snotbowst Posted February 16, 2012 ID:527218 Share Posted February 16, 2012 I currently am infected with a Google redirect virus. Google sites are slow to load (my GMail refuses to load altogether) and links lead to bogus sites (I get gamblingpuma.com and gimmeanswers.com a lot). Malwarebytes and AdAware have failed to detect and remove the problem.Here is the DDS and Attach files.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514Run by Steve at 23:35:28 on 2012-02-15Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12269.9378 [GMT -5:00].AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\rundll32.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Steam\Steam.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit=userinit.exeBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dlluRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silentuRun: [Google Update] "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayStartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{CD789F30-E439-421F-86B0-5581BB647305} : DhcpNameServer = 209.18.47.61 209.18.47.62BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllmRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray.============= SERVICES / DRIVERS ===============.R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-15 652360]R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-26 2253120]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-1-26 17152]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?].=============== Created Last 30 ================.2012-02-15 10:48:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\offreg.dll2012-02-15 06:19:52 -------- d-----w- C:\Users\Steve\AppData\Roaming\Malwarebytes2012-02-15 06:19:50 -------- d-----w- C:\ProgramData\Malwarebytes2012-02-15 06:19:49 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-02-15 06:19:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-02-15 05:38:31 16432 ----a-w- C:\Windows\System32\lsdelete.exe2012-02-15 04:52:26 509952 ----a-w- C:\Windows\System32\ntshrui.dll2012-02-15 04:52:26 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll2012-02-15 04:52:14 515584 ----a-w- C:\Windows\System32\timedate.cpl2012-02-15 04:52:14 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl2012-02-15 04:52:13 3145728 ----a-w- C:\Windows\System32\win32k.sys2012-02-15 04:52:12 498688 ----a-w- C:\Windows\System32\drivers\afd.sys2012-02-15 04:52:09 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll2012-02-15 04:52:09 634880 ----a-w- C:\Windows\System32\msvcrt.dll2012-02-15 04:51:18 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\mpengine.dll2012-02-11 16:31:16 -------- d-----w- C:\Program Files (x86)\Etron Technology2012-02-11 06:19:39 -------- d--h--w- C:\Program Files (x86)\Temp2012-02-11 06:06:25 -------- d-----w- C:\Users\Steve\AppData\Roaming\Logishrd2012-02-11 05:59:02 -------- d-----w- C:\Users\Steve\AppData\Local\ElevatedDiagnostics2012-02-07 05:57:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-02-03 00:55:41 -------- d-----w- C:\Program Files (x86)\Mumble(PR Edition)2012-02-02 06:28:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\OpenOffice.org2012-02-02 00:19:07 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2012-02-02 00:16:36 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2012-02-02 00:16:36 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2012-02-02 00:16:36 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02012-02-02 00:16:35 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe2012-02-01 23:44:29 -------- d-----w- C:\Users\Steve\AppData\Local\PunkBuster2012-02-01 04:04:21 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 32012-01-31 05:51:27 14744 ----a-w- C:\Users\Steve\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll2012-01-31 05:49:10 -------- d-sh--w- C:\ProgramData\SecuROM2012-01-30 22:21:02 -------- d-----w- C:\Windows\System32\SPReview2012-01-30 22:19:48 -------- d-----w- C:\Windows\System32\EventProviders2012-01-30 22:18:39 1139200 ----a-w- C:\Windows\System32\FntCache.dll2012-01-30 22:18:38 902656 ----a-w- C:\Windows\System32\d2d1.dll2012-01-30 22:18:38 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll2012-01-30 22:18:38 1544192 ----a-w- C:\Windows\System32\DWrite.dll2012-01-30 22:18:38 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll2012-01-30 22:18:29 -------- d-----w- C:\Users\Steve\AppData\Local\Rockstar Games2012-01-29 16:08:04 -------- d-----w- C:\Windows\SysWow64\xlive2012-01-29 16:08:04 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE2012-01-28 20:04:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\Red Alert 32012-01-28 06:02:13 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe2012-01-28 05:57:53 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll2012-01-28 03:10:30 -------- d-----w- C:\Users\Steve\AppData\Roaming\SPORE2012-01-27 22:53:38 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks2012-01-27 19:01:14 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll2012-01-27 19:01:14 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll2012-01-27 19:01:14 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe2012-01-27 19:01:14 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll2012-01-27 19:01:14 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll2012-01-27 19:01:13 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll2012-01-27 19:01:12 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll2012-01-27 19:01:07 -------- d-----w- C:\Users\Steve\AppData\Local\Oblivion2012-01-27 09:22:25 48976 ----a-w- C:\Windows\System32\netfxperf.dll2012-01-27 09:22:21 1942856 ----a-w- C:\Windows\System32\dfshim.dll2012-01-27 09:20:59 488448 ----a-w- C:\Windows\System32\secproc.dll2012-01-27 09:19:59 955904 ----a-w- C:\Windows\System32\localspl.dll2012-01-27 09:18:59 40960 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll2012-01-27 09:17:59 21760 ----a-w- C:\Windows\System32\drivers\VMBusHID.sys2012-01-27 09:17:58 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui2012-01-27 09:17:58 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui2012-01-27 09:17:56 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui2012-01-27 09:17:56 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui2012-01-27 09:17:36 399872 ----a-w- C:\Windows\System32\dpx.dll2012-01-27 09:17:36 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll2012-01-27 09:17:33 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll2012-01-27 09:17:31 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll2012-01-27 09:17:31 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll2012-01-27 09:17:31 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll2012-01-27 09:17:01 529408 ----a-w- C:\Windows\System32\wbemcomn.dll2012-01-27 09:17:01 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll2012-01-27 09:16:59 244736 ----a-w- C:\Windows\System32\sqmapi.dll2012-01-27 08:47:33 -------- d-----w- C:\Windows\SysWow64\Wat2012-01-27 08:47:33 -------- d-----w- C:\Windows\System32\Wat2012-01-27 05:50:10 -------- d-----w- C:\Program Files (x86)\EA GAMES2012-01-27 05:47:20 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll2012-01-27 05:47:20 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll2012-01-27 05:47:20 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe2012-01-27 05:47:20 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll2012-01-27 05:47:20 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll2012-01-27 05:47:20 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll2012-01-27 05:47:15 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll2012-01-27 05:47:14 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll2012-01-27 03:57:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll2012-01-27 03:56:55 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys2012-01-27 03:55:39 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys2012-01-27 03:54:53 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax2012-01-27 03:53:40 421888 ----a-w- C:\Windows\System32\KernelBase.dll2012-01-27 03:52:52 974336 ----a-w- C:\Windows\System32\WFS.exe2012-01-27 00:40:51 -------- d-----w- C:\Users\Steve\AppData\Local\Skyrim2012-01-27 00:33:27 -------- d-----w- C:\Users\Steve\AppData\Roaming\NVIDIA2012-01-27 00:32:13 -------- d-----w- C:\Users\Steve\AppData\Roaming\.minecraft2012-01-27 00:31:41 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-01-27 00:20:46 -------- d-----w- C:\NVIDIA2012-01-26 23:49:12 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys2012-01-26 23:40:24 279656 ------w- C:\Windows\System32\MpSigStub.exe2012-01-26 23:39:52 -------- d-----w- C:\Users\Steve\AppData\Local\Google2012-01-26 23:39:37 -------- d-----w- C:\Users\Steve\AppData\Local\Apps2012-01-26 23:39:36 -------- d-----w- C:\Users\Steve\AppData\Local\Deployment2012-01-26 23:37:39 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll2012-01-26 23:37:39 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys2012-01-26 23:37:39 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll2012-01-26 23:37:35 -------- d-----w- C:\Program Files (x86)\Realtek2012-01-26 23:03:19 -------- d-----w- C:\Program Files (x86)\Common Files\Steam2012-01-26 23:03:18 -------- d-----w- C:\Program Files (x86)\Steam2012-01-26 22:51:15 -------- d-sh--w- C:\Windows\Installer2012-01-26 13:13:59 -------- d-----w- C:\Windows\Panther2012-01-25 17:12:10 -------- d-sh--w- C:\Recovery.==================== Find3M ====================.2012-01-30 22:28:01 175616 ----a-w- C:\Windows\System32\msclmd.dll2012-01-30 22:28:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll2011-12-23 12:12:12 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll.============= FINISH: 23:35:45.78 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 1/26/2012 5:48:26 PMSystem Uptime: 2/15/2012 3:20:13 AM (20 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | GA-970A-D3Processor: AMD FX-6100 Six-Core Processor | Socket M2 | 3300/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 466 GiB total, 335.676 GiB free.D: is CDROM (UDF)E: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP48: 2/15/2012 3:00:11 AM - Windows Update.==== Installed Programs ======================.Ad-AwareBattlefield 2Battlefield 2: Special ForcesCities XL 2011Command & Conquer™ Red Alert™ 3Etron USB3.0 Host ControllerGarry's ModGoogle ChromeGrand Theft Auto IVHalf-Life 2Java Auto UpdaterJava 6 Update 22Java 6 Update 30Just Cause 2Malwarebytes Anti-Malware version 1.60.1.1000Microsoft Games for Windows - LIVEMicrosoft Games for Windows - LIVE RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Mumble(PR edition) and Murmur(PR edition)NVIDIA PhysXNVIDIA Stereoscopic 3D DriverOblivionOpenOffice.org 3.3Project Reality: BF2PunkBuster ServicesRealtek Ethernet Controller DriverS.T.A.L.K.E.R.: Shadow of ChernobylSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)SPORE™SteamTeam Fortress 2The Elder Scrolls V: SkyrimUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)WinRAR 4.10 (32-bit).==== Event Viewer Messages From Past Week ========.2/15/2012 4:20:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.2/15/2012 4:20:18 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.2/15/2012 2:22:13 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit..==== End Of File ===========================DDS.txtAttach.txt Link to post Share on other sites More sharing options...
Maniac Posted February 16, 2012 ID:527290 Share Posted February 16, 2012 Hello snotbowst and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Step 1Please disable your Ad-Aware and its protection module Ad-Watch:http://www.bleepingcomputer.com/forums/topic114351.html/page__view__findpost__p__649847Launch Malwarebytes' Anti-MalwareGo to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 2Download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.Click the Start Scan button.If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.In your next post, please include:Malwarebytes' Anti-Malware logTDSSKiller loga new fresh DDS log file Link to post Share on other sites More sharing options...
snotbowst Posted February 16, 2012 Author ID:527293 Share Posted February 16, 2012 Thanks for the reply Maniac. Unfortunately neither of these tools detected anything.Malwarebytes Anti-Malware (Trial) 1.60.1.1000www.malwarebytes.orgDatabase version: v2012.02.16.02Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514Steve :: STEVE-PC [administrator]Protection: Enabled2/16/2012 8:38:42 AMmbam-log-2012-02-16 (08-38-42).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 194543Time elapsed: 1 minute(s), 13 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)08:40:27.0013 3788 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:1408:40:27.0325 3788 ============================================================08:40:27.0325 3788 Current date / time: 2012/02/16 08:40:27.032508:40:27.0325 3788 SystemInfo:08:40:27.0325 378808:40:27.0325 3788 OS Version: 6.1.7601 ServicePack: 1.008:40:27.0325 3788 Product type: Workstation08:40:27.0325 3788 ComputerName: STEVE-PC08:40:27.0325 3788 UserName: Steve08:40:27.0325 3788 Windows directory: C:\Windows08:40:27.0325 3788 System windows directory: C:\Windows08:40:27.0325 3788 Running under WOW6408:40:27.0325 3788 Processor architecture: Intel x6408:40:27.0325 3788 Number of processors: 608:40:27.0325 3788 Page size: 0x100008:40:27.0325 3788 Boot type: Normal boot08:40:27.0325 3788 ============================================================08:40:27.0886 3788 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x0000004008:40:27.0902 3788 \Device\Harddisk0\DR0:08:40:27.0902 3788 MBR used08:40:27.0902 3788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200008:40:27.0902 3788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A35300008:40:27.0964 3788 Initialize success08:40:27.0964 3788 ============================================================08:40:42.0536 0876 ============================================================08:40:42.0536 0876 Scan started08:40:42.0536 0876 Mode: Manual; SigCheck; TDLFS;08:40:42.0536 0876 ============================================================08:40:43.0144 0876 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys08:40:43.0254 0876 1394ohci - ok08:40:43.0300 0876 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys08:40:43.0316 0876 ACPI - ok08:40:43.0332 0876 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys08:40:43.0394 0876 AcpiPmi - ok08:40:43.0441 0876 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys08:40:43.0456 0876 adp94xx - ok08:40:43.0472 0876 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys08:40:43.0488 0876 adpahci - ok08:40:43.0503 0876 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys08:40:43.0519 0876 adpu320 - ok08:40:43.0550 0876 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys08:40:43.0566 0876 AFD - ok08:40:43.0597 0876 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys08:40:43.0612 0876 agp440 - ok08:40:43.0644 0876 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys08:40:43.0659 0876 aliide - ok08:40:43.0675 0876 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys08:40:43.0690 0876 amdide - ok08:40:43.0722 0876 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys08:40:43.0768 0876 AmdK8 - ok08:40:43.0784 0876 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys08:40:43.0815 0876 AmdPPM - ok08:40:43.0846 0876 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys08:40:43.0862 0876 amdsata - ok08:40:43.0878 0876 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys08:40:43.0878 0876 amdsbs - ok08:40:43.0909 0876 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys08:40:43.0909 0876 amdxata - ok08:40:43.0971 0876 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys08:40:44.0034 0876 AppID - ok08:40:44.0065 0876 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys08:40:44.0080 0876 arc - ok08:40:44.0080 0876 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys08:40:44.0096 0876 arcsas - ok08:40:44.0112 0876 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys08:40:44.0221 0876 AsyncMac - ok08:40:44.0236 0876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys08:40:44.0236 0876 atapi - ok08:40:44.0314 0876 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys08:40:44.0361 0876 b06bdrv - ok08:40:44.0392 0876 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys08:40:44.0408 0876 b57nd60a - ok08:40:44.0439 0876 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys08:40:44.0455 0876 Beep - ok08:40:44.0502 0876 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys08:40:44.0533 0876 blbdrive - ok08:40:44.0564 0876 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys08:40:44.0580 0876 bowser - ok08:40:44.0611 0876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys08:40:44.0673 0876 BrFiltLo - ok08:40:44.0673 0876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys08:40:44.0689 0876 BrFiltUp - ok08:40:44.0720 0876 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys08:40:44.0767 0876 Brserid - ok08:40:44.0767 0876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys08:40:44.0814 0876 BrSerWdm - ok08:40:44.0845 0876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys08:40:44.0860 0876 BrUsbMdm - ok08:40:44.0876 0876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys08:40:44.0923 0876 BrUsbSer - ok08:40:44.0970 0876 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys08:40:45.0001 0876 BTHMODEM - ok08:40:45.0048 0876 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys08:40:45.0094 0876 cdfs - ok08:40:45.0141 0876 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys08:40:45.0157 0876 cdrom - ok08:40:45.0172 0876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys08:40:45.0188 0876 circlass - ok08:40:45.0235 0876 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys08:40:45.0250 0876 CLFS - ok08:40:45.0313 0876 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys08:40:45.0344 0876 CmBatt - ok08:40:45.0375 0876 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys08:40:45.0375 0876 cmdide - ok08:40:45.0422 0876 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys08:40:45.0438 0876 CNG - ok08:40:45.0459 0876 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys08:40:45.0467 0876 Compbatt - ok08:40:45.0495 0876 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys08:40:45.0526 0876 CompositeBus - ok08:40:45.0568 0876 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys08:40:45.0576 0876 crcdisk - ok08:40:45.0628 0876 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys08:40:45.0678 0876 CSC - ok08:40:45.0728 0876 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys08:40:45.0774 0876 DfsC - ok08:40:45.0800 0876 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys08:40:45.0875 0876 discache - ok08:40:45.0895 0876 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys08:40:45.0904 0876 Disk - ok08:40:45.0945 0876 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys08:40:45.0980 0876 drmkaud - ok08:40:46.0023 0876 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys08:40:46.0047 0876 DXGKrnl - ok08:40:46.0158 0876 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys08:40:46.0265 0876 ebdrv - ok08:40:46.0307 0876 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys08:40:46.0323 0876 elxstor - ok08:40:46.0363 0876 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys08:40:46.0388 0876 ErrDev - ok08:40:46.0428 0876 EtronHub3 (d182c5a0d436c8fd8c08a5424a3448fa) C:\Windows\system32\Drivers\EtronHub3.sys08:40:46.0474 0876 EtronHub3 - ok08:40:46.0505 0876 EtronXHCI (cad747aceb8e693b3d92613655602219) C:\Windows\system32\Drivers\EtronXHCI.sys08:40:46.0536 0876 EtronXHCI - ok08:40:46.0580 0876 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys08:40:46.0629 0876 exfat - ok08:40:46.0651 0876 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys08:40:46.0712 0876 fastfat - ok08:40:46.0733 0876 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys08:40:46.0743 0876 fdc - ok08:40:46.0760 0876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys08:40:46.0768 0876 FileInfo - ok08:40:46.0782 0876 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys08:40:46.0829 0876 Filetrace - ok08:40:46.0836 0876 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys08:40:46.0845 0876 flpydisk - ok08:40:46.0895 0876 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys08:40:46.0907 0876 FltMgr - ok08:40:46.0920 0876 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys08:40:46.0924 0876 FsDepends - ok08:40:46.0940 0876 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys08:40:46.0940 0876 Fs_Rec - ok08:40:47.0002 0876 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys08:40:47.0002 0876 fvevol - ok08:40:47.0033 0876 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys08:40:47.0033 0876 gagp30kx - ok08:40:47.0049 0876 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys08:40:47.0096 0876 hcw85cir - ok08:40:47.0127 0876 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys08:40:47.0143 0876 HdAudAddService - ok08:40:47.0205 0876 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys08:40:47.0236 0876 HDAudBus - ok08:40:47.0283 0876 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys08:40:47.0314 0876 HidBatt - ok08:40:47.0314 0876 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys08:40:47.0345 0876 HidBth - ok08:40:47.0345 0876 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys08:40:47.0392 0876 HidIr - ok08:40:47.0455 0876 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys08:40:47.0517 0876 HidUsb - ok08:40:47.0548 0876 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys08:40:47.0564 0876 HpSAMD - ok08:40:47.0611 0876 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys08:40:47.0673 0876 HTTP - ok08:40:47.0704 0876 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys08:40:47.0720 0876 hwpolicy - ok08:40:47.0767 0876 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys08:40:47.0782 0876 i8042prt - ok08:40:47.0813 0876 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys08:40:47.0829 0876 iaStorV - ok08:40:47.0845 0876 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys08:40:47.0860 0876 iirsp - ok08:40:47.0876 0876 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys08:40:47.0891 0876 intelide - ok08:40:47.0923 0876 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys08:40:47.0923 0876 intelppm - ok08:40:47.0969 0876 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys08:40:48.0016 0876 IpFilterDriver - ok08:40:48.0032 0876 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys08:40:48.0063 0876 IPMIDRV - ok08:40:48.0094 0876 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys08:40:48.0141 0876 IPNAT - ok08:40:48.0172 0876 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys08:40:48.0250 0876 IRENUM - ok08:40:48.0266 0876 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys08:40:48.0266 0876 isapnp - ok08:40:48.0281 0876 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys08:40:48.0297 0876 iScsiPrt - ok08:40:48.0328 0876 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys08:40:48.0328 0876 kbdclass - ok08:40:48.0359 0876 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys08:40:48.0375 0876 kbdhid - ok08:40:48.0422 0876 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys08:40:48.0437 0876 KSecDD - ok08:40:48.0453 0876 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys08:40:48.0453 0876 KSecPkg - ok08:40:48.0484 0876 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys08:40:48.0531 0876 ksthunk - ok08:40:48.0562 0876 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys08:40:48.0609 0876 Lbd - ok08:40:48.0640 0876 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys08:40:48.0671 0876 lltdio - ok08:40:48.0718 0876 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys08:40:48.0718 0876 LSI_FC - ok08:40:48.0734 0876 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys08:40:48.0749 0876 LSI_SAS - ok08:40:48.0765 0876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys08:40:48.0765 0876 LSI_SAS2 - ok08:40:48.0796 0876 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys08:40:48.0796 0876 LSI_SCSI - ok08:40:48.0827 0876 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys08:40:48.0859 0876 luafv - ok08:40:48.0890 0876 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys08:40:48.0890 0876 MBAMProtector - ok08:40:48.0921 0876 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys08:40:48.0921 0876 megasas - ok08:40:48.0937 0876 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys08:40:48.0952 0876 MegaSR - ok08:40:48.0968 0876 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys08:40:49.0015 0876 Modem - ok08:40:49.0046 0876 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys08:40:49.0077 0876 monitor - ok08:40:49.0124 0876 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys08:40:49.0139 0876 mouclass - ok08:40:49.0155 0876 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys08:40:49.0186 0876 mouhid - ok08:40:49.0217 0876 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys08:40:49.0233 0876 mountmgr - ok08:40:49.0264 0876 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys08:40:49.0264 0876 mpio - ok08:40:49.0295 0876 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys08:40:49.0342 0876 mpsdrv - ok08:40:49.0373 0876 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys08:40:49.0405 0876 MRxDAV - ok08:40:49.0436 0876 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys08:40:49.0483 0876 mrxsmb - ok08:40:49.0529 0876 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys08:40:49.0529 0876 mrxsmb10 - ok08:40:49.0545 0876 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys08:40:49.0576 0876 mrxsmb20 - ok08:40:49.0607 0876 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys08:40:49.0626 0876 msahci - ok08:40:49.0649 0876 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys08:40:49.0659 0876 msdsm - ok08:40:49.0689 0876 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys08:40:49.0717 0876 Msfs - ok08:40:49.0731 0876 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys08:40:49.0778 0876 mshidkmdf - ok08:40:49.0813 0876 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys08:40:49.0822 0876 msisadrv - ok08:40:49.0855 0876 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys08:40:49.0899 0876 MSKSSRV - ok08:40:49.0926 0876 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys08:40:49.0970 0876 MSPCLOCK - ok08:40:49.0976 0876 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys08:40:50.0005 0876 MSPQM - ok08:40:50.0047 0876 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys08:40:50.0060 0876 MsRPC - ok08:40:50.0085 0876 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys08:40:50.0092 0876 mssmbios - ok08:40:50.0110 0876 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys08:40:50.0162 0876 MSTEE - ok08:40:50.0169 0876 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys08:40:50.0181 0876 MTConfig - ok08:40:50.0217 0876 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys08:40:50.0225 0876 Mup - ok08:40:50.0250 0876 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys08:40:50.0289 0876 NativeWifiP - ok08:40:50.0356 0876 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys08:40:50.0380 0876 NDIS - ok08:40:50.0417 0876 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys08:40:50.0466 0876 NdisCap - ok08:40:50.0492 0876 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys08:40:50.0521 0876 NdisTapi - ok08:40:50.0553 0876 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys08:40:50.0582 0876 Ndisuio - ok08:40:50.0615 0876 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys08:40:50.0660 0876 NdisWan - ok08:40:50.0691 0876 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys08:40:50.0723 0876 NDProxy - ok08:40:50.0785 0876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys08:40:50.0832 0876 NetBIOS - ok08:40:50.0910 0876 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys08:40:50.0957 0876 NetBT - ok08:40:50.0988 0876 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys08:40:51.0003 0876 nfrd960 - ok08:40:51.0019 0876 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys08:40:51.0066 0876 Npfs - ok08:40:51.0097 0876 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys08:40:51.0128 0876 nsiproxy - ok08:40:51.0175 0876 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys08:40:51.0222 0876 Ntfs - ok08:40:51.0242 0876 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys08:40:51.0271 0876 Null - ok08:40:51.0309 0876 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys08:40:51.0318 0876 NVHDA - ok08:40:51.0517 0876 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys08:40:51.0813 0876 nvlddmkm - ok08:40:51.0849 0876 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys08:40:51.0858 0876 nvraid - ok08:40:51.0869 0876 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys08:40:51.0879 0876 nvstor - ok08:40:51.0914 0876 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys08:40:51.0924 0876 nv_agp - ok08:40:51.0955 0876 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys08:40:51.0992 0876 ohci1394 - ok08:40:52.0035 0876 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys08:40:52.0046 0876 Parport - ok08:40:52.0082 0876 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys08:40:52.0090 0876 partmgr - ok08:40:52.0110 0876 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys08:40:52.0121 0876 pci - ok08:40:52.0144 0876 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys08:40:52.0152 0876 pciide - ok08:40:52.0169 0876 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys08:40:52.0179 0876 pcmcia - ok08:40:52.0193 0876 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys08:40:52.0200 0876 pcw - ok08:40:52.0233 0876 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys08:40:52.0290 0876 PEAUTH - ok08:40:52.0361 0876 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys08:40:52.0408 0876 PptpMiniport - ok08:40:52.0439 0876 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys08:40:52.0470 0876 Processor - ok08:40:52.0533 0876 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys08:40:52.0579 0876 Psched - ok08:40:52.0626 0876 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys08:40:52.0673 0876 ql2300 - ok08:40:52.0673 0876 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys08:40:52.0689 0876 ql40xx - ok08:40:52.0704 0876 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys08:40:52.0720 0876 QWAVEdrv - ok08:40:52.0735 0876 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys08:40:52.0767 0876 RasAcd - ok08:40:52.0782 0876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys08:40:52.0813 0876 RasAgileVpn - ok08:40:52.0845 0876 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys08:40:52.0891 0876 Rasl2tp - ok08:40:52.0923 0876 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys08:40:52.0969 0876 RasPppoe - ok08:40:52.0985 0876 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys08:40:53.0016 0876 RasSstp - ok08:40:53.0063 0876 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys08:40:53.0110 0876 rdbss - ok08:40:53.0125 0876 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys08:40:53.0157 0876 rdpbus - ok08:40:53.0188 0876 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys08:40:53.0219 0876 RDPCDD - ok08:40:53.0266 0876 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys08:40:53.0281 0876 RDPDR - ok08:40:53.0313 0876 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys08:40:53.0359 0876 RDPENCDD - ok08:40:53.0391 0876 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys08:40:53.0406 0876 RDPREFMP - ok08:40:53.0453 0876 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys08:40:53.0500 0876 RDPWD - ok08:40:53.0562 0876 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys08:40:53.0578 0876 rdyboost - ok08:40:53.0609 0876 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys08:40:53.0656 0876 rspndr - ok08:40:53.0702 0876 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys08:40:53.0718 0876 RTL8167 - ok08:40:53.0755 0876 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys08:40:53.0773 0876 s3cap - ok08:40:53.0789 0876 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys08:40:53.0799 0876 sbp2port - ok08:40:53.0842 0876 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys08:40:53.0886 0876 scfilter - ok08:40:53.0927 0876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys08:40:53.0979 0876 secdrv - ok08:40:54.0005 0876 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys08:40:54.0038 0876 Serenum - ok08:40:54.0066 0876 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys08:40:54.0077 0876 Serial - ok08:40:54.0163 0876 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys08:40:54.0193 0876 sermouse - ok08:40:54.0224 0876 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys08:40:54.0275 0876 sffdisk - ok08:40:54.0289 0876 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys08:40:54.0298 0876 sffp_mmc - ok08:40:54.0309 0876 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys08:40:54.0339 0876 sffp_sd - ok08:40:54.0374 0876 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys08:40:54.0384 0876 sfloppy - ok08:40:54.0408 0876 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys08:40:54.0417 0876 SiSRaid2 - ok08:40:54.0433 0876 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys08:40:54.0442 0876 SiSRaid4 - ok08:40:54.0470 0876 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys08:40:54.0500 0876 Smb - ok08:40:54.0542 0876 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys08:40:54.0549 0876 spldr - ok08:40:54.0589 0876 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys08:40:54.0643 0876 srv - ok08:40:54.0659 0876 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys08:40:54.0690 0876 srv2 - ok08:40:54.0737 0876 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys08:40:54.0753 0876 srvnet - ok08:40:54.0815 0876 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys08:40:54.0815 0876 stexstor - ok08:40:54.0846 0876 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys08:40:54.0862 0876 storflt - ok08:40:54.0877 0876 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys08:40:54.0893 0876 storvsc - ok08:40:54.0909 0876 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys08:40:54.0909 0876 swenum - ok08:40:54.0971 0876 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys08:40:55.0033 0876 Tcpip - ok08:40:55.0065 0876 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys08:40:55.0096 0876 TCPIP6 - ok08:40:55.0143 0876 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys08:40:55.0174 0876 tcpipreg - ok08:40:55.0189 0876 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys08:40:55.0221 0876 TDPIPE - ok08:40:55.0221 0876 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys08:40:55.0252 0876 TDTCP - ok08:40:55.0299 0876 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys08:40:55.0330 0876 tdx - ok08:40:55.0345 0876 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys08:40:55.0361 0876 TermDD - ok08:40:55.0408 0876 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys08:40:55.0455 0876 tssecsrv - ok08:40:55.0517 0876 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys08:40:55.0548 0876 TsUsbFlt - ok08:40:55.0595 0876 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys08:40:55.0642 0876 tunnel - ok08:40:55.0673 0876 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys08:40:55.0695 0876 uagp35 - ok08:40:55.0719 0876 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys08:40:55.0751 0876 udfs - ok08:40:55.0791 0876 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys08:40:55.0800 0876 uliagpkx - ok08:40:55.0863 0876 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys08:40:55.0910 0876 umbus - ok08:40:55.0992 0876 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys08:40:56.0017 0876 UmPass - ok08:40:56.0051 0876 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys08:40:56.0077 0876 usbccgp - ok08:40:56.0116 0876 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys08:40:56.0146 0876 usbcir - ok08:40:56.0170 0876 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys08:40:56.0196 0876 usbehci - ok08:40:56.0236 0876 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys08:40:56.0265 0876 usbhub - ok08:40:56.0290 0876 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys08:40:56.0321 0876 usbohci - ok08:40:56.0365 0876 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys08:40:56.0401 0876 usbprint - ok08:40:56.0423 0876 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS08:40:56.0467 0876 USBSTOR - ok08:40:56.0481 0876 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys08:40:56.0509 0876 usbuhci - ok08:40:56.0546 0876 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys08:40:56.0554 0876 vdrvroot - ok08:40:56.0583 0876 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys08:40:56.0595 0876 vga - ok08:40:56.0620 0876 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys08:40:56.0661 0876 VgaSave - ok08:40:56.0707 0876 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys08:40:56.0723 0876 vhdmp - ok08:40:56.0739 0876 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys08:40:56.0754 0876 viaide - ok08:40:56.0770 0876 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys08:40:56.0785 0876 vmbus - ok08:40:56.0817 0876 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys08:40:56.0848 0876 VMBusHID - ok08:40:56.0879 0876 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys08:40:56.0879 0876 volmgr - ok08:40:56.0926 0876 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys08:40:56.0941 0876 volmgrx - ok08:40:56.0957 0876 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys08:40:56.0957 0876 volsnap - ok08:40:56.0988 0876 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys08:40:56.0988 0876 vsmraid - ok08:40:57.0004 0876 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys08:40:57.0035 0876 vwifibus - ok08:40:57.0066 0876 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys08:40:57.0113 0876 WacomPen - ok08:40:57.0160 0876 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys08:40:57.0191 0876 WANARP - ok08:40:57.0191 0876 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys08:40:57.0222 0876 Wanarpv6 - ok08:40:57.0238 0876 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys08:40:57.0238 0876 Wd - ok08:40:57.0269 0876 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys08:40:57.0285 0876 Wdf01000 - ok08:40:57.0331 0876 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys08:40:57.0347 0876 WfpLwf - ok08:40:57.0363 0876 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys08:40:57.0378 0876 WIMMount - ok08:40:57.0425 0876 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys08:40:57.0456 0876 WmiAcpi - ok08:40:57.0487 0876 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys08:40:57.0519 0876 ws2ifsl - ok08:40:57.0550 0876 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys08:40:57.0597 0876 WudfPf - ok08:40:57.0643 0876 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys08:40:57.0675 0876 WUDFRd - ok08:40:57.0709 0876 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR008:40:57.0846 0876 \Device\Harddisk0\DR0 - ok08:40:57.0848 0876 Boot (0x1200) (69f80c526140b7943a9e7132e1f1b587) \Device\Harddisk0\DR0\Partition008:40:57.0849 0876 \Device\Harddisk0\DR0\Partition0 - ok08:40:57.0877 0876 Boot (0x1200) (eeaaf19d1c99eb5d720b710fa3a87f28) \Device\Harddisk0\DR0\Partition108:40:57.0879 0876 \Device\Harddisk0\DR0\Partition1 - ok08:40:57.0880 0876 ============================================================08:40:57.0880 0876 Scan finished08:40:57.0880 0876 ============================================================08:40:57.0888 3892 Detected object count: 008:40:57.0888 3892 Actual detected object count: 0.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514Run by Steve at 8:44:14 on 2012-02-16Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12269.9481 [GMT -5:00].AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\rundll32.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Steam\Steam.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\notepad.exeC:\Users\Steve\Downloads\tdsskiller.exeC:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit=userinit.exeBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dlluRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silentuRun: [Google Update] "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayStartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{CD789F30-E439-421F-86B0-5581BB647305} : DhcpNameServer = 209.18.47.61 209.18.47.62BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllmRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray.============= SERVICES / DRIVERS ===============.R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-15 652360]R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-26 2253120]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?].=============== Created Last 30 ================.2012-02-15 10:48:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\offreg.dll2012-02-15 06:19:52 -------- d-----w- C:\Users\Steve\AppData\Roaming\Malwarebytes2012-02-15 06:19:50 -------- d-----w- C:\ProgramData\Malwarebytes2012-02-15 06:19:49 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-02-15 06:19:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-02-15 05:38:31 16432 ----a-w- C:\Windows\System32\lsdelete.exe2012-02-15 04:52:26 509952 ----a-w- C:\Windows\System32\ntshrui.dll2012-02-15 04:52:26 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll2012-02-15 04:52:14 515584 ----a-w- C:\Windows\System32\timedate.cpl2012-02-15 04:52:14 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl2012-02-15 04:52:13 3145728 ----a-w- C:\Windows\System32\win32k.sys2012-02-15 04:52:12 498688 ----a-w- C:\Windows\System32\drivers\afd.sys2012-02-15 04:52:09 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll2012-02-15 04:52:09 634880 ----a-w- C:\Windows\System32\msvcrt.dll2012-02-15 04:51:18 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\mpengine.dll2012-02-11 16:31:16 -------- d-----w- C:\Program Files (x86)\Etron Technology2012-02-11 06:19:39 -------- d--h--w- C:\Program Files (x86)\Temp2012-02-11 06:06:25 -------- d-----w- C:\Users\Steve\AppData\Roaming\Logishrd2012-02-11 05:59:02 -------- d-----w- C:\Users\Steve\AppData\Local\ElevatedDiagnostics2012-02-07 05:57:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-02-03 00:55:41 -------- d-----w- C:\Program Files (x86)\Mumble(PR Edition)2012-02-02 06:28:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\OpenOffice.org2012-02-02 00:19:07 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2012-02-02 00:16:36 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2012-02-02 00:16:36 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2012-02-02 00:16:36 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02012-02-02 00:16:35 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe2012-02-01 23:44:29 -------- d-----w- C:\Users\Steve\AppData\Local\PunkBuster2012-02-01 04:04:21 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 32012-01-31 05:51:27 14744 ----a-w- C:\Users\Steve\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll2012-01-31 05:49:10 -------- d-sh--w- C:\ProgramData\SecuROM2012-01-30 22:21:02 -------- d-----w- C:\Windows\System32\SPReview2012-01-30 22:19:48 -------- d-----w- C:\Windows\System32\EventProviders2012-01-30 22:18:39 1139200 ----a-w- C:\Windows\System32\FntCache.dll2012-01-30 22:18:38 902656 ----a-w- C:\Windows\System32\d2d1.dll2012-01-30 22:18:38 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll2012-01-30 22:18:38 1544192 ----a-w- C:\Windows\System32\DWrite.dll2012-01-30 22:18:38 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll2012-01-30 22:18:29 -------- d-----w- C:\Users\Steve\AppData\Local\Rockstar Games2012-01-29 16:08:04 -------- d-----w- C:\Windows\SysWow64\xlive2012-01-29 16:08:04 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE2012-01-28 20:04:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\Red Alert 32012-01-28 06:02:13 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe2012-01-28 05:57:53 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll2012-01-28 03:10:30 -------- d-----w- C:\Users\Steve\AppData\Roaming\SPORE2012-01-27 22:53:38 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks2012-01-27 19:01:14 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll2012-01-27 19:01:14 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll2012-01-27 19:01:14 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe2012-01-27 19:01:14 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll2012-01-27 19:01:14 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll2012-01-27 19:01:13 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll2012-01-27 19:01:12 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll2012-01-27 19:01:07 -------- d-----w- C:\Users\Steve\AppData\Local\Oblivion2012-01-27 09:22:25 48976 ----a-w- C:\Windows\System32\netfxperf.dll2012-01-27 09:22:21 1942856 ----a-w- C:\Windows\System32\dfshim.dll2012-01-27 09:20:59 488448 ----a-w- C:\Windows\System32\secproc.dll2012-01-27 09:19:59 955904 ----a-w- C:\Windows\System32\localspl.dll2012-01-27 09:18:59 40960 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll2012-01-27 09:17:59 21760 ----a-w- C:\Windows\System32\drivers\VMBusHID.sys2012-01-27 09:17:58 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui2012-01-27 09:17:58 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui2012-01-27 09:17:56 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui2012-01-27 09:17:56 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui2012-01-27 09:17:36 399872 ----a-w- C:\Windows\System32\dpx.dll2012-01-27 09:17:36 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll2012-01-27 09:17:33 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll2012-01-27 09:17:31 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll2012-01-27 09:17:31 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll2012-01-27 09:17:31 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll2012-01-27 09:17:01 529408 ----a-w- C:\Windows\System32\wbemcomn.dll2012-01-27 09:17:01 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll2012-01-27 09:16:59 244736 ----a-w- C:\Windows\System32\sqmapi.dll2012-01-27 08:47:33 -------- d-----w- C:\Windows\SysWow64\Wat2012-01-27 08:47:33 -------- d-----w- C:\Windows\System32\Wat2012-01-27 05:50:10 -------- d-----w- C:\Program Files (x86)\EA GAMES2012-01-27 05:47:20 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll2012-01-27 05:47:20 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll2012-01-27 05:47:20 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe2012-01-27 05:47:20 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll2012-01-27 05:47:20 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll2012-01-27 05:47:20 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll2012-01-27 05:47:15 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll2012-01-27 05:47:14 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll2012-01-27 03:57:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll2012-01-27 03:56:55 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys2012-01-27 03:55:39 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys2012-01-27 03:54:53 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax2012-01-27 03:53:40 421888 ----a-w- C:\Windows\System32\KernelBase.dll2012-01-27 03:52:52 974336 ----a-w- C:\Windows\System32\WFS.exe2012-01-27 00:40:51 -------- d-----w- C:\Users\Steve\AppData\Local\Skyrim2012-01-27 00:33:27 -------- d-----w- C:\Users\Steve\AppData\Roaming\NVIDIA2012-01-27 00:32:13 -------- d-----w- C:\Users\Steve\AppData\Roaming\.minecraft2012-01-27 00:31:41 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-01-27 00:20:46 -------- d-----w- C:\NVIDIA2012-01-26 23:49:12 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys2012-01-26 23:40:24 279656 ------w- C:\Windows\System32\MpSigStub.exe2012-01-26 23:39:52 -------- d-----w- C:\Users\Steve\AppData\Local\Google2012-01-26 23:39:37 -------- d-----w- C:\Users\Steve\AppData\Local\Apps2012-01-26 23:39:36 -------- d-----w- C:\Users\Steve\AppData\Local\Deployment2012-01-26 23:37:39 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll2012-01-26 23:37:39 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys2012-01-26 23:37:39 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll2012-01-26 23:37:35 -------- d-----w- C:\Program Files (x86)\Realtek2012-01-26 23:03:19 -------- d-----w- C:\Program Files (x86)\Common Files\Steam2012-01-26 23:03:18 -------- d-----w- C:\Program Files (x86)\Steam2012-01-26 22:51:15 -------- d-sh--w- C:\Windows\Installer2012-01-26 13:13:59 -------- d-----w- C:\Windows\Panther2012-01-25 17:12:10 -------- d-sh--w- C:\Recovery.==================== Find3M ====================.2012-01-30 22:28:01 175616 ----a-w- C:\Windows\System32\msclmd.dll2012-01-30 22:28:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll2011-12-23 12:12:12 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll.============= FINISH: 8:44:29.90 ===============DDS.txtTDSSKiller.2.7.13.0_16.02.2012_08.40.26_log.txt Link to post Share on other sites More sharing options...
Maniac Posted February 16, 2012 ID:527298 Share Posted February 16, 2012 Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. Link to post Share on other sites More sharing options...
snotbowst Posted February 17, 2012 Author ID:527540 Share Posted February 17, 2012 Well, that may have fixed the problem, hopefully.ComboFix 12-02-16.02 - Steve 02/16/2012 19:52:47.1.6 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12269.9772 [GMT -5:00]Running from: c:\users\Steve\Desktop\ComboFix.exeAV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))..2012-02-17 00:56 . 2012-02-17 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp2012-02-15 06:19 . 2012-02-15 06:19 -------- d-----w- c:\programdata\Malwarebytes2012-02-15 06:19 . 2012-02-15 06:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-02-15 06:19 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys2012-02-15 05:38 . 2012-01-26 23:49 16432 ----a-w- c:\windows\system32\lsdelete.exe2012-02-15 04:52 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll2012-02-15 04:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll2012-02-15 04:52 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl2012-02-15 04:52 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl2012-02-15 04:52 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys2012-02-15 04:52 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys2012-02-15 04:52 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll2012-02-15 04:52 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll2012-02-15 04:51 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8752337F-487A-4387-8B0E-2434EF6BC5F6}\mpengine.dll2012-02-11 16:31 . 2012-02-11 16:31 -------- d-----w- c:\program files (x86)\Etron Technology2012-02-11 06:49 . 2012-02-11 06:49 -------- d-----w- c:\program files\Logitech2012-02-11 06:19 . 2012-02-11 06:20 -------- d--h--w- c:\program files (x86)\Temp2012-02-11 06:07 . 2012-02-11 06:49 -------- d-----w- c:\programdata\Logishrd2012-02-11 06:07 . 2012-02-11 06:49 -------- d-----w- c:\program files\Common Files\Logishrd2012-02-07 05:57 . 2012-02-07 05:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-02-07 05:57 . 2012-02-07 05:57 -------- d-----w- c:\windows\system32\Macromed2012-02-03 00:55 . 2012-02-03 00:55 -------- d-----w- c:\program files (x86)\Mumble(PR Edition)2012-02-02 00:19 . 2012-02-03 01:04 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2012-02-02 00:16 . 2012-02-03 01:04 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2012-02-02 00:16 . 2012-02-03 00:56 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2012-02-02 00:16 . 2012-02-02 00:23 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02012-02-02 00:16 . 2012-02-03 00:56 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe2012-02-01 04:04 . 2012-02-01 04:04 -------- d-----w- c:\program files (x86)\OpenOffice.org 32012-01-31 05:49 . 2012-01-31 05:49 -------- d-sh--w- c:\programdata\SecuROM2012-01-30 22:21 . 2012-01-30 22:21 -------- d-----w- c:\windows\system32\SPReview2012-01-30 22:19 . 2012-01-30 22:19 -------- d-----w- c:\windows\system32\EventProviders2012-01-30 22:18 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll2012-01-30 22:18 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll2012-01-30 22:18 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll2012-01-30 22:18 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll2012-01-30 22:18 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll2012-01-29 16:08 . 2012-01-29 16:08 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE2012-01-29 16:08 . 2012-01-29 16:08 -------- d-----w- c:\windows\SysWow64\xlive2012-01-28 06:51 . 2012-01-28 06:51 -------- d-----w- c:\program files (x86)\Microsoft.NET2012-01-28 05:57 . 2012-01-28 05:57 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll2012-01-27 22:53 . 2012-01-27 22:53 -------- d-----w- c:\program files (x86)\Bethesda Softworks2012-01-27 09:22 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll2012-01-27 09:22 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll2012-01-27 09:20 . 2010-11-20 13:27 3008000 ----a-w- c:\windows\system32\xpsservices.dll2012-01-27 09:19 . 2010-11-20 13:27 299520 ----a-w- c:\windows\system32\tsmf.dll2012-01-27 09:18 . 2010-11-20 13:27 40960 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll2012-01-27 09:17 . 2010-11-20 09:57 21760 ----a-w- c:\windows\system32\drivers\VMBusHID.sys2012-01-27 09:17 . 2010-11-20 13:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui2012-01-27 09:17 . 2010-11-20 12:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui2012-01-27 09:17 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui2012-01-27 09:17 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui2012-01-27 09:17 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll2012-01-27 09:17 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll2012-01-27 09:17 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll2012-01-27 09:17 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll2012-01-27 09:17 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll2012-01-27 09:17 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll2012-01-27 09:17 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll2012-01-27 09:17 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll2012-01-27 09:16 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll2012-01-27 08:47 . 2012-01-27 08:47 -------- d-----w- c:\windows\SysWow64\Wat2012-01-27 08:47 . 2012-01-27 08:47 -------- d-----w- c:\windows\system32\Wat2012-01-27 05:59 . 2012-01-27 05:59 -------- d-----w- c:\windows\SysWow64\Macromed2012-01-27 05:50 . 2012-01-28 19:48 -------- d-----w- c:\program files (x86)\EA GAMES2012-01-27 05:47 . 2012-01-27 05:47 -------- d-----w- c:\program files (x86)\Common Files\InstallShield2012-01-27 03:57 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll2012-01-27 03:56 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-01-27 03:55 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys2012-01-27 03:54 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll2012-01-27 03:53 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll2012-01-27 03:52 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe2012-01-27 00:40 . 2010-02-04 15:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll2012-01-27 00:31 . 2012-01-27 00:31 -------- d-----w- c:\program files (x86)\Common Files\Java2012-01-27 00:31 . 2012-01-27 00:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll2012-01-27 00:31 . 2012-02-01 04:03 -------- d-----w- c:\program files (x86)\Java2012-01-27 00:20 . 2012-01-27 00:20 -------- d-----w- C:\NVIDIA2012-01-26 23:49 . 2012-01-26 23:49 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys2012-01-26 23:40 . 2012-01-27 05:52 279656 ------w- c:\windows\system32\MpSigStub.exe2012-01-26 23:37 . 2011-08-23 13:57 74272 ----a-w- c:\windows\system32\RtNicProp64.dll2012-01-26 23:37 . 2011-08-23 13:57 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys2012-01-26 23:37 . 2011-08-23 13:57 107552 ----a-w- c:\windows\system32\RTNUninst64.dll2012-01-26 23:37 . 2012-02-11 16:31 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information2012-01-26 23:37 . 2012-01-26 23:37 -------- d-----w- c:\program files (x86)\Realtek2012-01-26 23:03 . 2012-02-16 04:34 -------- d-----w- c:\program files (x86)\Common Files\Steam2012-01-26 23:03 . 2012-02-16 04:52 -------- d-----w- c:\program files (x86)\Steam2012-01-26 22:51 . 2012-02-15 08:04 -------- d-sh--w- c:\windows\Installer2012-01-26 22:48 . 2012-02-11 16:18 -------- d-----w- c:\users\Steve2012-01-26 13:13 . 2012-01-26 22:48 -------- d-----w- c:\windows\Panther2012-01-25 17:12 . 2012-01-26 22:48 -------- d-----w- C:\Recovery...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-01-31 05:58 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll2012-01-31 05:58 . 2009-08-18 16:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-01-30 22:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll2012-01-30 22:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-01-26 1242448].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872].c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-01-26 2152152]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654888537-392952013-908355606-1000Core.job- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 23:39].2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654888537-392952013-908355606-1000UA.job- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 23:39]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 85.195.91.34.- - - - ORPHANS REMOVED - - - -.AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1654888537-392952013-908355606-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]@Allowed: (Read) (RestrictedCode)"??"=hex:b8,c9,1e,f3,3b,55,b2,07,64,fc,e1,36,42,62,48,ce,64,59,29,01,0e,8c,cb, 58,e7,18,73,5d,51,c2,04,57,87,1b,ee,8a,57,e7,dd,d8,07,89,19,bd,16,d6,b6,13,\"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12.[HKEY_USERS\S-1-5-21-1654888537-392952013-908355606-1000\Software\SecuROM\License information*]"datasecu"=hex:ac,f8,3c,2a,43,ba,08,22,91,94,e0,80,2a,46,e1,86,63,e4,98,ea,8c, 5a,f7,05,86,52,31,78,31,45,a5,0d,87,c0,6a,be,81,a7,dc,b9,0a,94,61,f3,b6,ba,\"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\windows\SysWOW64\PnkBstrA.exe.**************************************************************************.Completion time: 2012-02-16 20:00:28 - machine was rebootedComboFix-quarantined-files.txt 2012-02-17 01:00.Pre-Run: 360,173,694,976 bytes freePost-Run: 360,320,483,328 bytes free.- - End Of File - - ECD0B0BCB06D125DA58738AAAB78B8C4ComboFix.txt Link to post Share on other sites More sharing options...
Maniac Posted February 17, 2012 ID:527573 Share Posted February 17, 2012 Step 1Please download MBRCheck.exe to your Desktop. Run the application.If no infection is found, it will produce a report on the desktop. Post that report in your next reply.If an infection is found, you will be presented with the following dialog:Enter 'Y' and hit ENTER for more options, or 'N' to exit: Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.Step 2Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows Update[*]Press "Scan".[*]It will create a log (FSS.txt) in the same directory the tool is run.[*]Please copy and paste the log to your reply.In your next post, please include:MBRCheck logFarbar Service Scanner log Link to post Share on other sites More sharing options...
snotbowst Posted February 21, 2012 Author ID:528949 Share Posted February 21, 2012 Sorry for the lateness, thanks for the replay, and here's all the reports. Looks clean.MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows 7 ProfessionalWindows Information: Service Pack 1 (build 7601), 64-bitBase Board Manufacturer: Gigabyte Technology Co., Ltd.BIOS Manufacturer: Award Software International, Inc.System Manufacturer: Gigabyte Technology Co., Ltd.System Product Name: GA-970A-D3Logical Drives Mask: 0x0000001cKernel Drivers (total 151): 0x02E0E000 \SystemRoot\system32\ntoskrnl.exe 0x033F7000 \SystemRoot\system32\hal.dll 0x00B9A000 \SystemRoot\system32\kdcom.dll 0x00C34000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll 0x00C41000 \SystemRoot\system32\PSHED.dll 0x00C55000 \SystemRoot\system32\CLFS.SYS 0x00CB3000 \SystemRoot\system32\CI.dll 0x00E13000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EB7000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00EC6000 \SystemRoot\system32\drivers\ACPI.sys 0x00F1D000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00F26000 \SystemRoot\system32\drivers\msisadrv.sys 0x00F30000 \SystemRoot\system32\drivers\pci.sys 0x00F63000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00F70000 \SystemRoot\System32\drivers\partmgr.sys 0x00F85000 \SystemRoot\system32\drivers\volmgr.sys 0x00F9A000 \SystemRoot\System32\drivers\volmgrx.sys 0x00FF6000 \SystemRoot\system32\drivers\pciide.sys 0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x00D73000 \SystemRoot\System32\drivers\mountmgr.sys 0x00D8D000 \SystemRoot\system32\drivers\vmbus.sys 0x00DC9000 \SystemRoot\system32\drivers\winhv.sys 0x00DDD000 \SystemRoot\system32\drivers\atapi.sys 0x00C00000 \SystemRoot\system32\drivers\ataport.SYS 0x00DE6000 \SystemRoot\system32\drivers\amdxata.sys 0x01035000 \SystemRoot\system32\drivers\fltmgr.sys 0x01081000 \SystemRoot\system32\drivers\fileinfo.sys 0x01095000 \SystemRoot\system32\DRIVERS\Lbd.sys 0x01229000 \SystemRoot\System32\Drivers\Ntfs.sys 0x010AA000 \SystemRoot\System32\Drivers\msrpc.sys 0x013CC000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01108000 \SystemRoot\System32\Drivers\cng.sys 0x013E7000 \SystemRoot\System32\drivers\pcw.sys 0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x014BC000 \SystemRoot\system32\drivers\ndis.sys 0x01400000 \SystemRoot\system32\drivers\NETIO.SYS 0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x016E0000 \SystemRoot\System32\drivers\tcpip.sys 0x018E4000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0192E000 \SystemRoot\system32\drivers\vmstorfl.sys 0x0193E000 \SystemRoot\system32\drivers\volsnap.sys 0x0198A000 \SystemRoot\System32\Drivers\spldr.sys 0x01992000 \SystemRoot\System32\drivers\rdyboost.sys 0x019CC000 \SystemRoot\System32\Drivers\mup.sys 0x019DE000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x0163A000 \SystemRoot\system32\DRIVERS\disk.sys 0x01650000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x016B6000 \SystemRoot\system32\drivers\cdrom.sys 0x019E7000 \SystemRoot\System32\Drivers\Null.SYS 0x019F0000 \SystemRoot\System32\Drivers\Beep.SYS 0x0148B000 \SystemRoot\System32\drivers\vga.sys 0x015AF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x015D4000 \SystemRoot\System32\drivers\watchdog.sys 0x019F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x015E4000 \SystemRoot\system32\drivers\rdpencdd.sys 0x015ED000 \SystemRoot\system32\drivers\rdprefmp.sys 0x01499000 \SystemRoot\System32\Drivers\Msfs.SYS 0x014A4000 \SystemRoot\System32\Drivers\Npfs.SYS 0x0117A000 \SystemRoot\system32\DRIVERS\tdx.sys 0x0120A000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x04210000 \SystemRoot\system32\drivers\afd.sys 0x04299000 \SystemRoot\System32\DRIVERS\netbt.sys 0x042DE000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x042E9000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x042F2000 \SystemRoot\system32\DRIVERS\pacer.sys 0x04318000 \SystemRoot\system32\DRIVERS\netbios.sys 0x04327000 \SystemRoot\system32\DRIVERS\serial.sys 0x04344000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x0435F000 \SystemRoot\system32\drivers\termdd.sys 0x04373000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x043C4000 \SystemRoot\system32\drivers\nsiproxy.sys 0x043D0000 \SystemRoot\system32\drivers\mssmbios.sys 0x043DB000 \SystemRoot\System32\drivers\discache.sys 0x040B0000 \SystemRoot\system32\drivers\csc.sys 0x04133000 \SystemRoot\System32\Drivers\dfsc.sys 0x04151000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x04162000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x04188000 \SystemRoot\system32\DRIVERS\amdppm.sys 0x0419D000 \SystemRoot\system32\drivers\wmiacpi.sys 0x130F6000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x13D6D000 \SystemRoot\System32\Drivers\nvBridge.kmd 0x13000000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x13D72000 \SystemRoot\System32\drivers\dxgmms1.sys 0x13DB8000 \SystemRoot\system32\drivers\HDAudBus.sys 0x13DDC000 \SystemRoot\System32\Drivers\EtronXHCI.sys 0x04000000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x13DF0000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x041A6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x0408D000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x0409E000 \SystemRoot\system32\DRIVERS\serenum.sys 0x0119C000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x043EA000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x04200000 \SystemRoot\system32\drivers\CompositeBus.sys 0x011BA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x011D0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x01217000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x01000000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x0488E000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x048A9000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x048CA000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x048E4000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x048EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x048FE000 \SystemRoot\system32\drivers\swenum.sys 0x04900000 \SystemRoot\system32\drivers\ks.sys 0x04943000 \SystemRoot\system32\DRIVERS\umbus.sys 0x04955000 \SystemRoot\System32\Drivers\EtronHub3.sys 0x04963000 \SystemRoot\System32\Drivers\USBD.SYS 0x04965000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x049BF000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04800000 \SystemRoot\system32\drivers\nvhda64v.sys 0x0482D000 \SystemRoot\system32\drivers\portcls.sys 0x0486A000 \SystemRoot\system32\drivers\drmk.sys 0x049D4000 \SystemRoot\system32\drivers\ksthunk.sys 0x05ED2000 \SystemRoot\system32\drivers\HdAudio.sys 0x05F2E000 \SystemRoot\system32\DRIVERS\udfs.sys 0x05F83000 \SystemRoot\System32\Drivers\crashdmp.sys 0x05F91000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x05F9D000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x05FA6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x05FB9000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x000E0000 \SystemRoot\System32\win32k.sys 0x05FD6000 \SystemRoot\System32\drivers\Dxapi.sys 0x05FE2000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x05E00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x05E19000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x05E22000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x05E30000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x05E3D000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00500000 \SystemRoot\System32\TSDDD.dll 0x00790000 \SystemRoot\System32\cdd.dll 0x05E4B000 \SystemRoot\system32\drivers\luafv.sys 0x05E6E000 \SystemRoot\system32\drivers\WudfPf.sys 0x05E8F000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x05EA4000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x064D8000 \SystemRoot\system32\drivers\HTTP.sys 0x065A1000 \SystemRoot\system32\DRIVERS\bowser.sys 0x065BF000 \SystemRoot\System32\drivers\mpsdrv.sys 0x06400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0642D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0647B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x06660000 \SystemRoot\system32\drivers\peauth.sys 0x06706000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06711000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x06742000 \SystemRoot\System32\drivers\tcpipreg.sys 0x06754000 \SystemRoot\System32\DRIVERS\srv2.sys 0x06AB7000 \SystemRoot\System32\DRIVERS\srv.sys 0x06B4F000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys 0x77820000 \Windows\System32\ntdll.dll 0x47950000 \Windows\System32\smss.exe 0xFFB40000 \Windows\System32\apisetschema.dllProcesses (total 59): 0 System Idle Process 4 System 292 C:\Windows\System32\smss.exe 412 csrss.exe 468 C:\Windows\System32\wininit.exe 492 csrss.exe 532 C:\Windows\System32\services.exe 552 C:\Windows\System32\lsass.exe 560 C:\Windows\System32\lsm.exe 596 C:\Windows\System32\winlogon.exe 704 C:\Windows\System32\svchost.exe 768 C:\Windows\System32\nvvsvc.exe 792 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 836 C:\Windows\System32\svchost.exe 936 C:\Windows\System32\svchost.exe 972 C:\Windows\System32\svchost.exe 1000 C:\Windows\System32\svchost.exe 420 C:\Windows\System32\audiodg.exe 1028 C:\Windows\System32\svchost.exe 1156 C:\Windows\System32\svchost.exe 1188 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 1200 C:\Windows\System32\nvvsvc.exe 1336 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe 1584 C:\Windows\System32\spoolsv.exe 1612 C:\Windows\System32\svchost.exe 1744 C:\Windows\SysWOW64\PnkBstrA.exe 1796 C:\Windows\System32\svchost.exe 1820 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1288 C:\Windows\System32\SearchIndexer.exe 2196 unsecapp.exe 2264 WmiPrvSE.exe 2300 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2484 dllhost.exe 2664 C:\Windows\System32\SearchProtocolHost.exe 2684 C:\Windows\System32\SearchFilterHost.exe 2588 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe 2608 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe 2224 C:\Windows\System32\taskhost.exe 2556 C:\Windows\System32\dwm.exe 2800 C:\Windows\explorer.exe 2984 C:\Program Files (x86)\Steam\steam.exe 3060 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe 2388 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2244 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin 2828 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 3104 C:\Windows\System32\svchost.exe 3208 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 3300 C:\Program Files (x86)\Common Files\Steam\SteamService.exe 3448 WmiPrvSE.exe 3736 C:\Program Files\Windows Media Player\wmpnetwk.exe 3572 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe 3192 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe 1320 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe 3400 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe 2512 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe 2436 C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe 2316 C:\Users\Steve\Downloads\MBRCheck.exe 696 C:\Windows\System32\conhost.exe 3904 C:\Windows\System32\dllhost.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)PhysicalDrive0 Model Number: ST500DM002-1BD142, Rev: KC45 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79Done!Farbar Service Scanner Version: 14-02-2012Ran by Steve (administrator) on 20-02-2012 at 23:04:29Running from "C:\Users\Steve\Downloads"Microsoft Windows 7 Professional Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Yahoo IP is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Security Center:============Windows Update:============File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys[2012-02-14 23:52] - [2011-12-27 22:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825C:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
Maniac Posted February 21, 2012 ID:528991 Share Posted February 21, 2012 Please visit www.virustotal.com and upload the following file:C:\Windows\System32\drivers\afd.sysWait until scan finished and then copy/paste the URL in your next reply here. Link to post Share on other sites More sharing options...
snotbowst Posted February 22, 2012 Author ID:529245 Share Posted February 22, 2012 For some reason, I can not select that file to be uploaded in the dialogue box offered on the website. The file is definitely there, just not selectable for scanning. Link to post Share on other sites More sharing options...
Maniac Posted February 22, 2012 ID:529359 Share Posted February 22, 2012 Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
snotbowst Posted February 24, 2012 Author ID:530206 Share Posted February 24, 2012 <p> </p><div>ESETSmartInstaller@High as CAB hook log:</div><div>OnlineScanner64.ocx - registred OK</div><div>OnlineScanner.ocx - registred OK</div><div> </div><div> </div><div>This is log.txt</div> Link to post Share on other sites More sharing options...
Maniac Posted February 25, 2012 ID:530365 Share Posted February 25, 2012 Please manually delete your TDSSKiller, download a new fresh copy and run it again. Post the log file in your next reply. Link to post Share on other sites More sharing options...
LDTate Posted February 27, 2012 ID:530863 Share Posted February 27, 2012 TCP: DhcpNameServer = 85.195.91.34Reset your router.This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).You also need to reconfigure any security settings you had in place prior to the reset.You may also need to consult with your Internet service provider to find out which DNS servers your network should be using. Link to post Share on other sites More sharing options...
LDTate Posted March 1, 2012 ID:531996 Share Posted March 1, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts