:44.0884 1724 IntcAzAudAddService - ok

16:58:44.0900 1724 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

16:58:44.0900 1724 intelide - ok

16:58:44.0915 1724 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

16:58:44.0962 1724 intelppm - ok

16:58:44.0993 1724 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:58:45.0025 1724 IpFilterDriver - ok

16:58:45.0056 1724 IpInIp - ok

16:58:45.0071 1724 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

16:58:45.0134 1724 IPMIDRV - ok

16:58:45.0149 1724 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

16:58:45.0196 1724 IPNAT - ok

16:58:45.0212 1724 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

16:58:45.0259 1724 IRENUM - ok

16:58:45.0274 1724 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

16:58:45.0274 1724 isapnp - ok

16:58:45.0305 1724 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

16:58:45.0321 1724 iScsiPrt - ok

16:58:45.0321 1724 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

16:58:45.0337 1724 iteatapi - ok

16:58:45.0337 1724 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

16:58:45.0337 1724 iteraid - ok

16:58:45.0352 1724 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

16:58:45.0352 1724 kbdclass - ok

16:58:45.0368 1724 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\drivers\kbdhid.sys

16:58:45.0415 1724 kbdhid - ok

16:58:45.0446 1724 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

16:58:45.0477 1724 KSecDD - ok

16:58:45.0508 1724 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

16:58:45.0571 1724 ksthunk - ok

16:58:45.0649 1724 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

16:58:45.0695 1724 lltdio - ok

16:58:45.0727 1724 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

16:58:45.0742 1724 LSI_FC - ok

16:58:45.0758 1724 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

16:58:45.0758 1724 LSI_SAS - ok

16:58:45.0773 1724 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

16:58:45.0789 1724 LSI_SCSI - ok

16:58:45.0805 1724 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

16:58:45.0867 1724 luafv - ok

16:58:45.0914 1724 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

16:58:45.0929 1724 megasas - ok

16:58:45.0945 1724 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

16:58:45.0976 1724 MegaSR - ok

16:58:45.0992 1724 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

16:58:46.0039 1724 Modem - ok

16:58:46.0054 1724 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

16:58:46.0101 1724 monitor - ok

16:58:46.0117 1724 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

16:58:46.0117 1724 mouclass - ok

16:58:46.0132 1724 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

16:58:46.0179 1724 mouhid - ok

16:58:46.0195 1724 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

16:58:46.0195 1724 MountMgr - ok

16:58:46.0226 1724 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

16:58:46.0226 1724 mpio - ok

16:58:46.0257 1724 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

16:58:46.0304 1724 mpsdrv - ok

16:58:46.0320 1724 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

16:58:46.0320 1724 Mraid35x - ok

16:58:46.0335 1724 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

16:58:46.0382 1724 MRxDAV - ok

16:58:46.0398 1724 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:58:46.0444 1724 mrxsmb - ok

16:58:46.0460 1724 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:58:46.0491 1724 mrxsmb10 - ok

16:58:46.0507 1724 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:58:46.0522 1724 mrxsmb20 - ok

16:58:46.0538 1724 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

16:58:46.0554 1724 msahci - ok

16:58:46.0569 1724 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

16:58:46.0600 1724 msdsm - ok

16:58:46.0616 1724 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

16:58:46.0647 1724 Msfs - ok

16:58:46.0678 1724 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

16:58:46.0678 1724 msisadrv - ok

16:58:46.0694 1724 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

16:58:46.0741 1724 MSKSSRV - ok

16:58:46.0756 1724 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

16:58:46.0803 1724 MSPCLOCK - ok

16:58:46.0819 1724 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

16:58:46.0850 1724 MSPQM - ok

16:58:46.0881 1724 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

16:58:46.0881 1724 MsRPC - ok

16:58:46.0897 1724 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

16:58:46.0912 1724 mssmbios - ok

16:58:46.0928 1724 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

16:58:46.0990 1724 MSTEE - ok

16:58:47.0022 1724 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys

16:58:47.0053 1724 MTsensor - ok

16:58:47.0100 1724 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

16:58:47.0100 1724 Mup - ok

16:58:47.0146 1724 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

16:58:47.0178 1724 NativeWifiP - ok

16:58:47.0209 1724 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

16:58:47.0240 1724 NDIS - ok

16:58:47.0256 1724 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

16:58:47.0287 1724 NdisTapi - ok

16:58:47.0302 1724 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

16:58:47.0349 1724 Ndisuio - ok

16:58:47.0380 1724 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

16:58:47.0412 1724 NdisWan - ok

16:58:47.0412 1724 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

16:58:47.0443 1724 NDProxy - ok

16:58:47.0443 1724 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

16:58:47.0505 1724 NetBIOS - ok

16:58:47.0536 1724 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

16:58:47.0583 1724 netbt - ok

16:58:47.0661 1724 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

16:58:47.0661 1724 nfrd960 - ok

16:58:47.0692 1724 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

16:58:47.0724 1724 Npfs - ok

16:58:47.0739 1724 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

16:58:47.0786 1724 nsiproxy - ok

16:58:47.0848 1724 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

16:58:47.0942 1724 Ntfs - ok

16:58:47.0989 1724 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys

16:58:47.0989 1724 NuidFltr - ok

16:58:48.0004 1724 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

16:58:48.0067 1724 Null - ok

16:58:48.0114 1724 NVENETFD (211d111d01d4b74015d4e58e84588f86) C:\Windows\system32\DRIVERS\nvmfdx64.sys

16:58:48.0176 1724 NVENETFD - ok

16:58:48.0301 1724 nvlddmkm (a5df29abbf2d86874104534aeca40378) C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:58:48.0550 1724 nvlddmkm - ok

16:58:48.0613 1724 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

16:58:48.0613 1724 nvraid - ok

16:58:48.0644 1724 nvrd64 (7ce4d9f3324e880720201b7cb779b644) C:\Windows\system32\drivers\nvrd64.sys

16:58:48.0660 1724 nvrd64 - ok

16:58:48.0675 1724 nvsmu (f6c6d8298dd85507f680437ec2e6899c) C:\Windows\system32\DRIVERS\nvsmu.sys

16:58:48.0675 1724 nvsmu - ok

16:58:48.0691 1724 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

16:58:48.0706 1724 nvstor - ok

16:58:48.0722 1724 nvstor64 (314dcf93e458d531146e1f5fa3e07f0c) C:\Windows\system32\drivers\nvstor64.sys

16:58:48.0722 1724 nvstor64 - ok

16:58:48.0753 1724 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

16:58:48.0753 1724 nv_agp - ok

16:58:48.0769 1724 NwlnkFlt - ok

16:58:48.0769 1724 NwlnkFwd - ok

16:58:48.0800 1724 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

16:58:48.0831 1724 ohci1394 - ok

16:58:48.0862 1724 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

16:58:48.0925 1724 Parport - ok

16:58:48.0956 1724 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

16:58:48.0972 1724 partmgr - ok

16:58:48.0987 1724 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

16:58:48.0987 1724 pci - ok

16:58:49.0018 1724 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

16:58:49.0018 1724 pciide - ok

16:58:49.0050 1724 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

16:58:49.0065 1724 pcmcia - ok

16:58:49.0081 1724 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

16:58:49.0206 1724 PEAUTH - ok

16:58:49.0237 1724 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

16:58:49.0268 1724 PptpMiniport - ok

16:58:49.0284 1724 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys

16:58:49.0330 1724 Processor - ok

16:58:49.0346 1724 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

16:58:49.0377 1724 PSched - ok

16:58:49.0393 1724 pwdrvio (9e97e62098fa1238d189181aab13c402) C:\Windows\system32\pwdrvio.sys

16:58:49.0502 1724 pwdrvio - ok

16:58:49.0518 1724 pwdspio (1a8011b9bd9b5cb53783e7f91109b946) C:\Windows\system32\pwdspio.sys

16:58:49.0518 1724 pwdspio - ok

16:58:49.0596 1724 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

16:58:49.0689 1724 ql2300 - ok

16:58:49.0720 1724 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

16:58:49.0736 1724 ql40xx - ok

16:58:49.0752 1724 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

16:58:49.0798 1724 QWAVEdrv - ok

16:58:49.0814 1724 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

16:58:49.0876 1724 RasAcd - ok

16:58:49.0923 1724 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:58:49.0970 1724 Rasl2tp - ok

16:58:50.0001 1724 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

16:58:50.0032 1724 RasPppoe - ok

16:58:50.0064 1724 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

16:58:50.0095 1724 RasSstp - ok

16:58:50.0142 1724 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

16:58:50.0157 1724 rdbss - ok

16:58:50.0188 1724 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:58:50.0220 1724 RDPCDD - ok

16:58:50.0251 1724 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys

16:58:50.0266 1724 rdpdr - ok

16:58:50.0282 1724 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

16:58:50.0313 1724 RDPENCDD - ok

16:58:50.0344 1724 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

16:58:50.0360 1724 RDPWD - ok

16:58:50.0391 1724 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

16:58:50.0454 1724 rspndr - ok

16:58:50.0485 1724 rt61x64 (a75904bea6be9c87ced65acffdcb18b2) C:\Windows\system32\DRIVERS\netr6164.sys

16:58:50.0532 1724 rt61x64 - ok

16:58:50.0594 1724 SbieDrv (ad7d7ee3721a777b6129b68c224f66ee) C:\Program Files\Sandboxie\SbieDrv.sys

16:58:50.0610 1724 SbieDrv - ok

16:58:50.0625 1724 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

16:58:50.0641 1724 sbp2port - ok

16:58:50.0672 1724 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:58:50.0734 1724 secdrv - ok

16:58:50.0781 1724 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

16:58:50.0828 1724 Serenum - ok

16:58:50.0859 1724 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

16:58:50.0890 1724 Serial - ok

16:58:50.0906 1724 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

16:58:50.0953 1724 sermouse - ok

16:58:50.0968 1724 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

16:58:51.0015 1724 sffdisk - ok

16:58:51.0031 1724 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

16:58:51.0062 1724 sffp_mmc - ok

16:58:51.0078 1724 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

16:58:51.0109 1724 sffp_sd - ok

16:58:51.0124 1724 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

16:58:51.0187 1724 sfloppy - ok

16:58:51.0234 1724 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

16:58:51.0249 1724 SiSRaid2 - ok

16:58:51.0265 1724 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

16:58:51.0265 1724 SiSRaid4 - ok

16:58:51.0296 1724 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

16:58:51.0327 1724 Smb - ok

16:58:51.0358 1724 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

16:58:51.0358 1724 spldr - ok

16:58:51.0390 1724 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

16:58:51.0483 1724 srv - ok

16:58:51.0499 1724 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

16:58:51.0546 1724 srv2 - ok

16:58:51.0561 1724 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

16:58:51.0577 1724 srvnet - ok

16:58:51.0608 1724 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys

16:58:51.0624 1724 StillCam - ok

16:58:51.0655 1724 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

16:58:51.0670 1724 swenum - ok

16:58:51.0686 1724 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

16:58:51.0702 1724 Symc8xx - ok

16:58:51.0717 1724 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

16:58:51.0717 1724 Sym_hi - ok

16:58:51.0748 1724 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

16:58:51.0748 1724 Sym_u3 - ok

16:58:51.0811 1724 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys

16:58:51.0873 1724 Tcpip - ok

16:58:51.0904 1724 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys

16:58:51.0951 1724 Tcpip6 - ok

16:58:51.0998 1724 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

16:58:52.0014 1724 tcpipreg - ok

16:58:52.0029 1724 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

16:58:52.0076 1724 TDPIPE - ok

16:58:52.0092 1724 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

16:58:52.0138 1724 TDTCP - ok

16:58:52.0154 1724 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

16:58:52.0201 1724 tdx - ok

16:58:52.0232 1724 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

16:58:52.0232 1724 TermDD - ok

16:58:52.0263 1724 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:58:52.0310 1724 tssecsrv - ok

16:58:52.0326 1724 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

16:58:52.0341 1724 tunmp - ok

16:58:52.0388 1724 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

16:58:52.0404 1724 tunnel - ok

16:58:52.0435 1724 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

16:58:52.0435 1724 uagp35 - ok

16:58:52.0482 1724 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

16:58:52.0528 1724 udfs - ok

16:58:52.0544 1724 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

16:58:52.0560 1724 uliagpkx - ok

16:58:52.0575 1724 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

16:58:52.0591 1724 uliahci - ok

16:58:52.0606 1724 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

16:58:52.0622 1724 UlSata - ok

16:58:52.0638 1724 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

16:58:52.0638 1724 ulsata2 - ok

16:58:52.0669 1724 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

16:58:52.0716 1724 umbus - ok

16:58:52.0716 1724 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys

16:58:52.0762 1724 UMPass - ok

16:58:52.0794 1724 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys

16:58:52.0825 1724 USBAAPL64 - ok

16:58:52.0840 1724 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

16:58:52.0887 1724 usbccgp - ok

16:58:52.0918 1724 USBCCID (f8e1cb9b8da037219953190cd2aca358) C:\Windows\system32\DRIVERS\usbccid.sys

16:58:52.0965 1724 USBCCID - ok

16:58:52.0981 1724 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

16:58:53.0043 1724 usbcir - ok

16:58:53.0106 1724 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

16:58:53.0137 1724 usbehci - ok

16:58:53.0184 1724 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

16:58:53.0230 1724 usbhub - ok

16:58:53.0246 1724 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys

16:58:53.0293 1724 usbohci - ok

16:58:53.0324 1724 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

16:58:53.0355 1724 usbprint - ok

16:58:53.0371 1724 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

16:58:53.0418 1724 usbscan - ok

16:58:53.0433 1724 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:58:53.0464 1724 USBSTOR - ok

16:58:53.0496 1724 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

16:58:53.0527 1724 usbuhci - ok

16:58:53.0558 1724 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

16:58:53.0605 1724 vga - ok

16:58:53.0620 1724 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

16:58:53.0652 1724 VgaSave - ok

16:58:53.0652 1724 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

16:58:53.0667 1724 viaide - ok

16:58:53.0683 1724 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

16:58:53.0698 1724 volmgr - ok

16:58:53.0730 1724 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

16:58:53.0761 1724 volmgrx - ok

16:58:53.0776 1724 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

16:58:53.0792 1724 volsnap - ok

16:58:53.0823 1724 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

16:58:53.0823 1724 vsmraid - ok

16:58:53.0886 1724 vvftav (e6cb71665c410d6cc3d44e796835ce32) C:\Windows\system32\drivers\vvftav.sys

16:58:53.0932 1724 vvftav - ok

16:58:53.0964 1724 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

16:58:54.0042 1724 WacomPen - ok

16:58:54.0073 1724 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

16:58:54.0104 1724 Wanarp - ok

16:58:54.0104 1724 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

16:58:54.0135 1724 Wanarpv6 - ok

16:58:54.0151 1724 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

16:58:54.0166 1724 Wd - ok

16:58:54.0198 1724 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

16:58:54.0244 1724 Wdf01000 - ok

16:58:54.0307 1724 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

16:58:54.0354 1724 WmiAcpi - ok

16:58:54.0400 1724 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

16:58:54.0432 1724 WpdUsb - ok

16:58:54.0447 1724 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

16:58:54.0494 1724 ws2ifsl - ok

16:58:54.0525 1724 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:58:54.0572 1724 WUDFRd - ok

16:58:54.0634 1724 ZSMC0305 (c48a0f1df0dba60010748dec8cc886b4) C:\Windows\system32\Drivers\usbVM305.sys

16:58:54.0759 1724 ZSMC0305 - ok

16:58:54.0759 1724 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

16:58:54.0822 1724 \Device\Harddisk0\DR0 - ok

16:58:54.0837 1724 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1

16:58:54.0915 1724 \Device\Harddisk1\DR1 - ok

16:58:54.0915 1724 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR7

16:58:55.0056 1724 \Device\Harddisk7\DR7 - ok

16:58:55.0056 1724 Boot (0x1200) (2e07a30537f34eb66393bbfc6ba7de38) \Device\Harddisk0\DR0\Partition0

16:58:55.0056 1724 \Device\Harddisk0\DR0\Partition0 - ok

16:58:55.0087 1724 Boot (0x1200) (88c0fdf897fdf8ae57bbaba30767c33e) \Device\Harddisk1\DR1\Partition0

16:58:55.0087 1724 \Device\Harddisk1\DR1\Partition0 - ok

16:58:55.0087 1724 Boot (0x1200) (57c2292f1e1a68b75ca5d29392701db7) \Device\Harddisk7\DR7\Partition0

16:58:55.0087 1724 \Device\Harddisk7\DR7\Partition0 - ok

16:58:55.0087 1724 ============================================================

16:58:55.0087 1724 Scan finished

16:58:55.0087 1724 ============================================================

16:58:55.0102 1916 Detected object count: 0

16:58:55.0102 1916 Actual detected object count: 0

16:59:15.0367 1640 Deinitialize success

16:59:16.0802 1892 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

16:59:17.0317 1892 ============================================================

16:59:17.0317 1892 Current date / time: 2011/12/14 16:59:17.0317

16:59:17.0317 1892 SystemInfo:

16:59:17.0317 1892

16:59:17.0317 1892 OS Version: 6.0.6002 ServicePack: 2.0

16:59:17.0317 1892 Product type: Workstation

16:59:17.0317 1892 ComputerName: NEALBERG

16:59:17.0317 1892 UserName: Administrator

16:59:17.0317 1892 Windows directory: C:\Windows

16:59:17.0317 1892 System windows directory: C:\Windows

16:59:17.0317 1892 Running under WOW64

16:59:17.0317 1892 Processor architecture: Intel x64

16:59:17.0317 1892 Number of processors: 4

16:59:17.0317 1892 Page size: 0x1000

16:59:17.0317 1892 Boot type: Safe boot with network

16:59:17.0317 1892 ============================================================

16:59:17.0660 1892 Initialize success

17:00:30.0591 1992 Deinitialize success

Link to post
Share on other sites

Good so far

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here is the combo fix log. As you said in the last post watch how your computer behaves. Just so I'm clear I ran ComboFix in Safemode but when it restarted I let it start in normal mode. When combo fix was making its log and now even after that windows errors have been coming up stating

TODO: <File Description has stopped working

grep.3xe has stopped working

pev.3xe has stopped working

Sed.3xe has stopped working

Freeware Implementation of Reg.exe has stopped working

Windows Command processor has stopped working

all of these come with the "Check online for a solution" or "Close the program" option.

They are just popping up randomly and if i just let it sit there either the same one will keep popping up or a variation of all of them.

Here is the combofix log

ComboFix 11-12-13.03 - Administrator 12/14/2011 17:24:31.1.4 - x64 NETWORK

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.1471 [GMT -7:00]

Running from: c:\users\Administrator\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Internet Explorer\48DB.tmp

c:\program files (x86)\Internet Explorer\80CA.tmp

c:\program files (x86)\Internet Explorer\96AD.tmp

c:\program files (x86)\Internet Explorer\F4B6.tmp

c:\program files (x86)\LP

c:\program files (x86)\LP\4221\4614.tmp

c:\program files (x86)\LP\4221\6EDF.tmp

c:\program files (x86)\LP\4221\76E4.tmp

c:\program files (x86)\LP\4221\824D.tmp

c:\program files (x86)\LP\4221\8DAF.tmp

c:\program files (x86)\LP\4221\A26B.exe

c:\program files (x86)\LP\4221\A26B.tmp

c:\program files (x86)\LP\4221\BE3C.tmp

c:\program files (x86)\LP\4221\C9A0.tmp

c:\program files (x86)\LP\4221\E38C.tmp

c:\program files (x86)\LP\4221\E983.exe

c:\program files (x86)\LP\4221\E983.tmp

c:\program files (x86)\LP\4221\F1CD.tmp

c:\program files (x86)\Mozilla Firefox\searchplugins\google_search.xml

c:\programdata\37C2.tmp

c:\programdata\privacy.exe

c:\programdata\SPL2CCB.tmp

c:\programdata\SPL2D79.tmp

c:\programdata\SPLF356.tmp

c:\programdata\SPLFE43.tmp

c:\users\Administrator\AppData\Local\._Revolution_

c:\users\Administrator\AppData\Local\nir.exe

c:\users\Administrator\AppData\Local\xeg.exe

c:\users\Administrator\AppData\Roaming\1C320

c:\users\Administrator\AppData\Roaming\1C320\018C.C32

c:\users\Administrator\AppData\Roaming\1C320\ADE42.exe

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\2jx3g74boy8c58nmukd8560gu512oxd24e3i

c:\users\Administrator\nah_ixgh.exe

c:\users\Public\Desktop\Privacy Protection.lnk

c:\users\Public\Uninstall.exe

c:\windows\svchost.exe

c:\windows\system32\consrv.dll

c:\windows\System64

c:\windows\SysWow64\odbcad32.exe

c:\windows\SysWow64\sqlite3.dll

c:\windows\VM305Cap.exe

D:\install.exe

c:\windows\system32\slwga.dll . . . . Failed to delete

c:\windows\system32\srrstr.dll . . . . Failed to delete

c:\windows\system32\systemcpl.dll . . . . Failed to delete

c:\windows\system32\termsrv.dll . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))

.

.

2071-07-25 16:13 . 2006-11-22 03:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2011-12-15 00:40 . 2011-12-15 00:40 -------- d-----w- c:\users\NEAL\AppData\Local\temp

2011-12-15 00:40 . 2011-12-15 00:40 -------- d-----w- c:\users\Mcx2\AppData\Local\temp

2011-12-15 00:40 . 2011-12-15 00:40 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2011-12-15 00:40 . 2011-12-15 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-15 00:05 . 2009-10-09 21:56 20480 ----a-w- c:\windows\svchost.exe

2011-12-09 02:47 . 2011-12-09 02:47 -------- d-sh--w- C:\found.000

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-08 22:20 . 2011-07-14 23:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-07 04:16 . 2011-11-10 00:07 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36F71D5C-7181-4C0B-9DC8-73F2B88EF9B0}\mpengine.dll

2011-09-20 21:06 . 2011-11-10 00:24 1426304 ---ha-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"SansaDispatch"="c:\users\Administrator\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-10-05 79872]

"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2011-09-29 16084992]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-01-12 592616]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"FaxCenterServer"="c:\program files (x86)\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984]

"BigDog305"="c:\windows\VM305_STI.EXE" [2007-01-05 61440]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-20 598016]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"HP Software Update"="c:\program files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

GigaTribe.lnk - c:\program files (x86)\GigaTribe\gigatribe.exe [2010-7-31 4425728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R0 AFS;AFS; [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe [2007-06-11 33712]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]

R3 rt61x64;Gigabyte RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr6164.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys [2007-03-09 1541120]

S2 a2free;a-squared Free Service;c:\program files (x86)\a-squared Free\a2service.exe [2008-12-17 419448]

S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 876976]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]

@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"

[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]

2011-09-29 21:27 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]

@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"

[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]

2011-09-29 21:27 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]

@="{A759AFF6-5851-457D-A540-F4ECED148351}"

[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]

2011-09-29 21:27 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]

@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"

[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]

2011-09-29 21:27 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-01-26 315936]

"NvSvc"="c:\windows\system32\nvsvc64.dll" [2008-06-19 580640]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 82464]

"lxdimon.exe"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]

"combofix"="c:\combofix\CF16422.3XE" [2008-01-21 363008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

LSP: %SYSTEMROOT%\system32\nvLsp.dll

TCP: Interfaces\{2684F062-F0EB-4EF0-AA66-8D07FFC7383F}: NameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cfed833&v=6.010.023.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 4

pref(dom.disable_open_during_load, false); FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{66bd2442-241b-44cd-8c7a-b51037053cdb} - (no file)

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Wow6432Node-HKCU-Run-Privacy Protection - c:\programdata\privacy.exe

Wow6432Node-HKU-Default-Run-volmgr - c:\windows\system32\config\systemprofile\AppData\Local\volmgr.exe

WebBrowser-{66BD2442-241B-44CD-8C7A-B51037053CDB} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\adobe\SHOCKW~1\UNWISE.EXE

AddRemove-Amazon MP3 Downloader - c:\users\Public\Uninstall.exe

AddRemove-Zygor Guides - c:\users\Public\Games\World of Warcraft\Interface\Addons\ZygorGuidesViewer\uninst.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{0941C58F-E461-4E03-BD7D-44C27392ADE1}"=hex:51,66,7a,6c,4c,1d,38,12,e1,c6,52,

0d,53,aa,6d,0b,c2,6b,07,82,76,cc,e9,f5

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:bc,2f,8f,f1,e8,8e,cc,01

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,3b,1b,8e,2d,07,

a3,63,c1,e2,0d,ad,fa,dd,72,e8,6b,56,d4

"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,3b,1b,05,a6,ea,

29,66,e3,4d,0c,9c,03,42,bb,a7,fb,65,85

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,05,47,

33,c5,0f,0e,02,b6,ab,85,e9,66,68,03,89

"{B0DE3308-5D5A-470D-81B9-634FC078393B}"=hex:51,66,7a,6c,4c,1d,3b,1b,18,2c,cd,

a9,69,09,66,03,9f,b1,29,0f,c1,3e,78,23

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,16,

e6,69,98,45,0a,a1,33,dc,a9,28,90,14,1b

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,f9,

a4,56,96,bb,55,a2,e5,4a,e0,c8,4c,f4,17

"{0941C58F-E461-4E03-BD7D-44C27392ADE1}"=hex:51,66,7a,6c,4c,1d,3b,1b,9f,da,52,

10,52,b0,68,0a,a3,75,0e,82,72,d4,ec,f9

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,cc,

01,9e,bc,e8,06,bb,9e,b0,17,8d,68,fc,db

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,3b,1b,02,ec,b1,

25,5d,3b,38,0f,b8,66,04,25,e5,d1,89,d8

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2e,96,

6b,f6,64,49,09,a9,f1,41,fc,1c,7e,e2,66

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e0,

ad,12,5a,32,0d,a4,2a,08,f3,01,c8,43,e7

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,db,

c2,76,f0,30,07,a2,7c,d6,65,c0,83,c9,b1

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (Administrator)

"Timestamp"=hex:f1,60,89,ec,5d,55,cc,01

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,8a,5b,b6,d0,de,fd,40,8e,0c,37,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,8a,5b,b6,d0,de,fd,40,8e,0c,37,\

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.CDA"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Word.Document.8"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IrfanView.gif"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M3U"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-1104749238-154474140-3436177791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]

@Denied: (2) (Administrator)

"Progid"="OpenOffice.org.Xls"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

Completion time: 2011-12-14 18:01:09 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-15 01:01

.

Post-Run: 245,996,392,448 bytes free

.

Link to post
Share on other sites

ZeroAccess/Max++ rootkit remover to remove ZeroAccess (Sirefef/MAX++) rootkit.

http://deletemalware.blogspot.com/2011/09/zeroaccesssirefefmax-rootkit-removal.html

1. Download the ZeroAccess/Max++ rootkit remover: http://anywhere.webrootcloudav.com/antizeroaccess.exe

2. Double-click on antizeroaccess icon to run it. It will ask you to verify that you want to perform a System scan. Type Y and press Enter.

antizeroaccess.jpg

Once finished, press Enter or any key to continue.

3. If your computer is infected with Zero Access rootkit, you'll see the following warning: Your system is infected!!

mrxsmb_sys.jpg

Infected file: mrxsmb.sys. In your case it might be different. Type Y and press Enter to perform system cleanup.

You should know see the notification that ZeroAccess rootkit has been successfully removed from the system. Press any key to exit the utility and restart your computer.

zeroaccess_cleaned.jpg

4. Run ZeroAccess/Max++ rootkit remover once again to confirm that ZeroAccess/Sirefef/MAX++ rootkit was successfully removed from your computer.

zeroaccess_not_found.jpg

5. Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

I just did want to add about behavior of the computer though. When I woke up this morning I checked the computer and it had about 50-75 of the

TODO: <File Description> has stopped working windows. The other thing I noticed is about once every 6 seconds the mouse arrow spins like its doing an action or thinking.

Link to post
Share on other sites

Okay...some issues...the first time I tried to run combofix its said it could not access it..I rebooted the computer and the unhackme program started running a scan which promptly froze up. Some of the same popup's kept coming up

NIRCMD has stopped working

Windows commmand processor has stopped working

Freeware implementation of REG.ESe

Grep.3xe

When I try to run combofix it give me an error "Incompatable OS combofix only works for workstations with windows 2000 and xp..this is the original one i downloaded when you first told me to.

Link to post
Share on other sites

Delete unhackme

Delete combofix and get a fresh download

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.